Edit tour

Windows Analysis Report
VZH3bd37Gc.msi

Overview

General Information

Sample name:	VZH3bd37Gc.msi (renamed file extension from none to msi, renamed because original name is a hash value)
Original sample name:	0400a87b6100936cdc0a8695c5dc1c7103bb93c0842231efaf7260a795290339
Analysis ID:	1431604
MD5:	af498bd451f04a1dae63cd61812a3c8b
SHA1:	36f54070b8696eaa00ba1ff1d5fcfd5900ddacfa
SHA256:	0400a87b6100936cdc0a8695c5dc1c7103bb93c0842231efaf7260a795290339
Infos:

Detection

Score:	15
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains capabilities to detect virtual machines

Contains functionality to launch a process as a different user

Contains long sleeps (>= 3 min)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

System is w10x64

msiexec.exe (PID: 6472 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\VZH3bd37Gc.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 6612 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7148 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 08351F78698DA0C0368A0A0187380C10 E Global\MSI0000 MD5: E5DA170027542E25EDE42FC54C929077)

rundll32.exe (PID: 6044 cmdline: rundll32.exe "C:\Windows\Installer\MSI50A5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5787937 2 AetherPal.Windows.Wix.CustomAction!AetherPal.Windows.Wix.CustomAction.CustomActions.InstallModernApp MD5: EF3179D498793BF4234F708D3BE28633)

AetherPal.MSIX.Launcher.exe (PID: 6520 cmdline: "C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe" "install" "C:\Program Files\VMware\Workspace ONE Assist\Resources" MD5: D058E337D5F7E8ADA6BCC28B5114B303)

conhost.exe (PID: 6452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Windows\Installer\MSI50A5.tmp-\netstandard.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files\VMware\Workspace ONE Assist\netstandard.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
3.3.rundll32.exe.1320522fe40.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Windows\System32\msiexec.exe	Window detected: WixUI_Bmp_DialogI &accept the terms in the License Agreement&Print&Back&InstallCancelLicense VMware Workspace ONE AssistPlease read the Workspace ONE Assist Installer License Agreement
Source: C:\Windows\System32\msiexec.exe	Window detected: WixUI_Bmp_DialogI &accept the terms in the License Agreement&Print&Back&InstallCancelLicense VMware Workspace ONE AssistPlease read the Workspace ONE Assist Installer License Agreement

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Cleanup.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\msvcp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.PerformanceCounter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Console.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\winpty-agent.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ServiceProcess.ServiceController.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\netstandard.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.FileManager.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Security.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Permissions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Writer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Serialization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\winpty.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Bcl.AsyncInterfaces.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\x64	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\x64\libvpx.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\winpty.NET.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\AUMIDs.txt	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.WPF.CustomControls.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\libvpx.dylib	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\DesktopDuplication.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\winpty-debugserver.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Timer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Utils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Communication.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\MPAP_f7529f1a891c4c29afa0bf940c4958e4_001.provxml	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.ProtectedData.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Http.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.EventLog.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Sockets.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Ping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Pipes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ObjectModel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\arm	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\arm\lib_remote_shell_api.so	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Reader.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Requests.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.CodeDom.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Buffers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.AppContext.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4_License1.xml	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\lib_remote_shell_api.dylib	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\RemoteLib	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Channels.AnchorChannel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Thread.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\x64	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\x64\lib_remote_shell_api.so	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteShell.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteShell.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.SystemEvents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4.appxbundle	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Data.Common.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ValueTuple.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Configuration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Net.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Security.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Net.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Claims.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Memory.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.SecureString.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe.config	Jump to behavior

Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Configuration\obj\x64\Release\net462\AetherPal.Configuration.pdbSHA256 source: AetherPal.Configuration.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Diagnostics\obj\x64\Release\netstandard2.0\AetherPal.Diagnostics.pdbSHA256 source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x64\SfxCA.pdb source: VZH3bd37Gc.msi, MSI4559.tmp.1.dr, 58426b.msi.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Net\obj\x64\Release\AetherPal.Windows.Net.pdb source: AetherPal.Windows.Net.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdbX+r+ d+_CorDllMainmscoree.dll source: System.ObjectModel.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdb source: System.Resources.Reader.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Tools.RemoteControl\obj\x64\Release\netstandard2.0\AetherPal.Tools.RemoteControl.pdbSHA256 source: AetherPal.Tools.RemoteControl.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb( source: System.IO.Compression.ZipFile.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.CodeDom/Release/net462/System.CodeDom.pdbSHA256 source: System.CodeDom.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Application.Localization\obj\x64\Release\netstandard2.0\AetherPal.Application.Localization.pdb source: AetherPal.Application.Localization.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb8)R) D)_CorDllMainmscoree.dll source: System.IO.FileSystem.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdb source: System.Security.Cryptography.Encoding.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.Permissions/Release/net462/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Wix.CustomAction\obj\x64\Release\AetherPal.Windows.Wix.CustomAction.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, AetherPal.Windows.Wix.CustomAction.dll.3.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Net.Http\netfx\System.Net.Http.pdb source: System.Net.Http.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Application.Agent\obj\x64\Release\net462\AetherPal.Application.Agent.pdbSHA256 source: AetherPal.Application.Agent.dll.1.dr
Source:	Binary string: C:\projects\assist\pc\platforms\wasm\libvpx_wasm\vcproj\libvpx\x64\Release\libvpx.pdb source: libvpx.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Diagnostics.Tracing/netfx\System.Diagnostics.Tracing.pdb'MAM 3M_CorDllMainmscoree.dll source: System.Diagnostics.Tracing.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net462/System.Security.Cryptography.ProtectedData.pdb source: System.Security.Cryptography.ProtectedData.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: System.Diagnostics.Process.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools.RemoteControl\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.RemoteControl.pdb source: AetherPal.Device.Tools.RemoteControl.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: System.IO.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools.RemoteControl\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.RemoteControl.pdbSHA256r]Hc3C( source: AetherPal.Device.Tools.RemoteControl.dll.1.dr
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: vcruntime140.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb4)N) @)_CorDllMainmscoree.dll source: System.Security.Cryptography.Csp.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq\4.1.2.0\System.Linq.pdb source: System.Linq.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Utils\obj\x64\Release\netstandard2.0\AetherPal.Utils.pdbSHA256 source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1817462846.0000013203552000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1817556529.0000013203552000.00000004.00000020.00020000.00000000.sdmp, AetherPal.Utils.dll.3.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools.FileManager\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.FileManager.pdb source: AetherPal.Device.Tools.FileManager.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net462/System.ServiceProcess.ServiceController.pdbSHA256) source: System.ServiceProcess.ServiceController.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.pdb source: AetherPal.Device.Tools.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdbh) source: System.IO.Pipes.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: System.Resources.Writer.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.WPF.WindowsClient\obj\x64\Release\WorkspaceONE.Assist.Client.pdb source: WorkspaceONE.Assist.Client.exe.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Tools.RemoteControl\obj\x64\Release\netstandard2.0\AetherPal.Tools.RemoteControl.pdb source: AetherPal.Tools.RemoteControl.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdbTn `*_CorDllMainmscoree.dll source: System.Net.Security.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.ThreadPool\4.0.12.0\System.Threading.ThreadPool.pdb source: System.Threading.ThreadPool.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\Microsoft.Win32.Primitives\4.0.3.0\Microsoft.Win32.Primitives.pdb\|( source: Microsoft.Win32.Primitives.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$> 0*_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TraceSource\4.0.2.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Tools\4.0.1.0\System.Diagnostics.Tools.pdb source: System.Diagnostics.Tools.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Agent.App\obj\x64\Release\WorkspaceONE.Assist.Agent.pdb source: WorkspaceONE.Assist.Agent.exe.1.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Xml/netfx\System.Runtime.Serialization.Xml.pdb source: System.Runtime.Serialization.Xml.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdbt+ source: System.Xml.XmlSerializer.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb\|( source: System.Net.NameResolution.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: System.Runtime.CompilerServices.Unsafe.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Utils\obj\x64\Release\netstandard2.0\AetherPal.Utils.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1817462846.0000013203552000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1817556529.0000013203552000.00000004.00000020.00020000.00000000.sdmp, AetherPal.Utils.dll.1.dr, AetherPal.Utils.dll.3.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device\obj\x64\Release\netstandard2.0\AetherPal.Device.pdb source: AetherPal.Device.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdb source: System.Net.Security.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: System.Xml.XPath.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Utils\obj\x64\Release\net462\AetherPal.Windows.Utils.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, AetherPal.MSIX.Launcher.exe, AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895084039.00000229A6B72000.00000002.00000001.01000000.0000000A.sdmp, AetherPal.Windows.Utils.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb@Z L*_CorDllMainmscoree.dll source: System.Runtime.CompilerServices.VisualC.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdb source: System.Text.Json.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Diagnostics.Tracing/netfx\System.Diagnostics.Tracing.pdb source: System.Diagnostics.Tracing.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime\4.1.2.0\System.Runtime.pdb source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895196565.00000229A6BA2000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net462/System.Security.Cryptography.ProtectedData.pdbSHA256C source: System.Security.Cryptography.ProtectedData.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: System.Runtime.InteropServices.RuntimeInformation.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: System.Resources.Writer.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Net\obj\x64\Release\netstandard2.0\AetherPal.Net.pdb source: AetherPal.Net.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Utils\obj\x64\Release\netstandard2.0\AetherPal.Utils.pdbSHA256u source: AetherPal.Utils.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.TypeConverter\4.1.2.0\System.ComponentModel.TypeConverter.pdb source: System.ComponentModel.TypeConverter.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdbSHA256 source: System.Text.Json.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.RegularExpressions\4.1.1.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.AccessControl/net461-windows-Release/System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.CodeDom/Release/net462/System.CodeDom.pdb source: System.CodeDom.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Utils\obj\x64\Release\net462\AetherPal.Windows.Utils.pdbSHA256 source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895084039.00000229A6B72000.00000002.00000001.01000000.0000000A.sdmp, AetherPal.Windows.Utils.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Application.Localization\obj\x64\Release\netstandard2.0\AetherPal.Application.Localization.pdbSHA25693 source: AetherPal.Application.Localization.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Net\obj\x64\Release\netstandard2.0\AetherPal.Net.pdbSHA256} source: AetherPal.Net.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NetworkInformation\4.1.2.0\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.1.dr
Source:	Binary string: C:\projects\winpty-net\src\winpty.NET\obj\Release\winpty.NET.pdb source: winpty.NET.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Diagnostics\obj\x64\Release\netstandard2.0\AetherPal.Diagnostics.pdbSHA256Pk source: AetherPal.Diagnostics.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdbSHA256 source: System.Text.Encodings.Web.dll.1.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/Release/net462/Microsoft.Win32.SystemEvents.pdbSHA256 source: Microsoft.Win32.SystemEvents.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdb source: System.ObjectModel.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Globalization.Extensions/netfx\System.Globalization.Extensions.pdb source: System.Globalization.Extensions.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.pdbSHA256 source: AetherPal.Device.Tools.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.Permissions/Release/net462/System.Security.Permissions.pdb source: System.Security.Permissions.dll.1.dr
Source:	Binary string: C:\projects\assist\pc\platforms\Windows\src\RemoteControl\x64\Release\DesktopDuplication.pdb source: DesktopDuplication.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdbf) source: System.Security.SecureString.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks\4.0.11.0\System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TextWriterTraceListener\4.0.2.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdbl( source: System.Resources.Reader.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net462/System.ServiceProcess.ServiceController.pdb source: System.ServiceProcess.ServiceController.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks.Parallel\4.0.1.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Core\obj\x64\Release\netstandard2.0\AetherPal.Core.pdbSHA256) source: AetherPal.Core.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets.Client\4.0.2.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Core\obj\x64\Release\netstandard2.0\AetherPal.Core.pdb source: AetherPal.Core.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Tools\obj\x64\Release\netstandard2.0\AetherPal.Tools.pdb source: AetherPal.Tools.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Diagnostics\obj\x64\Release\netstandard2.0\AetherPal.Diagnostics.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, AetherPal.Diagnostics.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb source: System.IO.FileSystem.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.X509Certificates\4.1.2.0\System.Security.Cryptography.X509Certificates.pdb source: System.Security.Cryptography.X509Certificates.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Expressions\4.1.2.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb source: System.Security.Cryptography.Csp.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device\obj\x64\Release\netstandard2.0\AetherPal.Device.pdbSHA256 source: AetherPal.Device.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel\4.0.1.0\System.ComponentModel.pdb source: System.ComponentModel.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.WPF.CustomControls\obj\x64\Release\AetherPal.WPF.CustomControls.pdb source: AetherPal.WPF.CustomControls.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools.FileManager\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.FileManager.pdbSHA256 source: AetherPal.Device.Tools.FileManager.dll.1.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/Release/net462/Microsoft.Win32.SystemEvents.pdb source: Microsoft.Win32.SystemEvents.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.AccessControl/net461-windows-Release/System.Security.AccessControl.pdbSHA256 source: System.Security.AccessControl.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdbT)n) `)_CorDllMainmscoree.dll source: System.Security.Cryptography.Encoding.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdb source: System.IO.Pipes.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: System.Diagnostics.Process.dll.1.dr
Source:	Binary string: vcruntime140.amd64.pdb source: vcruntime140.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.MSIX.Launcher\obj\x64\Release\AetherPal.MSIX.Launcher.pdb source: AetherPal.MSIX.Launcher.exe, 00000004.00000000.1825414817.00000229A6812000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdbH,b, T,_CorDllMainmscoree.dll source: System.Net.Primitives.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: VZH3bd37Gc.msi, 58426b.msi.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdb source: System.Security.SecureString.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Dynamic.Runtime\4.0.11.0\System.Dynamic.Runtime.pdb source: System.Dynamic.Runtime.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading\4.0.11.0\System.Threading.pdb source: System.Threading.dll.1.dr
Source:	Binary string: msvcp140.amd64.pdb source: msvcp140.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\Microsoft.Win32.Primitives\4.0.3.0\Microsoft.Win32.Primitives.pdb source: Microsoft.Win32.Primitives.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Application.Agent\obj\x64\Release\net462\AetherPal.Application.Agent.pdb source: AetherPal.Application.Agent.dll.1.dr
Source:	Binary string: msvcp140.amd64.pdbGCTL source: msvcp140.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: System.Runtime.CompilerServices.Unsafe.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Configuration\obj\x64\Release\net462\AetherPal.Configuration.pdb source: AetherPal.Configuration.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.NonGeneric\4.0.3.0\System.Collections.NonGeneric.pdb source: System.Collections.NonGeneric.dll.1.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdbSHA256 source: Microsoft.Win32.Registry.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections\4.0.11.0\System.Collections.pdb source: System.Collections.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.1.dr
Source:	Binary string: C:\projects\assist\pc\platforms\Windows\src\RemoteControl\x64\Release\DesktopDuplication.pdb-- source: DesktopDuplication.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Tools\obj\x64\Release\netstandard2.0\AetherPal.Tools.pdbSHA256 source: AetherPal.Tools.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdb source: System.Net.Primitives.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Watcher\4.0.2.0\System.IO.FileSystem.Watcher.pdb source: System.IO.FileSystem.Watcher.dll.1.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 3.3.rundll32.exe.1320522fe40.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Windows\Installer\MSI50A5.tmp-\netstandard.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files\VMware\Workspace ONE Assist\netstandard.dll, type: DROPPED

Source: AetherPal.Device.dll.1.dr	String found in binary or memory: http://aetherpal.com/XMLSchema/device/DeviceInfo10
Source: AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.dll.1.dr	String found in binary or memory: http://aetherpal.com/XMLSchema/device/SecurityPolicy10
Source: AetherPal.Device.dll.1.dr	String found in binary or memory: http://aetherpal.com/XMLSchema/device/UserInterfacePolicy10
Source: AetherPal.Device.dll.1.dr	String found in binary or memory: http://aetherpal.com/deviceghttp://aetherpal.com/XMLSchema/device/TimerPolicy10
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AetherPal.Device.Tools.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr, AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: rundll32.exe, 00000003.00000002.1899788011.00000132053C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: http://sv.symcd.com0&
Source: AetherPal.WPF.CustomControls.dll.1.dr	String found in binary or memory: http://victoryonemedia.comhttps://github.com/chrismsimpson/Metropolis
Source: AetherPal.WPF.CustomControls.dll.1.dr	String found in binary or memory: http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisCopyright
Source: AetherPal.WPF.CustomControls.dll.1.dr	String found in binary or memory: http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisExtra
Source: AetherPal.WPF.CustomControls.dll.1.dr	String found in binary or memory: http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisLight
Source: AetherPal.WPF.CustomControls.dll.1.dr	String found in binary or memory: http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisMedium
Source: AetherPal.WPF.CustomControls.dll.1.dr	String found in binary or memory: http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisSemi
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	String found in binary or memory: http://wixtoolset.org
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr	String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr	String found in binary or memory: http://wixtoolset.org/news/
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr	String found in binary or memory: http://wixtoolset.org/releases/
Source: VZH3bd37Gc.msi, AetherPal.Tools.dll.1.dr, AetherPal.Net.dll.1.dr, WorkspaceONE.Assist.Client.exe.1.dr, WorkspaceONE.Assist.Agent.exe.1.dr, AetherPal.Utils.dll.1.dr, 58426b.msi.1.dr, AetherPal.WPF.CustomControls.dll.1.dr, AetherPal.Application.Localization.dll.1.dr, AetherPal.Application.Agent.dll.1.dr, AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.Tools.FileManager.dll.1.dr, AetherPal.Device.dll.1.dr, AetherPal.Diagnostics.dll.1.dr, AetherPal.Configuration.dll.1.dr, AetherPal.Windows.Net.dll.1.dr, DesktopDuplication.dll.1.dr, AetherPal.Core.dll.1.dr, AetherPal.Windows.Utils.dll.1.dr, AetherPal.Tools.RemoteControl.dll.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: System.Text.Json.dll.1.dr	String found in binary or memory: https://aka.ms/binaryformatter
Source: System.Text.Json.dll.1.dr	String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: System.Text.Json.dll.1.dr	String found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
Source: AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: AetherPal.WPF.CustomControls.dll.1.dr	String found in binary or memory: https://github.com/chrismsimpsonhttps://github.com/chrismsimpson/Metropolis
Source: AetherPal.WPF.CustomControls.dll.1.dr	String found in binary or memory: https://github.com/chrismsimpsonhttps://github.com/chrismsimpson/MetropolisCopyright
Source: AetherPal.WPF.CustomControls.dll.1.dr	String found in binary or memory: https://github.com/chrismsimpsonhttps://github.com/chrismsimpson/MetropolisMetropolisLight
Source: WorkspaceONE.Assist.Client.exe.1.dr	String found in binary or memory: https://github.com/dotnet/core/)
Source: System.Text.Json.dll.1.dr	String found in binary or memory: https://github.com/dotnet/roslyn/issues/46646
Source: System.Text.Json.dll.1.dr	String found in binary or memory: https://github.com/dotnet/roslyn/issues/46646~
Source: System.Security.Permissions.dll.1.dr, System.ServiceProcess.ServiceController.dll.1.dr, System.Security.AccessControl.dll.1.dr, System.Text.Json.dll.1.dr, System.CodeDom.dll.1.dr, System.Text.Encodings.Web.dll.1.dr, Microsoft.Win32.SystemEvents.dll.1.dr, System.Security.Cryptography.ProtectedData.dll.1.dr	String found in binary or memory: https://github.com/dotnet/runtime
Source: System.Security.Permissions.dll.1.dr, System.ServiceProcess.ServiceController.dll.1.dr, System.CodeDom.dll.1.dr, Microsoft.Win32.SystemEvents.dll.1.dr, System.Security.Cryptography.ProtectedData.dll.1.dr	String found in binary or memory: https://github.com/dotnet/runtime&
Source: System.Text.Json.dll.1.dr	String found in binary or memory: https://github.com/dotnet/runtime/issues/73124.
Source: System.Text.Json.dll.1.dr	String found in binary or memory: https://github.com/dotnet/runtime8
Source: WorkspaceONE.Assist.Client.exe.1.dr	String found in binary or memory: https://www.att.com
Source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr, AetherPal.Windows.Net.dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: WorkspaceONE.Assist.Client.exe.1.dr	String found in binary or memory: https://www.gnu.org/licenses
Source: WorkspaceONE.Assist.Client.exe.1.dr	String found in binary or memory: https://www.vmware.com/es/help/privacy.html
Source: WorkspaceONE.Assist.Client.exe.1.dr	String found in binary or memory: https://www.vmware.com/help/privacy.html
Source: WorkspaceONE.Assist.Client.exe.1.dr	String found in binary or memory: https://www.vmware.com/help/privacy.html.
Source: WorkspaceONE.Assist.Client.exe.1.dr	String found in binary or memory: https://www.vmware.com/tw/help/privacy.html

Source: C:\Windows\System32\rundll32.exe

Code function: 3_3_00007FFD9B4A5D09 CreateProcessAsUserW,

3_3_00007FFD9B4A5D09

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\58426b.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{2687F608-EC00-4F9A-B6B3-0194BAD168BB}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI4559.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI50A5.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{2687F608-EC00-4F9A-B6B3-0194BAD168BB}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{2687F608-EC00-4F9A-B6B3-0194BAD168BB}\icon.ico	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Wix.CustomAction.dll	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Utils.dll	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Diagnostics.dll	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\netstandard.dll	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Utils.dll	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\CustomAction.config	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI50A5.tmp

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Code function: 3_3_00007FFD9B4A39B9	3_3_00007FFD9B4A39B9
Source: C:\Windows\System32\rundll32.exe	Code function: 3_3_00007FFD9B4A3F68	3_3_00007FFD9B4A3F68
Source: C:\Windows\System32\rundll32.exe	Code function: 3_3_00007FFD9B4A5324	3_3_00007FFD9B4A5324
Source: C:\Windows\System32\rundll32.exe	Code function: 3_3_00007FFD9B4A12DE	3_3_00007FFD9B4A12DE
Source: C:\Windows\System32\rundll32.exe	Code function: 3_3_00007FFD9B4A1518	3_3_00007FFD9B4A1518
Source: C:\Windows\System32\rundll32.exe	Code function: 3_3_00007FFD9B4A3751	3_3_00007FFD9B4A3751
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Code function: 4_2_00007FFD9B3F13B0	4_2_00007FFD9B3F13B0

Source: System.Runtime.CompilerServices.Unsafe.dll.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: System.Numerics.Vectors.dll.1.dr	Static PE information: Resource name: RT_VERSION type: Hitachi SH little-endian COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: System.Diagnostics.PerformanceCounter.dll.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: System.Globalization.Extensions.dll.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: winpty-agent.exe.1.dr

Static PE information: Number of sections : 22 > 10

Source: WorkspaceONE.Assist.Cleanup.exe.1.dr	Static PE information: No import functions for PE file found
Source: AetherPal.Channels.AnchorChannel.dll.1.dr	Static PE information: No import functions for PE file found
Source: AetherPal.MSIX.Launcher.exe.1.dr	Static PE information: No import functions for PE file found
Source: AetherPal.Windows.Utils.dll.1.dr	Static PE information: No import functions for PE file found

Source: VZH3bd37Gc.msi	Binary or memory string: OriginalFilenameuica.dll\ vs VZH3bd37Gc.msi
Source: VZH3bd37Gc.msi	Binary or memory string: OriginalFilenameAetherPal.Windows.Wix.CustomAction.dll\ vs VZH3bd37Gc.msi
Source: VZH3bd37Gc.msi	Binary or memory string: OriginalFilenameSfxCA.dll\ vs VZH3bd37Gc.msi

Source: classification engine

Classification label: clean15.troj.winMSI@9/191@0/0

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\VMware

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rundll32.exe.log

Jump to behavior

Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6452:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Local\Temp\MSI82a9f.LOG

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI50A5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5787937 2 AetherPal.Windows.Wix.CustomAction!AetherPal.Windows.Wix.CustomAction.CustomActions.InstallModernApp

Source: VZH3bd37Gc.msi

Static file information: TRID: Microsoft Windows Installer (60509/1) 88.31%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\VZH3bd37Gc.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 08351F78698DA0C0368A0A0187380C10 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI50A5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5787937 2 AetherPal.Windows.Wix.CustomAction!AetherPal.Windows.Wix.CustomAction.CustomActions.InstallModernApp
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe "C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe" "install" "C:\Program Files\VMware\Workspace ONE Assist\Resources"
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 08351F78698DA0C0368A0A0187380C10 E Global\MSI0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI50A5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5787937 2 AetherPal.Windows.Wix.CustomAction!AetherPal.Windows.Wix.CustomAction.CustomActions.InstallModernApp	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe "C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe" "install" "C:\Program Files\VMware\Workspace ONE Assist\Resources"	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Section loaded: iertutil.dll	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Automated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exe	Automated click: Install

Source: C:\Windows\System32\msiexec.exe	Window detected: WixUI_Bmp_DialogI &accept the terms in the License Agreement&Print&Back&InstallCancelLicense VMware Workspace ONE AssistPlease read the Workspace ONE Assist Installer License Agreement
Source: C:\Windows\System32\msiexec.exe	Window detected: WixUI_Bmp_DialogI &accept the terms in the License Agreement&Print&Back&InstallCancelLicense VMware Workspace ONE AssistPlease read the Workspace ONE Assist Installer License Agreement

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Cleanup.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\msvcp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.PerformanceCounter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Console.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\winpty-agent.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ServiceProcess.ServiceController.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\netstandard.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.FileManager.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Security.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Permissions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Writer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Serialization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\winpty.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Bcl.AsyncInterfaces.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\x64	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\x64\libvpx.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\winpty.NET.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\AUMIDs.txt	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.WPF.CustomControls.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\libvpx.dylib	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\DesktopDuplication.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\winpty-debugserver.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Timer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Utils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Communication.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\MPAP_f7529f1a891c4c29afa0bf940c4958e4_001.provxml	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.ProtectedData.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Http.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.EventLog.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Sockets.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Ping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Pipes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ObjectModel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\arm	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\arm\lib_remote_shell_api.so	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Reader.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Requests.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.CodeDom.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Buffers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.AppContext.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4_License1.xml	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\lib_remote_shell_api.dylib	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\RemoteLib	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Channels.AnchorChannel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Thread.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\x64	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\x64\lib_remote_shell_api.so	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteShell.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteShell.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.SystemEvents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4.appxbundle	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Data.Common.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.ValueTuple.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Configuration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Net.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Security.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Net.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Claims.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Memory.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.SecureString.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe.config	Jump to behavior

Source: VZH3bd37Gc.msi

Static file information: File size 10838016 > 1048576

Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Configuration\obj\x64\Release\net462\AetherPal.Configuration.pdbSHA256 source: AetherPal.Configuration.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Diagnostics\obj\x64\Release\netstandard2.0\AetherPal.Diagnostics.pdbSHA256 source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x64\SfxCA.pdb source: VZH3bd37Gc.msi, MSI4559.tmp.1.dr, 58426b.msi.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Net\obj\x64\Release\AetherPal.Windows.Net.pdb source: AetherPal.Windows.Net.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdbX+r+ d+_CorDllMainmscoree.dll source: System.ObjectModel.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdb source: System.Resources.Reader.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Tools.RemoteControl\obj\x64\Release\netstandard2.0\AetherPal.Tools.RemoteControl.pdbSHA256 source: AetherPal.Tools.RemoteControl.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb( source: System.IO.Compression.ZipFile.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.CodeDom/Release/net462/System.CodeDom.pdbSHA256 source: System.CodeDom.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Application.Localization\obj\x64\Release\netstandard2.0\AetherPal.Application.Localization.pdb source: AetherPal.Application.Localization.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb8)R) D)_CorDllMainmscoree.dll source: System.IO.FileSystem.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdb source: System.Security.Cryptography.Encoding.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.Permissions/Release/net462/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Wix.CustomAction\obj\x64\Release\AetherPal.Windows.Wix.CustomAction.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, AetherPal.Windows.Wix.CustomAction.dll.3.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Net.Http\netfx\System.Net.Http.pdb source: System.Net.Http.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Application.Agent\obj\x64\Release\net462\AetherPal.Application.Agent.pdbSHA256 source: AetherPal.Application.Agent.dll.1.dr
Source:	Binary string: C:\projects\assist\pc\platforms\wasm\libvpx_wasm\vcproj\libvpx\x64\Release\libvpx.pdb source: libvpx.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Diagnostics.Tracing/netfx\System.Diagnostics.Tracing.pdb'MAM 3M_CorDllMainmscoree.dll source: System.Diagnostics.Tracing.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net462/System.Security.Cryptography.ProtectedData.pdb source: System.Security.Cryptography.ProtectedData.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: System.Diagnostics.Process.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools.RemoteControl\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.RemoteControl.pdb source: AetherPal.Device.Tools.RemoteControl.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: System.IO.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools.RemoteControl\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.RemoteControl.pdbSHA256r]Hc3C( source: AetherPal.Device.Tools.RemoteControl.dll.1.dr
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: vcruntime140.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb4)N) @)_CorDllMainmscoree.dll source: System.Security.Cryptography.Csp.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq\4.1.2.0\System.Linq.pdb source: System.Linq.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Utils\obj\x64\Release\netstandard2.0\AetherPal.Utils.pdbSHA256 source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1817462846.0000013203552000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1817556529.0000013203552000.00000004.00000020.00020000.00000000.sdmp, AetherPal.Utils.dll.3.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools.FileManager\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.FileManager.pdb source: AetherPal.Device.Tools.FileManager.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net462/System.ServiceProcess.ServiceController.pdbSHA256) source: System.ServiceProcess.ServiceController.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.pdb source: AetherPal.Device.Tools.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdbh) source: System.IO.Pipes.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: System.Resources.Writer.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.WPF.WindowsClient\obj\x64\Release\WorkspaceONE.Assist.Client.pdb source: WorkspaceONE.Assist.Client.exe.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Tools.RemoteControl\obj\x64\Release\netstandard2.0\AetherPal.Tools.RemoteControl.pdb source: AetherPal.Tools.RemoteControl.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdbTn `*_CorDllMainmscoree.dll source: System.Net.Security.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.ThreadPool\4.0.12.0\System.Threading.ThreadPool.pdb source: System.Threading.ThreadPool.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\Microsoft.Win32.Primitives\4.0.3.0\Microsoft.Win32.Primitives.pdb\|( source: Microsoft.Win32.Primitives.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$> 0*_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TraceSource\4.0.2.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Tools\4.0.1.0\System.Diagnostics.Tools.pdb source: System.Diagnostics.Tools.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Agent.App\obj\x64\Release\WorkspaceONE.Assist.Agent.pdb source: WorkspaceONE.Assist.Agent.exe.1.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Xml/netfx\System.Runtime.Serialization.Xml.pdb source: System.Runtime.Serialization.Xml.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdbt+ source: System.Xml.XmlSerializer.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb\|( source: System.Net.NameResolution.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: System.Runtime.CompilerServices.Unsafe.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Utils\obj\x64\Release\netstandard2.0\AetherPal.Utils.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1817462846.0000013203552000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1817556529.0000013203552000.00000004.00000020.00020000.00000000.sdmp, AetherPal.Utils.dll.1.dr, AetherPal.Utils.dll.3.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device\obj\x64\Release\netstandard2.0\AetherPal.Device.pdb source: AetherPal.Device.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdb source: System.Net.Security.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: System.Xml.XPath.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Utils\obj\x64\Release\net462\AetherPal.Windows.Utils.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, AetherPal.MSIX.Launcher.exe, AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895084039.00000229A6B72000.00000002.00000001.01000000.0000000A.sdmp, AetherPal.Windows.Utils.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb@Z L*_CorDllMainmscoree.dll source: System.Runtime.CompilerServices.VisualC.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdb source: System.Text.Json.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Diagnostics.Tracing/netfx\System.Diagnostics.Tracing.pdb source: System.Diagnostics.Tracing.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime\4.1.2.0\System.Runtime.pdb source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895196565.00000229A6BA2000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net462/System.Security.Cryptography.ProtectedData.pdbSHA256C source: System.Security.Cryptography.ProtectedData.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: System.Runtime.InteropServices.RuntimeInformation.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: System.Resources.Writer.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Net\obj\x64\Release\netstandard2.0\AetherPal.Net.pdb source: AetherPal.Net.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Utils\obj\x64\Release\netstandard2.0\AetherPal.Utils.pdbSHA256u source: AetherPal.Utils.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.TypeConverter\4.1.2.0\System.ComponentModel.TypeConverter.pdb source: System.ComponentModel.TypeConverter.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdbSHA256 source: System.Text.Json.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.RegularExpressions\4.1.1.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.AccessControl/net461-windows-Release/System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.CodeDom/Release/net462/System.CodeDom.pdb source: System.CodeDom.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Windows.Utils\obj\x64\Release\net462\AetherPal.Windows.Utils.pdbSHA256 source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895084039.00000229A6B72000.00000002.00000001.01000000.0000000A.sdmp, AetherPal.Windows.Utils.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Application.Localization\obj\x64\Release\netstandard2.0\AetherPal.Application.Localization.pdbSHA25693 source: AetherPal.Application.Localization.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Net\obj\x64\Release\netstandard2.0\AetherPal.Net.pdbSHA256} source: AetherPal.Net.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NetworkInformation\4.1.2.0\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.1.dr
Source:	Binary string: C:\projects\winpty-net\src\winpty.NET\obj\Release\winpty.NET.pdb source: winpty.NET.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Diagnostics\obj\x64\Release\netstandard2.0\AetherPal.Diagnostics.pdbSHA256Pk source: AetherPal.Diagnostics.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdbSHA256 source: System.Text.Encodings.Web.dll.1.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/Release/net462/Microsoft.Win32.SystemEvents.pdbSHA256 source: Microsoft.Win32.SystemEvents.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdb source: System.ObjectModel.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Globalization.Extensions/netfx\System.Globalization.Extensions.pdb source: System.Globalization.Extensions.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.pdbSHA256 source: AetherPal.Device.Tools.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.Permissions/Release/net462/System.Security.Permissions.pdb source: System.Security.Permissions.dll.1.dr
Source:	Binary string: C:\projects\assist\pc\platforms\Windows\src\RemoteControl\x64\Release\DesktopDuplication.pdb source: DesktopDuplication.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdbf) source: System.Security.SecureString.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks\4.0.11.0\System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TextWriterTraceListener\4.0.2.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdbl( source: System.Resources.Reader.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net462/System.ServiceProcess.ServiceController.pdb source: System.ServiceProcess.ServiceController.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks.Parallel\4.0.1.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Core\obj\x64\Release\netstandard2.0\AetherPal.Core.pdbSHA256) source: AetherPal.Core.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets.Client\4.0.2.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Core\obj\x64\Release\netstandard2.0\AetherPal.Core.pdb source: AetherPal.Core.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Tools\obj\x64\Release\netstandard2.0\AetherPal.Tools.pdb source: AetherPal.Tools.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Diagnostics\obj\x64\Release\netstandard2.0\AetherPal.Diagnostics.pdb source: rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, AetherPal.Diagnostics.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb source: System.IO.FileSystem.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.X509Certificates\4.1.2.0\System.Security.Cryptography.X509Certificates.pdb source: System.Security.Cryptography.X509Certificates.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Expressions\4.1.2.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb source: System.Security.Cryptography.Csp.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device\obj\x64\Release\netstandard2.0\AetherPal.Device.pdbSHA256 source: AetherPal.Device.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel\4.0.1.0\System.ComponentModel.pdb source: System.ComponentModel.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.WPF.CustomControls\obj\x64\Release\AetherPal.WPF.CustomControls.pdb source: AetherPal.WPF.CustomControls.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Device.Tools.FileManager\obj\x64\Release\netstandard2.0\AetherPal.Device.Tools.FileManager.pdbSHA256 source: AetherPal.Device.Tools.FileManager.dll.1.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/Release/net462/Microsoft.Win32.SystemEvents.pdb source: Microsoft.Win32.SystemEvents.dll.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.AccessControl/net461-windows-Release/System.Security.AccessControl.pdbSHA256 source: System.Security.AccessControl.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdbT)n) `)_CorDllMainmscoree.dll source: System.Security.Cryptography.Encoding.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdb source: System.IO.Pipes.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: System.Diagnostics.Process.dll.1.dr
Source:	Binary string: vcruntime140.amd64.pdb source: vcruntime140.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.MSIX.Launcher\obj\x64\Release\AetherPal.MSIX.Launcher.pdb source: AetherPal.MSIX.Launcher.exe, 00000004.00000000.1825414817.00000229A6812000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdbH,b, T,_CorDllMainmscoree.dll source: System.Net.Primitives.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: VZH3bd37Gc.msi, 58426b.msi.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdb source: System.Security.SecureString.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Dynamic.Runtime\4.0.11.0\System.Dynamic.Runtime.pdb source: System.Dynamic.Runtime.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading\4.0.11.0\System.Threading.pdb source: System.Threading.dll.1.dr
Source:	Binary string: msvcp140.amd64.pdb source: msvcp140.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\Microsoft.Win32.Primitives\4.0.3.0\Microsoft.Win32.Primitives.pdb source: Microsoft.Win32.Primitives.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Application.Agent\obj\x64\Release\net462\AetherPal.Application.Agent.pdb source: AetherPal.Application.Agent.dll.1.dr
Source:	Binary string: msvcp140.amd64.pdbGCTL source: msvcp140.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: System.Runtime.CompilerServices.Unsafe.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Configuration\obj\x64\Release\net462\AetherPal.Configuration.pdb source: AetherPal.Configuration.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.NonGeneric\4.0.3.0\System.Collections.NonGeneric.pdb source: System.Collections.NonGeneric.dll.1.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdbSHA256 source: Microsoft.Win32.Registry.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections\4.0.11.0\System.Collections.pdb source: System.Collections.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.1.dr
Source:	Binary string: C:\projects\assist\pc\platforms\Windows\src\RemoteControl\x64\Release\DesktopDuplication.pdb-- source: DesktopDuplication.dll.1.dr
Source:	Binary string: E:\agt01\AS-ASWIN844-BAWPS\AetherPal.Tools\obj\x64\Release\netstandard2.0\AetherPal.Tools.pdbSHA256 source: AetherPal.Tools.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdb source: System.Net.Primitives.dll.1.dr
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Watcher\4.0.2.0\System.IO.FileSystem.Watcher.pdb source: System.IO.FileSystem.Watcher.dll.1.dr

Source: AetherPal.Windows.Utils.dll.1.dr

Static PE information: 0xD5389866 [Tue May 11 10:13:58 2083 UTC]

Source: winpty-agent.exe.1.dr	Static PE information: section name: .xdata
Source: winpty-agent.exe.1.dr	Static PE information: section name: /4
Source: winpty-agent.exe.1.dr	Static PE information: section name: /19
Source: winpty-agent.exe.1.dr	Static PE information: section name: /31
Source: winpty-agent.exe.1.dr	Static PE information: section name: /45
Source: winpty-agent.exe.1.dr	Static PE information: section name: /57
Source: winpty-agent.exe.1.dr	Static PE information: section name: /70
Source: winpty-agent.exe.1.dr	Static PE information: section name: /81
Source: winpty-agent.exe.1.dr	Static PE information: section name: /92
Source: winpty-agent.exe.1.dr	Static PE information: section name: /106
Source: winpty-agent.exe.1.dr	Static PE information: section name: /122
Source: winpty-agent.exe.1.dr	Static PE information: section name: /138
Source: msvcp140.dll.1.dr	Static PE information: section name: .didat

Source: C:\Windows\System32\rundll32.exe	Code function: 3_3_00007FFD9B4A627E pushad ; retn 5F42h		3_3_00007FFD9B4A62CD
Source: C:\Windows\System32\rundll32.exe	Code function: 3_3_00007FFD9B4A61A0 push ds; ret		3_3_00007FFD9B4A620F

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Data.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.WPF.CustomControls.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.ProtectedData.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Bcl.AsyncInterfaces.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.FileManager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Security.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Claims.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.ObjectModel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.EventLog.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Console.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Communication.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Cleanup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteShell.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Http.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Wix.CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\winpty-debugserver.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\winpty.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteShell.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.PerformanceCounter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.AppContext.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\winpty-agent.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Memory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Requests.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Diagnostics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Security.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.CodeDom.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\netstandard.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Ping.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\winpty.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\DesktopDuplication.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\x64\libvpx.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Channels.AnchorChannel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI50A5.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Permissions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Serialization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\netstandard.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Algorithms.dll	Jump to dropped file

Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\netstandard.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Wix.CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Diagnostics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI50A5.tmp	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	File created: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Utils.dll	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Workspace ONE Assist			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Workspace ONE Assist\Workspace ONE Assist Installer.lnk			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Memory allocated: 229A6B40000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Memory allocated: 229C0650000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Windows\System32\rundll32.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Windows\WinSxS\FileMaps\program_files_vmware_workspace_one_assist_resources_appx_c676153d6e65f6c1.cdf-ms	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened / queried: C:\Program Files\VMware\Workspace.exe	Jump to behavior
Source: C:\Windows\System32\conhost.exe	File opened / queried: C:\Program Files\VMware\SystemResources\AetherPal.MSIX.Launcher.exe.mun	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Windows\WinSxS\FileMaps\program_files_vmware_workspace_one_assist_native_lib_osx_db5bd0859953ed37.cdf-ms	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Program Files\VMware	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.INI	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\CRYPTSP.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\Resources\	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\arm\	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.INI	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Windows\WinSxS\FileMaps\program_files_vmware_workspace_one_assist_native_lib_osx_x64_ccdf21e9a8dd74b3.cdf-ms	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\x64\	Jump to behavior
Source: C:\Windows\System32\conhost.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\WinTypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Windows\WinSxS\FileMaps\program_files_vmware_workspace_one_assist_native_lib_linux_arm_08ddb92c89110499.cdf-ms	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Windows\WinSxS\FileMaps\program_files_vmware_workspace_one_assist_775f26ce235dbcad.cdf-ms	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Windows\WinSxS\FileMaps\program_files_vmware_workspace_one_assist_native_lib_linux_x64_08dd878889114c83.cdf-ms	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\CRYPTBASE.dll	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Windows\WinSxS\FileMaps\program_files_vmware_workspace_one_assist_native_lib_windows_x64_ca18bb33aa32bfda.cdf-ms	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened / queried: C:\Program Files\VMware\Workspace	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Windows\WinSxS\FileMaps\program_files_vmware_workspace_one_assist_native_lib_windows_cbaaaa13abb66850.cdf-ms	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.INI	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\x64\	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	File opened / queried: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe.Config	Jump to behavior

Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Data.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.WPF.CustomControls.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.ProtectedData.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Bcl.AsyncInterfaces.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.FileManager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Security.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI50A5.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Claims.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.ObjectModel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.EventLog.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Console.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Communication.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Cleanup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteShell.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Wix.CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Http.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\winpty-debugserver.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\winpty.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteShell.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.PerformanceCounter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\winpty-agent.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.AppContext.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Memory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Requests.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Diagnostics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Security.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.CodeDom.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Windows\System32\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI50A5.tmp-\netstandard.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Ping.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\winpty.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\DesktopDuplication.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\x64\libvpx.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Channels.AnchorChannel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI50A5.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Permissions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Serialization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\netstandard.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Algorithms.dll	Jump to dropped file

Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe TID: 5968

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe.config
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: by VMware Workspace ONE Assist.",
Source: 58426c.rbs.1.dr	Binary or memory string: JC:\Program Files\VMware\Workspace ONE Assist\System.IO.IsolatedStorage.dll
Source: 58426c.rbs.1.dr	Binary or memory string: FC:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.dll
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895589148.00000229A855E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /C:/Program%20Files/VMware/Workspace%20ONE%20Assist/Resources/Appx/f7529f1a891c4c29afa0bf940c4958e4.appxbundle
Source: 58426c.rbs.1.dr	Binary or memory string: LC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.FileManager.dll
Source: 58426c.rbs.1.dr	Binary or memory string: GC:\Program Files\VMware\Workspace ONE Assist\System.Security.Claims.dll
Source: rundll32.exe, 00000003.00000002.1899311731.0000013203620000.00000004.00000020.00040000.00000000.sdmp	Binary or memory string: \??\C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exeen-GBenen-USMyApplication.app-----------------------------------------ff7
Source: 58426c.rbs.1.dr	Binary or memory string: SC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.FileVersionInfo.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{1E3B0E8F-F007-4D44-8846-17DF5AA2B6FB}MC:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Primitives.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{2AC55CAB-6F2B-44D0-8B04-A6383B0A9A08}RC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Json.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: ?C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>VMware Workspace ONE
Source: 58426c.rbs.1.dr	Binary or memory string: EC:\Program Files\VMware\Workspace ONE Assist\System.Xml.XDocument.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: https://www.vmware.com/help/privacy.html
Source: MSI4559.tmp.1.dr	Binary or memory string: 1\yywlw-zk\yonnbfme\native\lib\windows\x64\\|VMware\Workspace ONE Assist\native\lib\windows\x64\
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.ThreadPool.dll
Source: 58426c.rbs.1.dr	Binary or memory string: SC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteShell.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{34A18DED-7817-412F-B485-E6153875008C}?C:\Program Files\VMware\Workspace ONE Assist\vcruntime140_1.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: NC:\Program Files\VMware\Workspace ONE Assist\System.Collections.NonGeneric.dll
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895700607.00000229A8651000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 6C:\Program Files\VMware\Workspace ONE Assist\Resources
Source: rundll32.exe, 00000003.00000002.1899788011.00000132053C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CommandArgs: "C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe" "install" "C:\Program Files\VMware\Workspace ONE Assist\Resources"h
Source: 58426c.rbs.1.dr	Binary or memory string: @C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Utils.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\MPAP_f7529f1a891c4c29afa0bf940c4958e4_001.provxml
Source: 58426c.rbs.1.dr	Binary or memory string: PC:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Extensions.dll
Source: 58426c.rbs.1.dr	Binary or memory string: KC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tracing.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.dll
Source: 58426c.rbs.1.dr	Binary or memory string: :C:\Program Files\VMware\Workspace ONE Assist\System.IO.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Specialized.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: VMware RemoteHelp
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "More_Information": "Hvis du vil have flere oplysninger om, hvordan VMware h
Source: MSI4559.tmp.1.dr	Binary or memory string: &{4CD3D71A-F910-4E85-B04B-EF78D9B40089}AC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.dll@
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll89:5
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D4B27B63-6D38-49CC-BB75-3339345AA8D2}CC:\Program Files\VMware\Workspace ONE Assist\System.Data.Common.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140_1.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "Notification_Title": "VMware Workspace
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>Als u informatie wilt over de data die VMware verzamelt met betrekking tot uw gebruik van deze applicatie ten behoeve van productverbetering en andere analysedoeleinden, raadpleegt u het Trust & Assurance Center en de Privacyverklaringen van VMware.</p>
Source: 58426c.rbs.1.dr	Binary or memory string: PC:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Parallel.dll
Source: 58426c.rbs.1.dr	Binary or memory string: LC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.EventLog.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{033C5492-A6F7-4538-AAB0-0899422BFF02}EC:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: TC:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.TypeConverter.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{221C9E4D-D9C6-42FA-A0B3-492DAFB5B6DC}@C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Utils.dll@
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895241803.00000229A6BC0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Resources
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Console.dll
Source: 58426c.rbs.1.dr	Binary or memory string: JC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Extensions.dll
Source: 58426c.rbs.1.dr	Binary or memory string: JC:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Communication.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlSerializer.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "Notification_Title": "VMware Workspace ONE Assist",
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "AGREEMENT": "By selecting & accepting you agree to the VMware Workspace ONE Assist Terms and Conditions for use of this service.",
Source: MSI4559.tmp.1.dr	Binary or memory string: &{72A63BF1-2FB3-424B-8CD0-805055F8FA8D}=C:\Program Files\VMware\Workspace ONE Assist\winpty-agent.exe@
Source: 58426c.rbs.1.dr	Binary or memory string: FC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Net.dll
Source: 58426c.rbs.1.dr	Binary or memory string: ?C:\Program Files\VMware\Workspace ONE Assist\System.Buffers.dll
Source: 58426c.rbs.1.dr	Binary or memory string: NC:\Program Files\VMware\Workspace ONE Assist\System.Net.NetworkInformation.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "UnInstall_PopupDescription": "VMware RemoteHelp sera d
Source: MSI4559.tmp.1.dr	Binary or memory string: &{0ADDF2C7-AF58-4687-BD1A-2E505B7BACD9}SC:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.AccessControl.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{63E0EF7F-86A0-4C26-A3D9-EEB9609ED583}[C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TextWriterTraceListener.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: SC:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.AccessControl.dll
Source: 58426c.rbs.1.dr	Binary or memory string: NC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteControl.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: VMware Workspace One Assist
Source: MSI4559.tmp.1.dr	Binary or memory string: &{E372DF43-9457-4438-AE64-66F0EA22CDE1}GC:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: MC:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Extensions.dll
Source: 58426c.rbs.1.dr	Binary or memory string: ?C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{CAE3A7DC-A984-4EB6-8385-05A7F092C6BF}BC:\Program Files\VMware\Workspace ONE Assist\System.Reflection.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{F67B13BD-0210-4B54-A143-CD022B0D3B5C}LC:\Program Files\VMware\Workspace ONE Assist\System.Threading.Overlapped.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{A3073F8C-A5A1-4C2F-B5C1-E6C4F0D36D6B}?C:\Program Files\VMware\Workspace ONE Assist\System.Buffers.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe
Source: 58426c.rbs.1.dr	Binary or memory string: ;C:\Program Files\VMware\Workspace ONE Assist\winpty.NET.dll
Source: 58426c.rbs.1.dr	Binary or memory string: IC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tools.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{F514C4CC-87F5-4F69-91DF-99D15C9D8C08}422:\Software\VMware\Workspace ONE Assist\InstallPath@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{2DA392E0-6825-4CFA-B7B0-678EE12BFCEC}OC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TraceSource.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: ?C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: 1\yywlw-zk\yonnbfme\native\lib\osx\\|VMware\Workspace ONE Assist\native\lib\osx\
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.dllW
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tools.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Numerics.Vectors.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Json.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{9F291204-7927-4D65-ACFD-E3367C3EF7ED}RC:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Extensions.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: RC:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.Windows.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{3ED7DC1C-DB02-4314-B7AB-6F9F1A699A4E}FC:\Program Files\VMware\Workspace ONE Assist\System.Linq.Queryable.dll@
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000000.1825439607.00000229A6816000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: 2023 VMware, Inc*
Source: 58426c.rbs.1.dr	Binary or memory string: IC:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlSerializer.dll
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A6986000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist;C:\Windows\SYSTEM32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsewVersion="4.0ZAw[
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000000.1825414817.00000229A6812000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: 2023 VMware, Inc)
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "UnInstall_PopupDescription": "VMware RemoteHelp
Source: MSI4559.tmp.1.dr	Binary or memory string: &{C4BCAD05-7F50-4A57-A42D-DF8A555335B5}GC:\Program Files\VMware\Workspace ONE Assist\System.Security.Claims.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: NC:\Program Files\VMware\Workspace ONE Assist\System.Security.AccessControl.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\winpty.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: VMware Workspace ONE
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>O VMware Workspace ONE coleta informa
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\
Source: MSI4559.tmp.1.dr	Binary or memory string: &{44BA2026-E1DF-4422-8683-8CD368BE16E3}SC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{55B89289-E76B-4F50-A62B-D22572F92A7E}AC:\Program Files\VMware\Workspace ONE Assist\System.Threading.dll@
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000000.1825414817.00000229A6812000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: VMware Workspace ONE
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.PerformanceCounter.dll
Source: 58426c.rbs.1.dr	Binary or memory string: GC:\Program Files\VMware\Workspace ONE Assist\System.Dynamic.Runtime.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Primitives.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: ci VMware.</p>
Source: 58426c.rbs.1.dr	Binary or memory string: GC:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlDocument.dll
Source: AetherPal.Windows.Net.dll.1.dr	Binary or memory string: VMware, Inc.1!0
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\winpty-agent.exe
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>VMware Workspace ONE collects information to provide secure access to your work data and applications. Below you will find an overview of data collected by Workspace ONE and Workspace ONE Assist to provide optimal performance, security and support. For additional information about how your company handles information collected by Workspace ONE, please contact your company.</p>
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Security.SecureString.dll
Source: 58426c.rbs.1.dr	Binary or memory string: FC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.ValueTuple.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.StackTrace.dll
Source: 58426c.rbs.1.dr	Binary or memory string: SC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\AUMIDs.txt
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe
Source: 58426c.rbs.1.dr	Binary or memory string: XC:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Primitives.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.UnmanagedMemoryStream.dll
Source: 58426c.rbs.1.dr	Binary or memory string: ?C:\Program Files\VMware\Workspace ONE Assist\System.CodeDom.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{2FE75A2B-D7BD-4AD2-A0BB-504EB3B759D1}LC:\Program Files\VMware\Workspace ONE Assist\System.IO.MemoryMappedFiles.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{84CDBA99-7BB3-40F3-9F79-BB3084A0624D}GC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Handles.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{92F5E01C-1DA2-48A1-A001-0CEF18E77B06}AC:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.TypeConverter.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "UnInstall_PopupDescription": "Aplikace VMware RemoteHelp bude ze za
Source: 58426c.rbs.1.dr	Binary or memory string: QC:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe.config
Source: 58426b.msi.1.dr	Binary or memory string: sions.dllcuvmuvfw.dll\|System.Text.Encodings.Web.dlloez23nki.dll\|System.Text.Json.dlliuck9kln.dll\|System.Text.RegularExpressions.dllmdzqixth.dll\|System.Threading.dll7uheylij.dll\|System.Threading.Overlapped.dllu82mtczq.dll\|System.Threading.Tasks.dllsfiz1h0t.dll\|System.Threading.Tasks.Extensions.dllxtatt9vt.dll\|System.Threading.Tasks.Parallel.dllcpxzgohf.dll\|System.Threading.Thread.dllndwlyvjz.dll\|System.Threading.ThreadPool.dlla-mv3yrs.dll\|System.Threading.Timer.dlljvlrjw9o.dll\|System.ValueTuple.dlli4vnoba1.dll\|System.Xml.ReaderWriter.dllylyisovf.dll\|System.Xml.XDocument.dlloj5g4tua.dll\|System.Xml.XmlDocument.dllpklomszb.dll\|System.Xml.XmlSerializer.dll2zf1pjlu.dll\|System.Xml.XPath.dll2xnicbfq.dll\|System.Xml.XPath.XDocument.dllnmisxp2c.dll\|vcruntime140.dllodlrilgl.dll\|vcruntime140_1.dll14.28.29910.0ei3-tmec.exe\|winpty-agent.exeo-ystvpl.exe\|winpty-debugserver.exewinpty.dll2hjiihlg.dll\|winpty.NET.dll1.0.0.0za-gzgjo.exe\|WorkspaceONE.Assist.Agent.exexjmjrbms.con\|WorkspaceONE.Assist.Agent.exe.config519gonry.exe\|WorkspaceONE.Assist.Client.exejc5bewr0.con\|WorkspaceONE.Assist.Client.exe.confignoum54jd.so\|lib_remote_shell_api.sowgh9fzbs.so\|lib_remote_shell_api.sodame5bap\|RemoteLib4mr_fkar.dyl\|libvpx.dylibdob0uwwb.dyl\|lib_remote_shell_api.dylib5b6v58j6.dll\|DesktopDuplication.dlllibvpx.dllAUMIDs.txttz6_wjtg.app\|f7529f1a891c4c29afa0bf940c4958e4.appxbundleyygxdbrq.xml\|f7529f1a891c4c29afa0bf940c4958e4_License1.xml907amhwg.pro\|MPAP_f7529f1a891c4c29afa0bf940c4958e4_001.provxmlicon.icoFindRelatedProductsLaunchConditionsValidateProductIDMigrateFeatureStatesProcessComponentsUnpublishFeaturesStopServicesVersionNTDeleteServicesRemoveRegistryValuesRemoveShortcutsRemoveFilesWriteRegistryValuesInstallServicesStartServicesRegisterUserRegisterProductREMOVE="ALL"RemoveExistingProducts(NOT UPGRADINGPRODUCTCODE) AND (REMOVE="ALL")NOT Installed AND NOT REMOVEAppSearchInstalled AND (RESUME OR Preselected)Installed AND NOT RESUME AND NOT Preselected AND NOT PATCHNOT WIX_DOWNGRADE_DETECTEDA newer version of Workspace ONE Assist is already installed.#cab1.cabARPPRODUCTICONManufacturerVMware, Inc.ProductCode{2687F608-EC00-4F9A-B6B3-0194BAD168BB}ProductLanguageProductNameProductVersion{A064C3A5-9E72-4451-8E85-9883BF43FF84}DefaultUIFontWixUI_Font_NormalWixUI_ModeMinimalErrorDialogUseRMSecureCustomPropertiesWIX_DOWNGRADE_DETECTED;WIX_UPGRADE_DETECTED&Close the applications and attempt to restart them.DontUseRM&Do not close applications. A reboot will be required.Software\VMware\Workspace ONE Assist#1regA6E6BE990A776B3E82A5B55E4E283FA0*InstallPath[INSTALLFOLDER]reg5C682BB8EA335F681D8990C2F5FE9880RemoveStartMenuWorkspace ONE AssistWorkspace_ONE_AssistLocalSystemVMware Workspace ONE
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Numerics.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "UnInstall_PopupDescription": "VMware RemoteHelp se desinstalar
Source: MSI4559.tmp.1.dr	Binary or memory string: &{39346C97-A123-4412-BA35-85409FDE31AF}@C:\Program Files\VMware\Workspace ONE Assist\System.Net.Ping.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Handles.dll
Source: 58426c.rbs.1.dr	Binary or memory string: $Software\VMware\Workspace ONE Assist
Source: MSI4559.tmp.1.dr	Binary or memory string: &{3CF85474-93F9-43E2-8E5F-DB1190DAE600}121:\Software\VMware\Workspace ONE Assist\Shortcut@
Source: 58426c.rbs.1.dr	Binary or memory string: HC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Numerics.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{873F97C7-07B8-4AD2-8777-4855EB1D9882}VC:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\DesktopDuplication.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Linq.Queryable.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{6577A73F-CBDD-4BAE-A741-4105F6A4592E}CC:\Program Files\VMware\Workspace ONE Assist\System.ObjectModel.dll@
Source: rundll32.exe, 00000003.00000002.1899788011.00000132053C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: B"install" "C:\Program Files\VMware\Workspace ONE Assist\Resources"
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895700607.00000229A8651000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: nfile://C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4.appxbundle
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A6986000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exes(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:Syste
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Primitives.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: r information om de data VMware samlat in i samband med din anv
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D2C64D59-9E49-4D77-A0B9-BCC1566010B0}VC:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.EventBasedAsync.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\DesktopDuplication.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>VMware'in bu uygulamay
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "UnInstall_PopupDescription": "O VMware RemoteHelp ser
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\RemoteLib
Source: MSI4559.tmp.1.dr	Binary or memory string: _1\yywlw-zk\yonnbfme\native\lib\windows\x64\\|VMware\Workspace ONE Assist\native\lib\windows\x64\
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: es que VMware collecte concernant votre utilisation de cette application pour l'am
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Xml.dll
Source: 58426c.rbs.1.dr	Binary or memory string: OC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{79FB1384-359D-47C4-80E7-03EF4D82B29B}?C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{E59A1BA0-4B1B-449F-82B5-E76F2FF96B93}HC:\Program Files\VMware\Workspace ONE Assist\System.Resources.Writer.dll@
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895589148.00000229A8549000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: file:///C:/Program%20Files/VMware/Workspace%20ONE%20Assist/Resources/Appx/f7529f1a891c4c29afa0bf940c4958e4.appxbundle
Source: MSI4559.tmp.1.dr	Binary or memory string: &{39F56BB8-8805-4DCC-B293-00F4E9708B79}IC:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Registry.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: EC:\Program Files\VMware\Workspace ONE Assist\System.Globalization.dll
Source: 58426c.rbs.1.dr	Binary or memory string: DC:\Program Files\VMware\Workspace ONE Assist\System.Net.Requests.dll
Source: 58426c.rbs.1.dr	Binary or memory string: CC:\Program Files\VMware\Workspace ONE Assist\winpty-debugserver.exe
Source: AetherPal.Configuration.dll.1.dr	Binary or memory string: assist.rnu:WorkspaceONE.Assist.Agent.exe4WorkspaceONE.Assist.Client8AetherPal.IPC.Windows.ServerZWorkspaceONE.Assist.IPC.Windows.Agent.Horizon6WorkspaceONE.Assist.Service6VMware Workspace ONE AssistXAirWatchLLC.WorkspaceONEAssist_htcwkw4rx2gx42TaskSchedulerIpcProcessor
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Permissions.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{993CF769-41B3-4CC8-84FB-F6B4EFBCA817}@C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\vcruntime140.dll
Source: AetherPal.Device.Tools.dll.1.dr	Binary or memory string: 2020 VMware, Inc)
Source: 58426c.rbs.1.dr	Binary or memory string: HC:\Program Files\VMware\Workspace ONE Assist\System.Resources.Writer.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: ce danych zbieranych przez VMware w zwi
Source: 58426c.rbs.1.dr	Binary or memory string: LC:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{9C0744DA-83AD-4BFF-8402-A1224F8A2F74}XC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.VisualC.dll@
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A6980000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: am Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exemonProgramFilesm PlE
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: nost VMware nakl
Source: AetherPal.Device.Tools.dll.1.dr	Binary or memory string: 2020 VMware, Inc*
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D230B050-572E-4ED9-80BC-A5460BD73B23}NC:\Program Files\VMware\Workspace ONE Assist\System.Collections.Concurrent.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: QC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Channels.AnchorChannel.dll
Source: 58426c.rbs.1.dr	Binary or memory string: BC:\Program Files\VMware\Workspace ONE Assist\System.ValueTuple.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>VMware Workspace ONE verzamelt informatie om veilige toegang te bieden tot uw zakelijke gegevens en applicaties. Hieronder vindt u een overzicht van gegevens die door Workspace ONE en Workspace ONE Assist worden verzameld om optimale prestaties, beveiliging en ondersteuning te bieden. Neem contact op met uw bedrijf voor meer informatie over de manier waarop uw bedrijf omgaat met informatie die wordt verzameld door Workspace ONE.</p>
Source: MSI4559.tmp.1.dr	Binary or memory string: &{5A175A20-EFDC-4367-9B47-452C46D30413}JC:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: VMware Workspace ONE Assist
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Watcher.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: rales de VMware Workspace ONE Assist pour l'utilisation du service Workspace ONE Assist.",
Source: 58426c.rbs.1.dr	Binary or memory string: EC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{10BAE074-4F96-4FAC-8ECF-64D2CA7186C5}?C:\Program Files\VMware\Workspace ONE Assist\System.Console.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: 1\yywlw-zk\yonnbfme\native\lib\linux\x64\\|VMware\Workspace ONE Assist\native\lib\linux\x64\
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HOST_CONFIGam Files\VMware
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>For information om data, som VMware indsamler i forbindelse med din anvendelse af denne app til forbedring af produkter, og andre analyser, se Tillids- og Forsikringscenter og VMwares erkl
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteControl.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{B9994CDC-DF10-40F3-8A8D-EBC972BD61FF}XC:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Primitives.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\
Source: rundll32.exe, 00000003.00000002.1899788011.00000132053C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: o\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe;C:\Program Files\VMware\Workspace ONE Assist\Resources
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.dllnmdL
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.ZipFile.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{54322F77-EB51-44DE-80CA-50D0A347DCCC}FC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: MC:\Program Files\VMware\Workspace ONE Assist\AetherPal.WPF.CustomControls.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: vence Merkezi (Trust & Assurance Center) ve VMware Gizlilik Bildirimlerine bak
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Data.Common.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.FileVersionInfo.dll
Source: AetherPal.Windows.Net.dll.1.dr	Binary or memory string: CompanyNameVMware, Inc.`
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll 5
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll
Source: AetherPal.WPF.CustomControls.dll.1.dr	Binary or memory string: CompanyNameVMware, Inc.b
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Debug.dll
Source: AetherPal.Tools.RemoteControl.dll.1.dr	Binary or memory string: CompanyNameVMware, Inc.d
Source: MSI4559.tmp.1.dr	Binary or memory string: &{BB6F2335-B7B8-4767-828A-6BF9939D262D};C:\Program Files\VMware\Workspace ONE Assist\winpty.NET.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: TC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Communication.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.ProtectedData.dll
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895700607.00000229A8651000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CC:\Program Files\VMware\Workspace ONE Assist\Resources\*.appxbundle
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: in VMware Workspace ONE Assist H
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Primitives.dll
Source: 58426c.rbs.1.dr	Binary or memory string: LC:\Program Files\VMware\Workspace ONE Assist\System.IO.MemoryMappedFiles.dll
Source: 58426c.rbs.1.dr	Binary or memory string: MC:\Program Files\VMware\Workspace ONE Assist\System.Security.SecureString.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{E3639EF2-BEC9-4A1A-96EB-8FC02EEEA670}HC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Numerics.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: EC:\Program Files\VMware\Workspace ONE Assist\System.Linq.Parallel.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: Workspace ONE AssistN"C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe"@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Security.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{3C5C5395-6745-4A3F-B16A-0387390D8CEE}NC:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.ZipFile.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{9B243A49-C185-44C8-B9BE-3597EB37212E}QC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Xml.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: ^C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.X509Certificates.dll
Source: 58426c.rbs.1.dr	Binary or memory string: VC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.PerformanceCounter.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: 1\yywlw-zk\yonnbfme\native\lib\windows\\|VMware\Workspace ONE Assist\native\lib\windows\
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: https://www.vmware.com/help/privacy.html",
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.SystemEvents.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{BA08A3E8-D178-4AB1-8DE1-ED1260F3444E}JC:\Program Files\VMware\Workspace ONE Assist\System.Drawing.Primitives.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: XC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Primitives.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{527AF702-D1F0-4147-9BD3-BF6DD2698A6B}EC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "UnInstall_PopupDescription": "VMware RemoteHelp
Source: MSI4559.tmp.1.dr	Binary or memory string: N1\yywlw-zk\yonnbfme\affs8zkc\Appx\\|VMware\Workspace ONE Assist\Resources\Appx\
Source: MSI4559.tmp.1.dr	Binary or memory string: &{89C194CC-843F-45A1-890E-0E5C9E65FCBC}LC:\Program Files\VMware\Workspace ONE Assist\System.Security.Permissions.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: 22:\Software\VMware\Workspace ONE Assist\InstallPath
Source: MSI4559.tmp.1.dr	Binary or memory string: &{6DFDF632-47DC-46DB-86A2-23AA6C0B4656}GC:\Program Files\VMware\Workspace ONE Assist\System.Threading.Timer.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: LC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: rminos y condiciones de VMware Workspace ONE Assist para el uso de este servicio.",
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895589148.00000229A855E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: file://C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4.appxbundle
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D9A39F54-BEC0-4328-8B97-50A875AB6300}OC:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Calendars.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{7802E43B-DD0C-43CD-8850-282E676B0BA1}?C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D7FE1F6C-B8D3-4B5D-9D32-369CD9F4AEE1}IC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Debug.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: 1\yywlw-zk\yonnbfme\native\lib\linux\arm\\|VMware\Workspace ONE Assist\native\lib\linux\arm\
Source: MSI4559.tmp.1.dr	Binary or memory string: &{EBD61508-73D3-4680-83D9-83A81EAE4A83}AC:\Program Files\VMware\Workspace ONE Assist\System.Text.Json.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Claims.dll
Source: 58426c.rbs.1.dr	Binary or memory string: QC:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Csp.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.ObjectModel.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{B44767D6-3C98-436C-AE53-A21F0A71321B}FC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Net.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: 1\yywlw-zk\yonnbfme\native\lib\osx\x64\\|VMware\Workspace ONE Assist\native\lib\osx\x64\
Source: MSI4559.tmp.1.dr	Binary or memory string: &{89DABC0D-A860-493F-B5F9-931FE8E9DD1E}IC:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlSerializer.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\x64\
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.EventLog.dll
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: file:///C:/Program Files/VMware/Workspace ONE Assist/System.Runtime.DLL
Source: MSI4559.tmp.1.dr	Binary or memory string: &{A7521E54-36E4-4FEC-97E6-CA34CEFFC924}NC:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\x64\libvpx.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{667964BE-37E8-4FB4-B2C9-00F361E4EF22}QC:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Agent.exe.config@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{6ACAB878-9C05-4103-BC23-B3E288C5FC4D}MC:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Watcher.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{8CBD4132-8BA6-41A8-93BE-17250CCEFCD8}OC:\Program Files\VMware\Workspace ONE Assist\System.Collections.Specialized.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{2CB3C663-14DD-4033-9C74-44BD9F6E3E4D}TC:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.TypeConverter.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: e sicurezza) e l'informativa sulla privacy di VMware.</p>
Source: 58426c.rbs.1.dr	Binary or memory string: EC:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Writer.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{7F4F4678-09C9-4BDD-AB84-BAA792BC841D}>C:\Program Files\VMware\Workspace ONE Assist\System.Memory.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: OC:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Calendars.dll
Source: 58426c.rbs.1.dr	Binary or memory string: NC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.StackTrace.dll
Source: AetherPal.Windows.Net.dll.1.dr	Binary or memory string: VMWARE1
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895700607.00000229A8651000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OC:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe.Config`_/
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.Concurrent.dll
Source: 58426c.rbs.1.dr	Binary or memory string: >C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Net.dll
Source: 58426c.rbs.1.dr	Binary or memory string: BC:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\x64\
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: VMware Workspace ONE Assist for Windows 24.03 GA
Source: 58426c.rbs.1.dr	Binary or memory string: PC:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Primitives.dll
Source: 58426c.rbs.1.dr	Binary or memory string: 9C:\Program Files\VMware\Workspace ONE Assist\msvcp140.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{6AC94244-5577-4899-B415-F7FDAEC40E77}NC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteControl.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{B9FB9DA0-9668-45E3-BC37-D4A6E9FBCC5F}JC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Extensions.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: YC:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\x64\lib_remote_shell_api.so
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: nosti VMware.</p>
Source: 58426c.rbs.1.dr	Binary or memory string: OC:\Program Files\VMware\Workspace ONE Assist\System.Net.WebHeaderCollection.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.Pipes.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{A7578C1D-3CA9-45CC-8B2E-E98C2E4504D2}DC:\Program Files\VMware\Workspace ONE Assist\System.Net.Requests.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: HC:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe
Source: 58426c.rbs.1.dr	Binary or memory string: AC:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{29E2C520-2ADF-46FB-8105-202DF3008530}CC:\Program Files\VMware\Workspace ONE Assist\System.Net.Sockets.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: til https://www.vmware.com/help/privacy.html",
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: s de este producto, vaya a https://www.vmware.com/es/help/privacy.html",
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.Extensions.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Thread.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D0DAC1FE-822D-40EA-8498-4D6870CF6F23}GC:\Program Files\VMware\Workspace ONE Assist\System.Xml.XmlDocument.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: 11\yywlw-zk\yonnbfme\\|VMware\Workspace ONE Assist\
Source: rundll32.exe, 00000003.00000002.1899788011.00000132053C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YExecutable Path: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exeh
Source: 58426c.rbs.1.dr	Binary or memory string: FC:\Program Files\VMware\Workspace ONE Assist\System.Linq.Queryable.dll
Source: 58426c.rbs.1.dr	Binary or memory string: KC:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe
Source: MSI4559.tmp.1.dr	Binary or memory string: &{9E2B0E2B-BEB7-4D7E-928E-D92679C92A9F}SC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: XC:\Program Files\VMware\Workspace ONE Assist\System.ServiceProcess.ServiceController.dll
Source: 58426b.msi.1.dr	Binary or memory string: VMware Workspace ONE
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteShell.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: VMware RemoteHelp
Source: MSI4559.tmp.1.dr	Binary or memory string: InstallPath-C:\Program Files\VMware\Workspace ONE Assist\'
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: ber dieses Produkt erfasst werden, finden Sie unter https://www.vmware.com/help/privacy.html",
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "More_Information": "VMware
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D525D2C9-9225-4D23-9C13-AFB8E70FA62B}PC:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.Extensions.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "UnInstall_PopupDescription": "VMware RemoteHelp vil blive afinstalleret fra din enhed.
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "AGREEMENT": "Selezionando e accettando, concordi con i Termini e condizioni di VMware Workspace ONE Assist per l'utilizzo di questo servizio.",
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D89B3171-3972-47E7-BEBB-5645DA91477E}WC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.Unsafe.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: =C:\Program Files\VMware\Workspace ONE Assist\winpty-agent.exe
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895700607.00000229A8651000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 8C:\Program Files\VMware\Workspace ONE Assist\Resources\*
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\lib_remote_shell_api.dylib
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Process.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{8A4680ED-66EC-4F54-A066-5EA60E4A88F0}[C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.ProtectedData.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\'
Source: MSI4559.tmp.1.dr	Binary or memory string: &{FB6FE1FD-AEF2-4D70-934C-A67C81B0C308}VC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.PerformanceCounter.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: GC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Handles.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Text.RegularExpressions.dll
Source: 58426c.rbs.1.dr	Binary or memory string: IC:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Registry.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Ping.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: "C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe"
Source: 58426c.rbs.1.dr	Binary or memory string: MC:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.Client.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: a e os Avisos de privacidade da VMware.</p>
Source: MSI4559.tmp.1.dr	Binary or memory string: &{87687F34-E174-4C18-85D7-661B48409DB7}NC:\Program Files\VMware\Workspace ONE Assist\System.Security.AccessControl.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: nner du VMware Workspace ONE Assist-villkoren f
Source: MSI4559.tmp.1.dr	Binary or memory string: &{53B6B7E5-8A1E-4D00-9B44-44B41222E013}PC:\Program Files\VMware\Workspace ONE Assist\System.IO.UnmanagedMemoryStream.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: GC:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: https://www.vmware.com/help/privacy.html
Source: 58426c.rbs.1.dr	Binary or memory string: KC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Process.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.VisualC.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{93F3F64A-06F3-4F24-8237-8D54BC2E4B5B}XC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Formatters.dll@
Source: rundll32.exe, 00000003.00000002.1899788011.00000132053C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: FMSIX Directory: C:\Program Files\VMware\Workspace ONE Assist\Resourcesh
Source: 58426c.rbs.1.dr	Binary or memory string: @C:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\
Source: MSI4559.tmp.1.dr	Binary or memory string: &{69BEDAE8-8356-422B-814E-F2F79E0CF449}EC:\Program Files\VMware\Workspace ONE Assist\System.Linq.Parallel.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "UnInstall_PopupDescription": "VMware RemoteHelp will be uninstalled from your device. Would you like to continue?",
Source: 58426c.rbs.1.dr	Binary or memory string: iC:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4_License1.xml
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Primitives.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.RuntimeInformation.dll
Source: 58426c.rbs.1.dr	Binary or memory string: @C:\Program Files\VMware\Workspace ONE Assist\System.Net.Ping.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{4549005F-52CF-4DF2-80AF-AD48335FB45E}mC:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\MPAP_f7529f1a891c4c29afa0bf940c4958e4_001.provxml@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{A584A06B-6994-4F27-8184-E8CAD5761495}OC:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe.config@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>Informationen dazu, welche Daten VMware zur Produktverbesserung und zu sonstigen Analysezwecken im Zusammenhang mit der Nutzung dieser Anwendung durch Sie erfasst, finden Sie im Bereich
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.AccessControl.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{3F3BA5C1-33D3-41BD-9E94-BD9BA4909227}^C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.X509Certificates.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{82EBBC43-EFE1-4E89-89A1-19218DB8A1EB}FC:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D7A8AF10-597B-4022-B86B-5BE664053E96}GC:\Program Files\VMware\Workspace ONE Assist\System.Dynamic.Runtime.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Collections.NonGeneric.dll
Source: 58426c.rbs.1.dr	Binary or memory string: RC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.Serialization.Json.dll
Source: 58426c.rbs.1.dr	Binary or memory string: AC:\Program Files\VMware\Workspace ONE Assist\System.Text.Json.dll
Source: 58426c.rbs.1.dr	Binary or memory string: AC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.dll
Source: 58426c.rbs.1.dr	Binary or memory string: QC:\Program Files\VMware\Workspace ONE Assist\System.Resources.ResourceManager.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\
Source: MSI4559.tmp.1.dr	Binary or memory string: &{EF5530BB-8253-4B56-8EC7-E336A255A0F1}NC:\Program Files\VMware\Workspace ONE Assist\Microsoft.Bcl.AsyncInterfaces.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{74973CCB-8E29-4236-AF44-ABC19C9D858B}PC:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Extensions.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: tfen https://www.vmware.com/help/privacy.html adresini ziyaret edin",
Source: rundll32.exe, 00000003.00000002.1899788011.00000132053C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: MArguments: "install" "C:\Program Files\VMware\Workspace ONE Assist\Resources"h
Source: MSI4559.tmp.1.dr	Binary or memory string: &{E010BFD9-3010-4968-A829-D3A3BC25CE49}-C:\Program Files\VMware\Workspace ONE Assist\@
Source: 58426c.rbs.1.dr	Binary or memory string: VC:\Program Files\VMware\Workspace ONE Assist\native\lib\windows\DesktopDuplication.dll
Source: rundll32.exe, 00000003.00000003.1897761412.000001320359D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Program Files\VMware\Workspace ONE.exev&
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Extensions.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{731D273E-43A4-4094-ABCC-3672B3D54B9F}UC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteControl.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: JC:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "AGREEMENT": "Door accepteren gaat u akkoord met de Algemene Voorwaarden van VMware Workspace ONE Assist voor het gebruik van deze service.",
Source: AetherPal.Net.dll.1.dr	Binary or memory string: CompanyNameVMware, Inc.D
Source: 58426c.rbs.1.dr	Binary or memory string: IC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Debug.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Net.NetworkInformation.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "More_Information": "Ga naar https://www.vmware.com/help/privacy.html voor meer informatie over de manier waarop VMware omgaat met gegevens die via dit product worden verzameld",
Source: 58426c.rbs.1.dr	Binary or memory string: VC:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Encoding.dll
Source: AetherPal.Core.dll.1.dr	Binary or memory string: CompanyNameVMware, Inc.F
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D96D495D-AC57-4EFB-93CE-A51F71E5ADB1}bC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.InteropServices.RuntimeInformation.dll@
Source: AetherPal.Utils.dll.3.dr	Binary or memory string: CompanyNameVMware, Inc.H
Source: MSI4559.tmp.1.dr	Binary or memory string: &{2B4FC688-D207-4B5D-8CCA-31EA0C91CC9B}FC:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.dll@
Source: AetherPal.Device.Tools.dll.1.dr	Binary or memory string: CompanyNameVMware, Inc.J
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Registry.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{FD510A1F-8129-4932-8F4C-07D9D8A07891}XC:\Program Files\VMware\Workspace ONE Assist\System.ServiceProcess.ServiceController.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\x64\lib_remote_shell_api.so
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "More_Information": "Per ulteriori informazioni circa il modo in cui VMware gestisce i dati raccolti attraverso questo prodotto, visitare il sito web https://www.vmware.com/help/privacy.html",
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.MemoryMappedFiles.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: n acerca de los datos que recopila VMware en conexi
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Primitives.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{A37D5EAD-817D-45B1-A661-B0ACFDEBAF3A}OC:\Program Files\VMware\Workspace ONE Assist\System.Net.WebHeaderCollection.dll@
Source: AetherPal.Diagnostics.dll.1.dr	Binary or memory string: CompanyNameVMware, Inc.T
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe.config
Source: AetherPal.Device.Tools.RemoteControl.dll.1.dr	Binary or memory string: CompanyNameVMware, Inc.V
Source: AetherPal.Configuration.dll.1.dr	Binary or memory string: CompanyNameVMware, Inc.X
Source: MSI4559.tmp.1.dr	Binary or memory string: &{23AC0DC2-AE1F-4671-BF36-6E8ADBDB49A4}ZC:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\lib_remote_shell_api.dylib@
Source: 58426c.rbs.1.dr	Binary or memory string: MC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Contracts.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: de VMware.</p>
Source: WorkspaceONE.Assist.Agent.exe.1.dr	Binary or memory string: CompanyNameVMware, Inc.\
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: CompanyNameVMware, Inc.^
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.EventBasedAsync.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Algorithms.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{63792587-EDA1-4625-9AA9-A2151A4CD0D9}SC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteShell.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{24059BEB-AD58-4255-934B-6C8062C751AA}iC:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4_License1.xml@
Source: rundll32.exe, 00000003.00000003.1897761412.00000132035EF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Program Files\VMware\Workspace ONE)O=
Source: MSI4559.tmp.1.dr	Binary or memory string: &{5BE65C20-67BB-4200-9063-0D385444C1E7}PC:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Parallel.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: https://www.vmware.com/tw/help/privacy.html",
Source: MSI4559.tmp.1.dr	Binary or memory string: &{5A684C8E-FF06-4557-AC79-AEDE8935A8F7}MC:\Program Files\VMware\Workspace ONE Assist\System.Net.WebSockets.Client.dll@
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: am Files\VMware\Workspace ONE Assist\Resources
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.dll
Source: AetherPal.Device.Tools.dll.1.dr	Binary or memory string: ProductNameVMware Workspace ONE
Source: 58426c.rbs.1.dr	Binary or memory string: JC:\Program Files\VMware\Workspace ONE Assist\System.Net.NameResolution.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Microsoft.Bcl.AsyncInterfaces.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{D93EB7EF-2CF6-412E-995D-DFAE3046FA42}HC:\Program Files\VMware\Workspace ONE Assist\System.Resources.Reader.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: -VMware
Source: 58426c.rbs.1.dr	Binary or memory string: HC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{CB20CDE9-1B5F-4A59-B043-6A42A96B7273}EC:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\RemoteLib@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.Unsafe.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{BAE15359-1C15-4C7B-BB9F-53C722DAAFC8}HC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Serialization.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Drawing.Primitives.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{20EB5E0E-047A-47F7-9023-427A11E7D509}LC:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Service.exe@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tracing.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\libvpx.dylib
Source: 58426c.rbs.1.dr	Binary or memory string: LC:\Program Files\VMware\Workspace ONE Assist\System.Security.Permissions.dll
Source: AetherPal.Windows.Net.dll.1.dr	Binary or memory string: noreply@vmware.com0
Source: MSI4559.tmp.1.dr	Binary or memory string: &{F3876345-4471-4A51-8C37-10D3ED62BC09}QC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Channels.AnchorChannel.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: RC:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe.config
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: VMware
Source: MSI4559.tmp.1.dr	Binary or memory string: &{49DE6BC5-5BB8-427B-AAF0-E39C4451D579}PC:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Primitives.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe
Source: MSI4559.tmp.1.dr	Binary or memory string: &{950D71B1-73E3-48AF-8703-8552FF842B53}IC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tools.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.Parallel.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Resources.Reader.dll
Source: 58426c.rbs.1.dr	Binary or memory string: OC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.TraceSource.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Xml.ReaderWriter.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Sockets.dll
Source: 58426c.rbs.1.dr	Binary or memory string: XC:\Program Files\VMware\Workspace ONE Assist\System.Runtime.CompilerServices.VisualC.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{DA38D1D8-4413-4038-8369-E2E53EA2380D}JC:\Program Files\VMware\Workspace ONE Assist\System.IO.IsolatedStorage.dll@
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exeB5%
Source: MSI4559.tmp.1.dr	Binary or memory string: &{35FC3C5F-44C2-417A-B42D-7D9A5AC0F0EB}DC:\Program Files\VMware\Workspace ONE Assist\System.Net.Security.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: GC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "More_Information": "VMware'in bu
Source: 58426c.rbs.1.dr	Binary or memory string: @C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.dll
Source: 58426c.rbs.1.dr	Binary or memory string: @C:\Program Files\VMware\Workspace ONE Assist\System.Net.Http.dll
Source: 58426c.rbs.1.dr	Binary or memory string: FC:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\AUMIDs.txt
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>For information regarding the data VMware collects in connection with your use of this application for product improvement and other analytics purposes, see the Trust & Assurance Center and VMware's Privacy Notices.</p>
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A6980000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Windows\Installer\MSI50A5.tmp-\C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe"C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe" "install" "C:\Program Files\VMware\Workspace ONE Assist\Resources"C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exewinsta0\default
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Globalization.Extensions.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{C17C6D33-7C3D-455C-B8A2-7CC7886DAE60}EC:\Program Files\VMware\Workspace ONE Assist\System.Text.Encoding.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Buffers.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: "UnInstall_PopupDescription": "VMware RemoteHelp kommer att avinstalleras fr
Source: MSI4559.tmp.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe;C:\Program Files\VMware\Workspace ONE Assist\Resources
Source: MSI4559.tmp.1.dr	Binary or memory string: &{FCDBDFC3-EFEE-467B-ACC2-3DAB6CF52B2D}LC:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\libvpx.dylib@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: rene og betingelserne for VMware Workspace ONE Assist i forbindelse med brug af denne tjeneste.",
Source: MSI4559.tmp.1.dr	Binary or memory string: &{20CA2246-78C7-46A3-B31B-1108A5D45D10}KC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Tracing.dll@
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exeT5?
Source: MSI4559.tmp.1.dr	Binary or memory string: O1\yywlw-zk\yonnbfme\native\lib\osx\\|VMware\Workspace ONE Assist\native\lib\osx\
Source: 58426c.rbs.1.dr	Binary or memory string: FC:\Program Files\VMware\Workspace ONE Assist\System.Net.Primitives.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Http.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{6B88AA3B-CEAC-4317-98C5-A9D41D087F2C}RC:\Program Files\VMware\Workspace ONE Assist\System.Security.Principal.Windows.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: AC:\Program Files\VMware\Workspace ONE Assist\System.Threading.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: VMware RemoteHelp
Source: 58426c.rbs.1.dr	Binary or memory string: gC:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4.appxbundle
Source: 58426c.rbs.1.dr	Binary or memory string: KC:\Program Files\VMware\Workspace ONE Assist\Microsoft.Win32.Primitives.dll
Source: Workspace ONE Assist Installer.lnk.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exeZ..\..\..\..\..\..\Program Files\VMware\Workspace ONE Assist\WorkspaceONE.Assist.Client.exe-C:\Program Files\VMware\Workspace ONE Assist\DC:\Windows\Installer\{2687F608-EC00-4F9A-B6B3-0194BAD168BB}\icon.ico
Source: 58426c.rbs.1.dr	Binary or memory string: JC:\Program Files\VMware\Workspace ONE Assist\System.Text.Encodings.Web.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\f7529f1a891c4c29afa0bf940c4958e4_License1.xml
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: und in den Datenschutzhinweisen von VMware.</p>
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: re dont VMware g
Source: 58426c.rbs.1.dr	Binary or memory string: Software\VMware\Workspace ONE Assist
Source: MSI4559.tmp.1.dr	Binary or memory string: &{C3D07B00-66F2-4FAF-BC30-91A9BAFF520F}:C:\Program Files\VMware\Workspace ONE Assist\System.IO.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{777B4CD6-0B07-4E9B-B05E-54BD9F1274E7}MC:\Program Files\VMware\Workspace ONE Assist\System.Diagnostics.Contracts.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{03E4863A-4A9C-4F13-BA23-E99E32E623F6}@C:\Program Files\VMware\Workspace ONE Assist\System.IO.Pipes.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\arm\lib_remote_shell_api.so
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe.Config
Source: MSI4559.tmp.1.dr	Binary or memory string: &{00F72D99-C52D-484F-B12C-BAFBAE267FD4}GC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: BC:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\arm\
Source: 58426c.rbs.1.dr	Binary or memory string: @C:\Program Files\VMware\Workspace ONE Assist\System.IO.Pipes.dll
Source: Workspace ONE Assist Installer.lnk.1.dr	Binary or memory string: VMware
Source: MSI4559.tmp.1.dr	Binary or memory string: 1\yywlw-zk\yonnbfme\affs8zkc\Appx\\|VMware\Workspace ONE Assist\Resources\Appx\
Source: 58426c.rbs.1.dr	Binary or memory string: MC:\Program Files\VMware\Workspace ONE Assist\System.Reflection.Primitives.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{0366DCCB-37A9-4D7E-8992-6D28F6DA4B0F}LC:\Program Files\VMware\Workspace ONE Assist\System.Threading.ThreadPool.dll@
Source: MSI4559.tmp.1.dr	Binary or memory string: &{7F73628A-4519-4612-B499-188C22DA207E}9C:\Program Files\VMware\Workspace ONE Assist\msvcp140.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: NC:\Program Files\VMware\Workspace ONE Assist\System.IO.Compression.ZipFile.dll
Source: 58426c.rbs.1.dr	Binary or memory string: -C:\Program Files\VMware\Workspace ONE Assist\
Source: 58426c.rbs.1.dr	Binary or memory string: HC:\Program Files\VMware\Workspace ONE Assist\System.Threading.Thread.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.AppContext.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Security.Cryptography.Csp.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: ytkowania VMware Workspace ONE Assist, kt
Source: 58426c.rbs.1.dr	Binary or memory string: HC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Serialization.dll
Source: 58426c.rbs.1.dr	Binary or memory string: MC:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.Watcher.dll
Source: 58426c.rbs.1.dr	Binary or memory string: LC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteShell.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Configuration.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Net.Requests.dll
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1895700607.00000229A8651000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ;C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx@C0
Source: MSI4559.tmp.1.dr	Binary or memory string: &{AC001B81-5B82-460B-BC49-647D91603DF6}=C:\Program Files\VMware\Workspace ONE Assist\vcruntime140.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: <C:\Program Files\VMware\Workspace ONE Assist\System.Linq.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.Threading.Tasks.dll
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>VMware Workspace ONE, i
Source: 58426c.rbs.1.dr	Binary or memory string: QC:\Program Files\VMware\Workspace ONE Assist\System.ComponentModel.Primitives.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.IO.FileSystem.DriveInfo.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\System.CodeDom.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{377C9983-C51B-4A4E-9520-F002E81F9B86}HC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll@
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: VMware.</p>
Source: WorkspaceONE.Assist.Client.exe.1.dr	Binary or memory string: <p>VMware Workspace ONE erfasst Informationen, um einen sicheren Zugriff auf Ihre Arbeitsdaten und Anwendungen zu erm
Source: 58426c.rbs.1.dr	Binary or memory string: CC:\Program Files\VMware\Workspace ONE Assist\System.Collections.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\native\lib\linux\arm\
Source: AetherPal.MSIX.Launcher.exe, 00000004.00000002.1893110977.00000229A69F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: file:///C:/Program Files/VMware/Workspace ONE Assist/
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll
Source: 58426c.rbs.1.dr	Binary or memory string: OC:\Program Files\VMware\Workspace ONE Assist\System.Collections.Specialized.dll
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll
Source: 58426c.rbs.1.dr	Binary or memory string: BC:\Program Files\VMware\Workspace ONE Assist\System.AppContext.dll
Source: 58426c.rbs.1.dr	Binary or memory string: ZC:\Program Files\VMware\Workspace ONE Assist\native\lib\osx\x64\lib_remote_shell_api.dylib
Source: MSI4559.tmp.1.dr	Binary or memory string: &{22E04EF6-3813-43AC-9343-86A8DB84A1B6}KC:\Program Files\VMware\Workspace ONE Assist\System.Xml.XPath.XDocument.dll@
Source: 58426c.rbs.1.dr	Binary or memory string: SC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll
Source: 58426c.rbs.1.dr	Binary or memory string: HC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Configuration.dll
Source: 58426c.rbs.1.dr	Binary or memory string: <C:\Program Files\VMware\Workspace ONE Assist\Resources\Appx\
Source: 58426c.rbs.1.dr	Binary or memory string: C:\Program Files\VMware\Workspace ONE Assist\Newtonsoft.Json.dll
Source: MSI4559.tmp.1.dr	Binary or memory string: &{63372CBE-AEC1-4301-BDBF-F5CD75F54FCF}LC:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll@

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI50A5.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Wix.CustomAction.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Windows.Utils.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI50A5.tmp-\AetherPal.Diagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Queries volume information: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe VolumeInformation	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Queries volume information: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Windows.Utils.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Queries volume information: C:\Program Files\VMware\Workspace ONE Assist\System.Runtime.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Queries volume information: C:\Windows\System32\WinMetadata\Windows.Management.winmd VolumeInformation	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Queries volume information: C:\Windows\System32\WinMetadata\Windows.Foundation.winmd VolumeInformation	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Queries volume information: C:\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd VolumeInformation	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.WindowsRuntime\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	Queries volume information: C:\Windows\System32\WinMetadata\Windows.System.winmd VolumeInformation	Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Valid Accounts	Windows Management Instrumentation	1 Valid Accounts	1 Valid Accounts	23 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	1 Replication Through Removable Media	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Valid Accounts	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 Process Injection	1 Access Token Manipulation	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	NTDS	11 Peripheral Device Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Process Injection	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Rundll32	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Timestomp	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 File Deletion	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
VZH3bd37Gc.msi	0%	ReversingLabs
VZH3bd37Gc.msi	0%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Communication.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Communication.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Channels.AnchorChannel.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Channels.AnchorChannel.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Configuration.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Configuration.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteControl.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteControl.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteShell.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteShell.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Net.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Net.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Security.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Security.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Serialization.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Serialization.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.FileManager.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.FileManager.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteControl.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteControl.dll	0%	Virustotal	Browse
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteShell.dll	0%	ReversingLabs
C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteShell.dll	0%	Virustotal	Browse

Source	Detection	Scanner	Label	Link
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisLight	0%	Avira URL Cloud	safe
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisCopyright	0%	Avira URL Cloud	safe
http://aetherpal.com/deviceghttp://aetherpal.com/XMLSchema/device/TimerPolicy10	0%	Avira URL Cloud	safe
http://aetherpal.com/XMLSchema/device/DeviceInfo10	0%	Avira URL Cloud	safe
http://aetherpal.com/deviceghttp://aetherpal.com/XMLSchema/device/TimerPolicy10	0%	Virustotal		Browse
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisSemi	0%	Avira URL Cloud	safe
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisMedium	0%	Avira URL Cloud	safe
http://aetherpal.com/XMLSchema/device/SecurityPolicy10	0%	Avira URL Cloud	safe
http://aetherpal.com/XMLSchema/device/UserInterfacePolicy10	0%	Avira URL Cloud	safe
http://victoryonemedia.comhttps://github.com/chrismsimpson/Metropolis	0%	Avira URL Cloud	safe
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisExtra	0%	Avira URL Cloud	safe
http://aetherpal.com/XMLSchema/device/DeviceInfo10	0%	Virustotal		Browse
http://aetherpal.com/XMLSchema/device/SecurityPolicy10	0%	Virustotal		Browse
http://aetherpal.com/XMLSchema/device/UserInterfacePolicy10	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisSemi	AetherPal.WPF.CustomControls.dll.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/chrismsimpsonhttps://github.com/chrismsimpson/MetropolisMetropolisLight	AetherPal.WPF.CustomControls.dll.1.dr	false		high
https://github.com/dotnet/runtime8	System.Text.Json.dll.1.dr	false		high
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisCopyright	AetherPal.WPF.CustomControls.dll.1.dr	false	Avira URL Cloud: safe	unknown
http://aetherpal.com/deviceghttp://aetherpal.com/XMLSchema/device/TimerPolicy10	AetherPal.Device.dll.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/dotnet/roslyn/issues/46646~	System.Text.Json.dll.1.dr	false		high
https://github.com/chrismsimpsonhttps://github.com/chrismsimpson/MetropolisCopyright	AetherPal.WPF.CustomControls.dll.1.dr	false		high
http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v	rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr	false		high
https://www.vmware.com/help/privacy.html.	WorkspaceONE.Assist.Client.exe.1.dr	false		high
https://github.com/dotnet/runtime/issues/73124.	System.Text.Json.dll.1.dr	false		high
https://www.vmware.com/tw/help/privacy.html	WorkspaceONE.Assist.Client.exe.1.dr	false		high
http://wixtoolset.org/news/	rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr	false		high
https://www.vmware.com/help/privacy.html	WorkspaceONE.Assist.Client.exe.1.dr	false		high
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisLight	AetherPal.WPF.CustomControls.dll.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/dotnet/core/)	WorkspaceONE.Assist.Client.exe.1.dr	false		high
https://www.att.com	WorkspaceONE.Assist.Client.exe.1.dr	false		high
https://github.com/dotnet/runtime	System.Security.Permissions.dll.1.dr, System.ServiceProcess.ServiceController.dll.1.dr, System.Security.AccessControl.dll.1.dr, System.Text.Json.dll.1.dr, System.CodeDom.dll.1.dr, System.Text.Encodings.Web.dll.1.dr, Microsoft.Win32.SystemEvents.dll.1.dr, System.Security.Cryptography.ProtectedData.dll.1.dr	false		high
https://github.com/dotnet/roslyn/issues/46646	System.Text.Json.dll.1.dr	false		high
https://www.vmware.com/es/help/privacy.html	WorkspaceONE.Assist.Client.exe.1.dr	false		high
http://wixtoolset.org/releases/	rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.3.dr	false		high
https://github.com/chrismsimpsonhttps://github.com/chrismsimpson/Metropolis	AetherPal.WPF.CustomControls.dll.1.dr	false		high
https://aka.ms/dotnet-warnings/	System.Text.Json.dll.1.dr	false		high
http://aetherpal.com/XMLSchema/device/DeviceInfo10	AetherPal.Device.dll.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://wixtoolset.org	rundll32.exe, 00000003.00000003.1817301234.0000013205222000.00000004.00000020.00020000.00000000.sdmp, VZH3bd37Gc.msi, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 58426b.msi.1.dr	false		high
http://aetherpal.com/XMLSchema/device/SecurityPolicy10	AetherPal.Device.Tools.RemoteControl.dll.1.dr, AetherPal.Device.dll.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/dotnet/runtime&	System.Security.Permissions.dll.1.dr, System.ServiceProcess.ServiceController.dll.1.dr, System.CodeDom.dll.1.dr, Microsoft.Win32.SystemEvents.dll.1.dr, System.Security.Cryptography.ProtectedData.dll.1.dr	false		high
https://aka.ms/serializationformat-binary-obsolete	System.Text.Json.dll.1.dr	false		high
https://www.gnu.org/licenses	WorkspaceONE.Assist.Client.exe.1.dr	false		high
https://aka.ms/binaryformatter	System.Text.Json.dll.1.dr	false		high
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisMedium	AetherPal.WPF.CustomControls.dll.1.dr	false	Avira URL Cloud: safe	unknown
http://aetherpal.com/XMLSchema/device/UserInterfacePolicy10	AetherPal.Device.dll.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	rundll32.exe, 00000003.00000002.1899788011.00000132053C1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://victoryonemedia.comhttps://github.com/chrismsimpson/Metropolis	AetherPal.WPF.CustomControls.dll.1.dr	false	Avira URL Cloud: safe	unknown
http://victoryonemedia.comhttps://github.com/chrismsimpson/MetropolisMetropolisExtra	AetherPal.WPF.CustomControls.dll.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431604
Start date and time:	2024-04-25 14:15:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	VZH3bd37Gc.msi (renamed file extension from none to msi, renamed because original name is a hash value)
Original Sample Name:	0400a87b6100936cdc0a8695c5dc1c7103bb93c0842231efaf7260a795290339
Detection:	CLEAN
Classification:	clean15.troj.winMSI@9/191@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 96% Number of executed functions: 39 Number of non-executed functions: 1

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target AetherPal.MSIX.Launcher.exe, PID 6520 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 6044 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	30750
Entropy (8bit):	5.640477030307273
Encrypted:	false
SSDEEP:	768:XNUnfWHhtYNAW4kNUP2Ss7qxcoPHxI9yzQ9T62IamK02iSxsncSYVIT+hV6L13D7:dUnfWHhtYNAW4kNUP2Ss7qxcoPHxI9yh
MD5:	9A949F5B22A5D1D4AACC33367EABBD24
SHA1:	FA9C31F8DC3332A1B63143F4209734BBA005C719
SHA-256:	1E41FDF9570F3A66E6B7B03F34BA6AE468DE7D6F61FF1F70A236BBEF9084FD3E
SHA-512:	00F89E58138339EA2B734B9F2DAACCBEF58A9CFA515520CD64C7B684827F83D97FED7E6B75B4C18BDEE3B891652C122D44F42B1E1EA6A53623754ECD88D2D5A5
Malicious:	false
Reputation:	low
Preview:	...@IXOS.@.....@.r.X.@.....@.....@.....@.....@.....@......&.{2687F608-EC00-4F9A-B6B3-0194BAD168BB}..Workspace ONE Assist Installer..VZH3bd37Gc.msi.@.....@.....@.....@......icon.ico..&.{FD0CDE91-FD76-4738-8B40-800BA9713AFC}.....@.....@.....@.....@.......@.....@.....@.......@......Workspace ONE Assist Installer......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3CF85474-93F9-43E2-8E5F-DB1190DAE600}&.{2687F608-EC00-4F9A-B6B3-0194BAD168BB}.@......&.{F514C4CC-87F5-4F69-91DF-99D15C9D8C08}&.{2687F608-EC00-4F9A-B6B3-0194BAD168BB}.@......&.{E010BFD9-3010-4968-A829-D3A3BC25CE49}&.{2687F608-EC00-4F9A-B6B3-0194BAD168BB}.@......&.{20EB5E0E-047A-47F7-9023-427A11E7D509}&.{2687F608-EC00-4F9A-B6B3-0194BAD168BB}.@......&.{63372CBE-AEC1-4301-BDBF-F5CD75F54FCF}&.{2687F608-EC00-4F9A-B6B3-0194BAD168BB}.@......&.{9B5E1039-2250-44BD-B89F-78146919C075}&.{2687F608-EC00-4F9A-B6B3-0194BAD168BB}.@......&.{44BA2026-E1

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	737
Entropy (8bit):	5.34973518043042
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6KhaOK9eDLI4MNOK9XGK9yiyWoyD:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoU
MD5:	82F8048F931D8F7FFF5D774529C4D756
SHA1:	4116C9A0451C97B50E5AF140D25E1A44310BB58C
SHA-256:	9A3E43E664EC44B17C4B8B580F0644A640DEE40D9051D85CA3FED8157B525C36
SHA-512:	E5ED3F758A9C8AEBE13F257F4C0B82035AEABFC7011E43DCE5EC91A56B4C3BD17F26473A1621F064D72A526A227AF3BCE0C0A7784AC2243447766A8EBEF14E12
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..2,"netstandard, Version=2.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51",0..

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: VMware Workspace ONE Assist, Author: VMware, Inc., Keywords: Installer, Comments: This installer database contains the logic and data required to install Workspace ONE Assist Installer., Template: x64;1033, Revision Number: {FD0CDE91-FD76-4738-8B40-800BA9713AFC}, Create Time/Date: Wed Mar 27 21:55:34 2024, Last Saved Time/Date: Wed Mar 27 21:55:34 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Entropy (8bit):	7.8547122848696205
TrID:	Microsoft Windows Installer (60509/1) 88.31% Generic OLE2 / Multistream Compound File (8008/1) 11.69%
File name:	VZH3bd37Gc.msi
File size:	10'838'016 bytes
MD5:	af498bd451f04a1dae63cd61812a3c8b
SHA1:	36f54070b8696eaa00ba1ff1d5fcfd5900ddacfa
SHA256:	0400a87b6100936cdc0a8695c5dc1c7103bb93c0842231efaf7260a795290339
SHA512:	80a4b5f8dbb1b4e1bfaf60fc6dc6ab8d0828a117168d87b1e6f802a8fdf1afa81752bee6d6c10e9ccc3db857f960b68a0f46742471a7a127e1e0dc9d987cd794
SSDEEP:	196608:Oidybl3zkehEaHKc7wV9J9y5JKdmyg9KAtVVEDZLmZ2HHq8YLQL40fqV/d/r8ScO:OO4RzBqc7wXEsg9KWVWSZ2HK8nLTydI0
TLSH:	E9B601513DC24873E5E1293675D2720C12E7BCF64AA34B5D2984F2693E3F293D4EAB42
File Content Preview:	........................>......................................................................................................................................................................................................................................

Target ID:	0
Start time:	14:16:18
Start date:	25/04/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\VZH3bd37Gc.msi"
Imagebase:	0x7ff7b0ad0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	2
Start time:	14:16:28
Start date:	25/04/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\MsiExec.exe -Embedding 08351F78698DA0C0368A0A0187380C10 E Global\MSI0000
Imagebase:	0x7ff7b0ad0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	4
Start time:	14:16:29
Start date:	25/04/2024
Path:	C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe" "install" "C:\Program Files\VMware\Workspace ONE Assist\Resources"
Imagebase:	0x229a6810000
File size:	22'272 bytes
MD5 hash:	D058E337D5F7E8ADA6BCC28B5114B303
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs Detection: 0%, Virustotal, Browse
Reputation:	low
Has exited:	true

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report VZH3bd37Gc.msi

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\58426c.rbs

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Agent.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Communication.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Application.Localization.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Auth.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Channels.AnchorChannel.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Configuration.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Core.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Sys.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.FileManager.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteControl.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.RemoteShell.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.Tools.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Device.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Diagnostics.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.MSIX.Launcher.exe.config

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Net.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Security.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Serialization.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.FileManager.dll

C:\Program Files\VMware\Workspace ONE Assist\AetherPal.Tools.RemoteControl.dll

Windows Analysis Report
VZH3bd37Gc.msi

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre