Windows Analysis Report
RE_iRecord_Installer.msi

Privilege Escalation

Source: C:\Windows\System32\msiexec.exe

EXE: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\WPFToolkit.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET FindReplaceDialog.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.DataGrid.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: WINMM.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: bcrypt.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\jint.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: MSVCP120_CLR0400.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.XmlSerializers.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.VS2010.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Input.Toolkit.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: CRYPTSP.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.ProcessingObjectModel.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.64.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Aero.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.DataVisualization.Toolkit.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: d3d10warp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Expression.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: WINMMBASE.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Hexasoft.Zxcvbn.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.64.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.V8.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.XmlSerializers.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WinForms.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.DataVisualization.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WebForms.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: D3DCOMPILER_47.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: VERSION.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.64.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Metro.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.Core.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Net.Http.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ClearScript.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Layout.Toolkit.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\zxcvbn.net.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.Toolkit.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Core.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.Common.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: d3d9.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.XmlSerializers.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: WindowsCodecs.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\BarcodeLib.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.64.dll			Jump to behavior

Compliance

Source: C:\Windows\System32\msiexec.exe

EXE: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\WPFToolkit.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET FindReplaceDialog.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.DataGrid.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: WINMM.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: bcrypt.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\jint.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: MSVCP120_CLR0400.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.XmlSerializers.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.VS2010.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Input.Toolkit.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: CRYPTSP.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.ProcessingObjectModel.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.64.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Aero.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.DataVisualization.Toolkit.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: d3d10warp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Expression.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: WINMMBASE.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Hexasoft.Zxcvbn.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.64.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.V8.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.XmlSerializers.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WinForms.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.DataVisualization.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WebForms.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: D3DCOMPILER_47.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: VERSION.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.64.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Metro.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.Core.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Net.Http.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ClearScript.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Layout.Toolkit.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\zxcvbn.net.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.Toolkit.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Core.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.Common.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: d3d9.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.XmlSerializers.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	DLL: WindowsCodecs.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\BarcodeLib.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	DLL: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.64.dll			Jump to behavior

Source: unknown

HTTPS traffic detected: 205.234.175.175:443 -> 192.168.2.3:49753 version: TLS 1.2

Source: RE_iRecord_Installer.msi

Static PE information: certificate valid

Source:	Binary string: C:\dd\WPF_1\src\wpf\src\ControlsPack\WPFToolkit\obj\Release\WPFToolkit.pdb source: iRecord_WPF.exe, 00000011.00000002.538081309.0000000009B72000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\Projects\!OPEN_SOURCE\clearscript\ClearScript\obj\Release\ClearScript.pdb source: ClearScript.dll.1.dr
Source:	Binary string: D:\jenkins\workspace\Real-Estate\NugetPackages\iRecord\BusinessObjects\obj\Release\iRecordBO.pdb source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: f:\dd\ndp\fx\src\Reporting\src\ViewerControls\Common\obj2r\i386\Microsoft.ReportViewer.Common.pdb source: Microsoft.ReportViewer.Common.dll.1.dr
Source:	Binary string: D:\jenkins\workspace\Real-Estate\NugetPackages\iRecord\BusinessObjects\obj\Release\iRecordBO.pdb4 source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\jenkins\workspace\Real-Estate\iRecord\InstallableApp\PROD_Build\iRecord_WPF\obj\Release\iRecord_WPF.pdb source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000000.363708375.0000000000F17000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\jenkins\workspace\Real-Estate\NugetPackages\iRecord\iRecord.Common\obj\Release\iRecord.Common.pdb source: iRecord.Common.dll.1.dr
Source:	Binary string: D:\Programming\dotNet\_Standard Components\ScintillaNET-FindReplaceDialog\ScintillaNet FindReplaceDialog\obj\Release\ScintillaNET FindReplaceDialog.pdb source: ScintillaNET FindReplaceDialog.dll.1.dr
Source:	Binary string: C:\Dev\ExtendedWPFToolkit\Release\2.6.0\OpenSource\Generated\Src\Xceed.Wpf.DataGrid\obj\Release\Xceed.Wpf.DataGrid.pdb source: Xceed.Wpf.DataGrid.dll.1.dr
Source:	Binary string: D:\jenkins\workspace\Real-Estate\iRecord\InstallableApp\PROD_Build\iRecord_WPF\obj\Release\iRecord_WPF.pdbT source: iRecord_WPF.exe, 00000011.00000000.363708375.0000000000F17000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\Programming\dotNet\_Standard Components\ScintillaNET-FindReplaceDialog\ScintillaNet FindReplaceDialog\obj\Release\ScintillaNET FindReplaceDialog.pdbp[ source: ScintillaNET FindReplaceDialog.dll.1.dr

Spreading

Source: C:\Windows\System32\msiexec.exe	File opened: z:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Local\Programs\CSC\iRecord			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Local\Programs			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Local\Programs\CSC			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Local			Jump to behavior

Networking

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Joe Sandbox View	IP Address: 205.234.175.175 205.234.175.175
Source: Joe Sandbox View	IP Address: 205.234.175.175 205.234.175.175

Source: global traffic

HTTP traffic detected: GET /cdn/gateway/csc/csc-logo-erecording.png HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ocp.cscglobal.comConnection: Keep-Alive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443

Source: iRecord_WPF.exe, 00000011.00000002.535818042.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, iRecord_WPF.exe.config.1.dr	String found in binary or memory: http://10.98.134.15/isubmitservice/isubmit.asmx
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: http://172.17.3.125/DocConverter/DocConverter.svc
Source: iRecord_WPF.exe, 00000011.00000002.537405210.0000000006A38000.00000004.00000800.00020000.00000000.sdmp, iRecord_WPF.exe, 00000011.00000003.432983954.0000000006A36000.00000004.00000800.00020000.00000000.sdmp, iRecord_WPF.exe, 00000011.00000003.507788834.0000000006A37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: iRecord_WPF.exe, 00000011.00000002.536355561.000000000335D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/iRecord_WPF;component/usercontrols/usercontrol_password.xaml
Source: iRecord_WPF.exe, 00000011.00000002.536355561.000000000335D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/usercontrols/usercontrol_password.baml
Source: iRecord_WPF.exe, 00000011.00000002.536355561.000000000335D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/usercontrols/usercontrol_password.xaml
Source: iRecord_WPF.exe, 00000011.00000000.362624464.00000000008EF000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://icongal.com/
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/-
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/BusinessObjectTransactionT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/DeleteSessionT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/GetLatestVersionT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/GetPasswordExpirationUsersT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/GetUserFromSessionT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/ImpersonateUserT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/IsPasswordExpiredT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/IsUserUniqueT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/LoginT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/LoginWithDuoT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/PushStatusT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/Q
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/SendEmailAboutUpdatedEmailT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/SendEmailT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/SendForgotPasswordEmailT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/SendOnboardingEmailT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/SendTrusteeServicesNotificationEmailT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/T
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/UnimpersonateUserT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/UpdateAttachmentImagesT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/UpdateExpiredPassT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/UpdatePasswordT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/ValidateResetGuidT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/ValidateSessionGuidT
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://irecord.ingeo.com/Y
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: http://localhost:55872/ConfigurationService/ConfigurationWebService.svc
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: http://localhost:55872/DataService/iRecordDataService.asmx
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: http://localhost:55872/SignatureService/SignatureService.svc
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord_WPF.exe.config.1.dr	String found in binary or memory: http://localhost:55872/iSubmitService/iSubmit.asmx
Source: iRecord.Common.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/iRecord.Common.DTOs
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/iRecord.Common.DTOsI
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/iRecord_Server
Source: iRecord.Common.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/iRecord_Server.ConfigurationServicec
Source: iRecord_WPF.exe, 00000011.00000000.362624464.00000000008EF000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://schemas.xceed.com/wpf/xaml/avalondock
Source: Xceed.Wpf.DataGrid.dll.1.dr	String found in binary or memory: http://schemas.xceed.com/wpf/xaml/datagrid
Source: iRecord_WPF.exe, 00000011.00000000.362624464.00000000008EF000.00000002.00000001.01000000.00000005.sdmp, iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://schemas.xceed.com/wpf/xaml/toolkit
Source: iRecord_WPF.exe, 00000011.00000002.535818042.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/CopyOrganizationConfigurationsEnvToEnvResponse
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/CopyOrganizationConfigurationsEnvToEnvT
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/GetConnectorTransactionXmlByCountyGuidAndErIDResponse
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/GetConnectorTransactionXmlByCountyGuidAndErIDT
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/GetDemoXmlResponse
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/GetDemoXmlT
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/GetNextTransactionIDResponse
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/GetNextTransactionIDT
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/IConfigurationWebService/GetNextePrepareIDResponse
Source: iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/GetNextePrepareIDResponse#
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/GetNextePrepareIDT
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/InsertOrUpdateDemoXmlResponse
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/InsertOrUpdateDemoXmlT
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/IConfigurationWebService/IsValidFileTypeResponse
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/IConfigurationWebService/IsValidFileTypeT
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/MigrateOrganizationConfigurationsResponse
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://tempuri.org/IConfigurationWebService/MigrateOrganizationConfigurationsT
Source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.countyaccess.com/ROD_WebServices/ROD.WebService.ProcessInstrument/Service.asmx
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.countyaccess.com/ROD_WebServices/ROD.WebService.SynchData/Service.asmx
Source: iRecord_WPF.exe, 00000011.00000002.537791869.0000000008DF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: GdPicture.NET.12.image.gdimgplug.dll.1.dr	String found in binary or memory: http://www.gemedicalsystems.com/it_solutions/bamwallthickness/1.0
Source: GdPicture.NET.12.image.gdimgplug.dll.1.dr	String found in binary or memory: http://www.gemedicalsystems.com/it_solutions/orthoview/2.1
Source: GdPicture.NET.12.image.gdimgplug.dll.1.dr	String found in binary or memory: http://www.gemedicalsystems.com/it_solutions/rad_pacs/
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.ingeo.com/#
Source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://www.ingeo.com/)
Source: iRecord_WPF.exe	String found in binary or memory: http://www.ingeo.com/2001/v2/documents
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://www.ingeo.com/AvailableCommands
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.ingeo.com/AvailableCommandsT
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://www.ingeo.com/Command
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.ingeo.com/CommandT
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://www.ingeo.com/SendEmail
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://www.ingeo.com/T
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp, iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: http://www.ingeo.com/TU
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.ingeo.com/c
Source: iRecord_WPF.exe	String found in binary or memory: http://www.w3.o
Source: iRecord_WPF.exe	String found in binary or memory: https://apps.erecording.com/Portal
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://apps.erecording.com/Portal#Reports/Main.xaml
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord-dev.erecording.com/irecord_service/ConfigurationService/ConfigurationWebService.svc
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord-dev.erecording.com/irecord_service/DataService/iRecordDataService.asmx
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord-dev.erecording.com/irecord_service/SignatureService/SignatureService.svc
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord-uat.erecording.com/irecord_service/ConfigurationService/ConfigurationWebService.svc
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord-uat.erecording.com/irecord_service/DataService/iRecordDataService.asmx
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord-uat.erecording.com/irecord_service/SignatureService/SignatureService.svc
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord.ingeo.com/irecord_service/ConfigurationService/ConfigurationWebService.svc
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord.ingeo.com/irecord_service/DataService/iRecordDataService.asmx
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord.ingeo.com/irecord_service/SignatureService/SignatureService.svc
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord.ingeo.com/irecord_service/iSubmitService/iSubmit.asmx
Source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp, iRecord.Common.dll.1.dr	String found in binary or memory: https://irecord.ingeo.com/irecord_service/isubmitservice/isubmit.asmx
Source: iRecord.Common.dll.1.dr	String found in binary or memory: https://irecord.ingeo.com/irecord_service/isubmitservice/isubmit.asmxYE-a
Source: iRecord_WPF.exe, 00000011.00000002.535818042.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecord.ingeo.com/landing/assets/downloads
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecordbeta.ingeo.com/irecord_service/ConfigurationService/ConfigurationWebService.svc
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecordbeta.ingeo.com/irecord_service/DataService/iRecordDataService.asmx
Source: iRecord_WPF.exe.config.1.dr	String found in binary or memory: https://irecordbeta.ingeo.com/irecord_service/SignatureService/SignatureService.svc
Source: iRecord_WPF.exe, 00000011.00000002.535818042.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ocp.cscglobal.com
Source: iRecord_WPF.exe, 00000011.00000002.537328306.00000000069F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ocp.cscglobal.com/
Source: iRecord_WPF.exe, 00000011.00000000.362624464.00000000008EF000.00000002.00000001.01000000.00000005.sdmp, iRecord_WPF.exe, 00000011.00000002.533771376.0000000001686000.00000004.00000020.00020000.00000000.sdmp, iRecord_WPF.exe, 00000011.00000002.536504245.00000000034AC000.00000004.00000800.00020000.00000000.sdmp, iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://ocp.cscglobal.com/cdn/gateway/csc/csc-logo-erecording.png
Source: iRecord_WPF.exe, 00000011.00000002.535818042.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ocp.cscglobal.com/cdn/gateway/csc/csc-logo-erecording.pngXUa
Source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://ocp.cscglobal.com/cdn/gateway/csc/csc-white-logo.png
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://ocp.cscglobal.com/cdn/gateway/csc/ere-solutions-375.png
Source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://ocp.cscglobal.com/cdn/gateway/csc/favicon.ico
Source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://ocp.cscglobal.com/cdn/gateway/csc/logo-csc-ingeo.png
Source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://www.ic-secure.com/ROD_WebServices/ROD.WebService.ProcessInstrument/Service.asmx
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://www.ic-secure.com/ROD_WebServices/ROD.WebService.ProcessInstrument/Service.asmxT
Source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://www.ic-secure.com/ROD_WebServices/ROD.WebService.SynchData/Service.asmx
Source: iRecord_WPF.exe, 00000011.00000002.531759467.0000000000812000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://www.ic-secure.com/ROD_WebServices/ROD.WebService.SynchData/Service.asmx/

Source: unknown

DNS traffic detected: queries for: ocp.cscglobal.com

Source: global traffic

HTTP traffic detected: GET /cdn/gateway/csc/csc-logo-erecording.png HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ocp.cscglobal.comConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 205.234.175.175:443 -> 192.168.2.3:49753 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: iRecord_WPF.exe, 00000011.00000002.533539719.0000000001600000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\3e4f5c.msi

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\3e4f5a.msi

Jump to behavior

Source: BarcodeLib.dll.1.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll			Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\RE_iRecord_Installer.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 5E1FB7355188E254823CE3315A71CFED C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 5E1FB7355188E254823CE3315A71CFED C			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe			Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Local\Temp\MSI4103.tmp

Jump to behavior

Source: classification engine

Classification label: clean4.winMSI@6/73@2/1

Source: C:\Windows\System32\msiexec.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: RE_iRecord_Installer.msi

Static file information: TRID: Microsoft Windows Installer (77509/1) 90.64%

Source: iRecord_WPF.exe	String found in binary or memory: images/add_document.png
Source: iRecord_WPF.exe	String found in binary or memory: images/addpersonblack.png

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Automated click: Next
Source: C:\Windows\System32\msiexec.exe	Automated click: Next
Source: C:\Windows\System32\msiexec.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: RE_iRecord_Installer.msi

Static file information: File size 27500544 > 1048576

Source: RE_iRecord_Installer.msi

Static PE information: certificate valid

Source:	Binary string: C:\dd\WPF_1\src\wpf\src\ControlsPack\WPFToolkit\obj\Release\WPFToolkit.pdb source: iRecord_WPF.exe, 00000011.00000002.538081309.0000000009B72000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\Projects\!OPEN_SOURCE\clearscript\ClearScript\obj\Release\ClearScript.pdb source: ClearScript.dll.1.dr
Source:	Binary string: D:\jenkins\workspace\Real-Estate\NugetPackages\iRecord\BusinessObjects\obj\Release\iRecordBO.pdb source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: f:\dd\ndp\fx\src\Reporting\src\ViewerControls\Common\obj2r\i386\Microsoft.ReportViewer.Common.pdb source: Microsoft.ReportViewer.Common.dll.1.dr
Source:	Binary string: D:\jenkins\workspace\Real-Estate\NugetPackages\iRecord\BusinessObjects\obj\Release\iRecordBO.pdb4 source: iRecord_WPF.exe, 00000011.00000002.536937886.00000000059F2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\jenkins\workspace\Real-Estate\iRecord\InstallableApp\PROD_Build\iRecord_WPF\obj\Release\iRecord_WPF.pdb source: iRecord_WPF.exe, iRecord_WPF.exe, 00000011.00000000.363708375.0000000000F17000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\jenkins\workspace\Real-Estate\NugetPackages\iRecord\iRecord.Common\obj\Release\iRecord.Common.pdb source: iRecord.Common.dll.1.dr
Source:	Binary string: D:\Programming\dotNet\_Standard Components\ScintillaNET-FindReplaceDialog\ScintillaNet FindReplaceDialog\obj\Release\ScintillaNET FindReplaceDialog.pdb source: ScintillaNET FindReplaceDialog.dll.1.dr
Source:	Binary string: C:\Dev\ExtendedWPFToolkit\Release\2.6.0\OpenSource\Generated\Src\Xceed.Wpf.DataGrid\obj\Release\Xceed.Wpf.DataGrid.pdb source: Xceed.Wpf.DataGrid.dll.1.dr
Source:	Binary string: D:\jenkins\workspace\Real-Estate\iRecord\InstallableApp\PROD_Build\iRecord_WPF\obj\Release\iRecord_WPF.pdbT source: iRecord_WPF.exe, 00000011.00000000.363708375.0000000000F17000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\Programming\dotNet\_Standard Components\ScintillaNET-FindReplaceDialog\ScintillaNet FindReplaceDialog\obj\Release\ScintillaNET FindReplaceDialog.pdbp[ source: ScintillaNET FindReplaceDialog.dll.1.dr

Persistence and Installation Behavior

Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\WPFToolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET FindReplaceDialog.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI4103.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.DataGrid.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\jint.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.64.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.XmlSerializers.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Metro.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.VS2010.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Input.Toolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.ProcessingObjectModel.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.Core.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Net.Http.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.64.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ClearScript.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Layout.Toolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Aero.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\zxcvbn.net.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Core.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.Toolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.DataVisualization.Toolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.Common.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.XmlSerializers.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Expression.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Hexasoft.Zxcvbn.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.64.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.V8.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.XmlSerializers.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WinForms.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\BarcodeLib.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.DataVisualization.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WebForms.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.64.dll			Jump to dropped file

Boot Survival

Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CSC			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CSC\CSC iRecord.lnk			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe TID: 6036	Thread sleep time: -1844674407370954s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe TID: 6036	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\WPFToolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET FindReplaceDialog.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.DataGrid.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\jint.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.64.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.XmlSerializers.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.VS2010.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Metro.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Input.Toolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.ProcessingObjectModel.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.Core.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Net.Http.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.64.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Layout.Toolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\ClearScript.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Aero.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\zxcvbn.net.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.Toolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Core.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.DataVisualization.Toolkit.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.Common.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.XmlSerializers.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Expression.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Hexasoft.Zxcvbn.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.64.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.V8.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.XmlSerializers.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WinForms.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\BarcodeLib.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.DataVisualization.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WebForms.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.64.dll			Jump to dropped file

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Local\Programs\CSC\iRecord			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Local\Programs			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Local\Programs\CSC			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Local			Jump to behavior

Source: iRecord_WPF.exe, 00000011.00000002.533621333.000000000163E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
Source: iRecord_WPF.exe	Binary or memory string: UJBptUEGmg4p0G1QTQYTDSDCbURERERERERmBTJIiIiIiIiIiIiIiIiIiIi2IhhCIiIiIioiIiIiIiIiIOIiIiIiIiIiIiIiIiIiIiIiIiKiIiIiIiIiI/pvpa/lcKFbVaX5BmVywF20jsWMJE2BT/lcoBuw1oaoMJsIJthJpqIiE2GojCbDBKrHVqE3q1O0pHVE3VoiSV6YKdjs7Agp2CBQUhGFSau7hluGGTHDd8KGonlkqWdwqBuEDfuk19f29t/V
Source: iRecord_WPF.exe	Binary or memory string: TJIiIiIiIiIiIiIiIiIiIi2IhhCIiIiIioiIiIiIiIiIOIiIiIiIiIiIiIiIiIiIiIiIiKiIiIiIiIiI/pvpa/lcKFbVaX5BmVywF20jsWMJE2BT/lcoBuw1oaoMJsIJthJpqIiE2GojCbDBKrHVqE3q1O0pHVE3VoiSV6YKdjs7Agp2CBQUhGFSau7hluGGTHDd8KGonlkqWdwqBuEDfuk19f29t/Vo7n1/X//RBMT9df/v+CBppZ2KmXIwzGgeXZ8j

Anti Debugging

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe

Memory allocated: page read and write | page guard

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\CSC\iRecord\WPFToolkit.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPFE457.tmp VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior