Windows Analysis Report
JabraDirectSetup.exe

Overview

General Information

Sample Name: JabraDirectSetup.exe
Analysis ID: 708232
MD5: df71bfab12e144a002d85d07c0fa0fd8
SHA1: 700b1257e4bdc35bb9d53388e1c4220773827621
SHA256: 98ececd8b2573b79e79b97ebf1034afeac5107e50869422066b438138ae18d14
Infos:

Detection

Score: 8
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Compliance

Score: 50
Range: 0 - 100

Signatures

Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Deletes files inside the Windows folder
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Uses the system / local time for branch decision (may execute only at specific dates)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Enables debug privileges
Is looking for software installed on the system
Drops files with a non-matching file extension (content does not match file extension)
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Uses taskkill to terminate processes
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Checks for available system drives (often done to infect USB drives)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01239F8F DecryptFileW, 0_2_01239F8F
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AE9F8F DecryptFileW, 1_2_00AE9F8F
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B0F340 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, 1_2_00B0F340
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AE9D74 DecryptFileW,DecryptFileW, 1_2_00AE9D74

Compliance
barindex
Uses 32bit PE files
Source: JabraDirectSetup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe File created: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.ba\license.rtf Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe File created: C:\Users\user\AppData\Local\Temp\{332EE04F-741A-4188-8924-1DBA26FBF992}\.ba\license.rtf Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: C:\Windows\SysWOW64\msvcr100.dll Jump to behavior
Source: JabraDirectSetup.exe Static PE information: certificate valid
Source: JabraDirectSetup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaterFactory\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.Factories.pdb source: GNAudio.DeviceApis.FirmwareUpdate.Factories.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\MX_UVC\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.MxUvc.pdbSHA256 source: GNAudio.DeviceApis.FirmwareUpdate.MxUvc.dll.8.dr
Source: Binary string: D:\a\1\s\Source\GnProtocolOverUsbHid\obj\Release\net472\GNAudio.DeviceApis.GnProtocol.UsbHid.pdbSHA256 source: GNAudio.DeviceApis.GnProtocol.UsbHid.dll.8.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\SfxCA.pdb source: MSI3570.tmp.8.dr
Source: Binary string: D:\a\1\s\Source\GnProtocolOverUsbHid\obj\Release\net472\GNAudio.DeviceApis.GnProtocol.UsbHid.pdb source: GNAudio.DeviceApis.GnProtocol.UsbHid.dll.8.dr
Source: Binary string: c:\Development\Open Source\Autofac\src\Source\Autofac\obj\Release\Autofac.pdb source: Autofac.dll0.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR_OTA\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.CsrOta.pdb source: GNAudio.DeviceApis.FirmwareUpdate.CsrOta.dll.8.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: MSI3570.tmp.8.dr
Source: Binary string: D:\a\1\s\Source\Release\SitelHidFwu.pdb source: SitelHidFwu.dll.8.dr
Source: Binary string: C:\B\DKPCSW\Berlin_SoftphonePlugin_CiscoIPCommunicatorIntegration_3.0\Binaries\CustomActions.pdb source: MSI3570.tmp.8.dr
Source: Binary string: D:\a\1\s\Source\Release\BluecorePsKeyApi.pdb source: BluecorePsKeyApi.dll.8.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\wixca.pdb source: MSI3570.tmp.8.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: JabraDirectSetup.exe
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaterFactory\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.Factories.pdbSHA256#;2 source: GNAudio.DeviceApis.FirmwareUpdate.Factories.dll.8.dr
Source: Binary string: D:\a\1\s\Source\CommandLineParser\obj\Release\net472\GNAudio.CommandLineParser.pdb source: GNAudio.CommandLineParser.dll.8.dr
Source: Binary string: D:\a\1\s\Source\CommandLineParser\obj\Release\net472\GNAudio.CommandLineParser.pdbSHA256 source: GNAudio.CommandLineParser.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR_USB_OTA\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.pdbSHA256 source: GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\MX_UVC\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.MxUvc.pdb source: GNAudio.DeviceApis.FirmwareUpdate.MxUvc.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR_OTA\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.CsrOta.pdbSHA256W source: GNAudio.DeviceApis.FirmwareUpdate.CsrOta.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.Csr.pdbSHA256 source: GNAudio.DeviceApis.FirmwareUpdate.Csr.dll.8.dr
Source: Binary string: D:\a\1\s\Source\Release\SitelHidFwu.pdbEE!GCTL source: SitelHidFwu.dll.8.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: System.Buffers.dll.8.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: System.Numerics.Vectors.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.Csr.pdb source: GNAudio.DeviceApis.FirmwareUpdate.Csr.dll.8.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: System.Threading.Tasks.Extensions.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR_USB_OTA\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.pdb source: GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.dll.8.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: JabraDirectSetup.exe, 00000001.00000002.592449598.000000006D54F000.00000002.00000001.01000000.00000007.sdmp, JabraDirectSetup.exe, 00000007.00000002.595352589.00000000705AF000.00000002.00000001.01000000.0000000D.sdmp
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01223D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 0_2_01223D4E
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01263C72 FindFirstFileW,FindClose, 0_2_01263C72
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AE9A1D FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 1_2_00AE9A1D
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B13C72 FindFirstFileW,FindClose, 1_2_00B13C72
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AD3D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 1_2_00AD3D4E
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B07437 FindFirstFileExW, 1_2_00B07437
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D53689C FindFirstFileW,FindClose, 1_2_6D53689C
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D5471C2 FindFirstFileExA, 1_2_6D5471C2
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64 Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL Jump to behavior
Source: JabraDirectSetup.exe String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: JabraDirectSetup.exe String found in binary or memory: http://appsyndication.org/2006/appsynapplicationc:
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://audio.v2.soap.uc.cisco.com/types
Source: Autofac.dll0.8.dr String found in binary or memory: http://autofac.org
Source: Autofac.dll0.8.dr String found in binary or memory: http://autofac.org8
Source: JabraDirectSetup.exe, MSI3570.tmp.8.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: JabraDirectSetup.exe, MSI3570.tmp.8.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: MSI3570.tmp.8.dr String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com(
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onAudioSnapshot
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onCapabilitiesUpdatedT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onCurrentInputVolumeUpdated
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onCurrentOutputVolumeUpdated_
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onDeadConnectionStateUpdated
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onDefaultInputVolumeUpdated_
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onDefaultOutputVolumeUpdatedX
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onDevicePluggedInT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onDeviceUnpluggedW
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onError
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onInputDeviceRemovedX
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onInputDeviceUpdatedX
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onMuteStateUpdatedX
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onOutputDeviceRemoved_
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onOutputDeviceUpdatedX
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onRingerDeviceUpdatedU
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.com/onRingerVolumeUpdatedW
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.comm
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.comn
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.comp
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.comq
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.comw
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.audio.v2.soap.uc.cisco.comx
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.config.v2.soap.uc.cisco.com/onCapabilitiesUpdated
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.config.v2.soap.uc.cisco.com/onConfigDataCreatedW
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.config.v2.soap.uc.cisco.com/onConfigDataDeletedW
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.config.v2.soap.uc.cisco.com/onConfigDataUpdatedT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.config.v2.soap.uc.cisco.com/onConfigSnapshotK
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.config.v2.soap.uc.cisco.com/onErrorY
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.config.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.config.v2.soap.uc.cisco.comm
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.config.v2.soap.uc.cisco.comp
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onCapabilitiesUpdatedk
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onConversationCapabilitiesUpdatede
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onConversationConfigUpdated
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onConversationEnded
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onConversationSnapshot
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onConversationStarted
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onError
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onParticipantAdded
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onParticipantChanged
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onParticipantMediaDataUpdatedQ
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onParticipantRemovedg
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com/onRemoteMediaOffered_
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.comu
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.comv
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.comw
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.comx
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.comy
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.conversation.v2.soap.uc.cisco.com~
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.com/onCapabilitiesUpdatedV
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.com/onDeviceAdded
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.com/onDeviceRemovedY
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.com/onDeviceSelectedS
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.com/onDeviceSnapshotS
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.com/onDeviceUpdatedT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.com/onErrorT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.com/onPhoneModeUpdatedQ
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.comj
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.coml
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.comm
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.device.v2.soap.uc.cisco.como
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onCallParkedX
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onCapabilitiesUpdated
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onDefaultLineUpdatedX
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onDoNotDisturbUpdatedO
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onErrorU
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onLineStateRemovedW
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onLineStateUpdatedR
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onPhoneParticipantUpdatedU
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onPhoneResetJ
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.com/onPhoneSnapshotO
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.comh
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.comk
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.comn
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.comp
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.comq
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.comu
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.phone.v2.soap.uc.cisco.comy
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.com
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.com/onCapabilitiesUpdatedX
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.com/onCustomPresenceStatesUpdated
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.com/onDerivedPresenceUpdatedZ
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.com/onError
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.com/onPresenceSnapshotc
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.com/onPrivacyListUpdated
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.com/onSubscriptionRequest
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.comq
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.coms
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.comt
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.presence.v2.soap.uc.cisco.comw
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.com/heartbeatT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.com/onCapabilitiesUpdatedM
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.com/onError
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.com/onServerHealthUpdated
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.com/onStartedT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.com/onSystemSnapshotY
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.com9
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.comf
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.comm
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.comn
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://client.system.v2.soap.uc.cisco.comr
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://config.v2.soap.uc.cisco.com/types
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://conversation.v2.soap.uc.cisco.com/types
Source: JabraDirectSetup.exe, MSI3570.tmp.8.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: MSI3570.tmp.8.dr String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: MSI3570.tmp.8.dr String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: JabraDirectSetup.exe, MSI3570.tmp.8.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: JabraDirectSetup.exe, MSI3570.tmp.8.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MSI3570.tmp.8.dr String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: JabraDirectSetup.exe, MSI3570.tmp.8.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://device.v2.soap.uc.cisco.com/types
Source: JabraDirectSetup.exe, MSI3570.tmp.8.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: MSI3570.tmp.8.dr String found in binary or memory: http://ocsp.digicert.com0K
Source: MSI3570.tmp.8.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: JabraDirectSetup.exe, MSI3570.tmp.8.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://phone.v2.soap.uc.cisco.com/types
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://presence.v2.soap.uc.cisco.com/types
Source: JabraDirectSetup.exe String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: JabraDirectSetup.exe String found in binary or memory: http://s2.symcb.com0
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getAudioInputDevice
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getAudioInputDevices
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getAudioOutputDevice
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getAudioOutputDevices
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getAudioStatisticsForConversation
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getAutomaticGainControlParameters
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getCurrentInputVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getCurrentOutputVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getDefaultInputVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getDefaultOutputVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getEchoCancellationParameters
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getNoiseSuppressionParameters
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getRingerDevice
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getRingerVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/getVoiceActivityDetectionParameters
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/mute
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/playAudioFile
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setAudioInputDevice
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setAudioOutputDevice
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setAutomaticGainControlParameters
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setCurrentInputVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setCurrentOutputVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setDefaultInputVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setDefaultOutputVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setEchoCancellationParameters
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setInputLowFreqRolloff
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setLowBandwidthMode
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setNoiseSuppressionParameters
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setOutputLowFreqRolloff
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setRingerDevice
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setRingerVolume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/setVoiceActivityDetectionParameters
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/subscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/unmute
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.com/unsubscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.audio.v2.soap.uc.cisco.comTU
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.config.v2.soap.uc.cisco.com/createConfigData
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.config.v2.soap.uc.cisco.com/deleteConfigData
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.config.v2.soap.uc.cisco.com/subscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.config.v2.soap.uc.cisco.com/unsubscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.config.v2.soap.uc.cisco.com/updateConfigData
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.config.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.config.v2.soap.uc.cisco.comTU
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/acceptIncomingConversation
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/addMediaToConversation
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/addParticipant
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/endConversation
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/merge
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/mute
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/rejectIncomingConversation
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/removeMediaFromConversation
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/removeParticipants
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/startConversation
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/subscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/unmute
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/unsubscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.com/updateConversationConfig
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.conversation.v2.soap.uc.cisco.comTU
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v1.soap.uc.cisco.com/setDefaultLine
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/disableDeviceSelectionEvents
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/enableDeviceSelectionEvents
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/initialize
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/selectDevice
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/selectDeviceAndLine
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/setDeviceAlias
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/setLineAlias
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/setPhoneMode
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/subscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.com/unsubscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.comF
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.device.v2.soap.uc.cisco.comTU
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/attendedTransferToContact
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/attendedTransferToNumber
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/callForwardToContact
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/callForwardToNumber
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/callForwardToVoiceMail
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/callPark
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/cancelAttendedTransfer
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/completeAttendedTransfer
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/deleteCtlFile
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/disableCallForward
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/disableMobility
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/enableMobility
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/enrollCertificate
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/getCallStatistics
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/getVoicemailPilotNumber
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/hold
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/iDivert
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/initialize
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/resume
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/sendDtmfTone
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/sendToMobile
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/setDoNotDisturb
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/subscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/unattendedTransferToContact
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/unattendedTransferToNumber
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.com/unsubscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.comE
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.comH
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.comL
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.phone.v2.soap.uc.cisco.comTU
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.com
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.com/clearToDerivedPresenceT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.com/createCustomPresenceStateT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.com/initializeT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.com/respondToSubscriptionRequestT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.com/setPresenceT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.com/setPrivacyListT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.com/subscribeT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.com/unsubscribeT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.comk
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.comq
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.presence.v2.soap.uc.cisco.coms
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/getCredentials
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/getLogLevel
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/getProductInformation
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/getProfileName
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/getServerAddressTypes
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/getServicesInformation
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/heartbeat
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/refreshClient
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/registerClient
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/setCredentials
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/setLogLevel
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/setServerAddressTypes
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/subscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/unregisterClient
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.com/unsubscribe
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.comT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://service.system.v2.soap.uc.cisco.comTU
Source: JabraDirectSetup.exe String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: JabraDirectSetup.exe String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: JabraDirectSetup.exe String found in binary or memory: http://sv.symcd.com0&
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://system.v2.soap.uc.cisco.com/types
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://v2.soap.uc.cisco.com/Base
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://v2.soap.uc.cisco.com/BaseT
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://v2.soap.uc.cisco.com/BaseV
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://v2.soap.uc.cisco.com/Basea
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://v2.soap.uc.cisco.com/Based
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://v2.soap.uc.cisco.com/Baseg
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://v2.soap.uc.cisco.com/Basek
Source: CiscoUCIntegration_Part.dll.8.dr String found in binary or memory: http://v2.soap.uc.cisco.com/Basep
Source: MSI3570.tmp.8.dr String found in binary or memory: http://wixtoolset.org
Source: JabraDirectSetup.exe, 00000007.00000002.592749628.0000000003A90000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000007.00000002.591430030.0000000003520000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: JabraDirectSetup.exe, 00000001.00000002.590709679.0000000003190000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010(
Source: JabraDirectSetup.exe, 00000007.00000002.592749628.0000000003A90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010d=am
Source: JabraDirectSetup.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: JabraDirectSetup.exe String found in binary or memory: http://www.jabra.com0
Source: JabraDirectSetup.exe, 00000001.00000002.577714200.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org/licenses/cpl1.0.txt
Source: JabraDirectSetup.exe String found in binary or memory: http://www.symauth.com/cps0(
Source: JabraDirectSetup.exe String found in binary or memory: http://www.symauth.com/rpa00
Source: icudtl.dat.8.dr String found in binary or memory: http://www.unicode.org/copyright.html
Source: JabraDirectSetup.exe, 00000011.00000002.579373059.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000003.470019154.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000003.470110504.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000003.470248628.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000003.470520659.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000003.470851239.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000003.470481499.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://backend-xpress.jabra.com/a86)=C:
Source: JabraDirectSetup.exe, 00000000.00000003.310166973.000000000087E000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000000.00000002.578347505.000000000087E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://backend-xpress.jabra.com/api/
Source: JabraDirectSetup.exe, 00000005.00000003.360748648.0000000000872000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000003.360935166.0000000000872000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://backend-xpress.jabra.com/api/Xpress/N
Source: JabraDirectSetup.exe, 00000011.00000003.442601693.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, MSI3570.tmp.8.dr String found in binary or memory: https://backend-xpress.jabra.com/api/Xpress/Network/d880dc5e-a8c1-4b85-b451-87580bdae16f
Source: JabraDirectSetup.exe, 00000005.00000003.358928931.000000000089B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://backend-xpress.jabra.com/api/Xpress/Network/d880dc5e-a8c1-4b85-b451-87580bdae16fDb
Source: JabraDirectSetup.exe, 00000000.00000002.581565705.0000000002CB0000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000001.00000002.590709679.0000000003190000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000002.00000002.581734533.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000006.00000002.580218071.0000000003750000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000007.00000002.592749628.0000000003A90000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000002.590934046.00000000033A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://backend-xpress.jabra.com/api/Xpress/Network/d880dc5e-a8c1-4b85-b451-87580bdae16fd=am
Source: et.pak.8.dr, zh-TW.pak.8.dr String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/entry?template=Safety
Source: JabraDirectSetup.exe String found in binary or memory: https://d.symcb.com/cps0%
Source: JabraDirectSetup.exe String found in binary or memory: https://d.symcb.com/rpa0
Source: System.Numerics.Vectors.dll.8.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: System.Numerics.Vectors.dll.8.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: System.Threading.Tasks.Extensions.dll.8.dr, System.Buffers.dll.8.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: System.Threading.Tasks.Extensions.dll.8.dr, System.Buffers.dll.8.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: ar.pak.8.dr, en-US.pak.8.dr, id.pak.8.dr, bg.pak.8.dr, ko.pak.8.dr, ru.pak.8.dr, fa.pak.8.dr, et.pak.8.dr, zh-TW.pak.8.dr String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: JabraDirectSetup.exe, MSI3570.tmp.8.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: JabraDirectSetup.exe, 00000002.00000002.580259743.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000003.360875933.000000000089C000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000003.360748648.0000000000872000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000003.360935166.0000000000872000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000003.360771640.000000000089C000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000002.361457273.0000000000858000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000003.360482891.0000000002920000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000003.358928931.000000000089B000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000003.360706416.000000000089C000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000005.00000003.360148579.0000000002C9A000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000006.00000002.579977537.0000000003570000.00000004.00000020.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000002.589444911.0000000002E30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.jabra.com
Source: JabraDirectSetup.exe, 00000011.00000002.589444911.0000000002E30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.jabra.com/direct
Source: JabraDirectSetup.exe, 00000000.00000002.581565705.0000000002CB0000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000001.00000002.590709679.0000000003190000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000002.00000002.581734533.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000006.00000002.580218071.0000000003750000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000007.00000002.592749628.0000000003A90000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000002.590934046.00000000033A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.jabra.com/directd=am
Source: JabraDirectSetup.exe, 00000000.00000002.581565705.0000000002CB0000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000001.00000002.590709679.0000000003190000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000002.00000002.581734533.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000006.00000002.580218071.0000000003750000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000007.00000002.592749628.0000000003A90000.00000004.00000800.00020000.00000000.sdmp, JabraDirectSetup.exe, 00000011.00000002.590934046.00000000033A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.jabra.comd=am
Uses 32bit PE files
Source: JabraDirectSetup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI1D05.tmp Jump to behavior
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\3cf364.msi Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_0124C01F 0_2_0124C01F
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_0124F8C3 0_2_0124F8C3
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_0125A28E 0_2_0125A28E
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01259DE0 0_2_01259DE0
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01252413 0_2_01252413
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_0125E73C 0_2_0125E73C
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01252642 0_2_01252642
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AFC01F 1_2_00AFC01F
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B001A6 1_2_00B001A6
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B0A28E 1_2_00B0A28E
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AD62CC 1_2_00AD62CC
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B02413 1_2_00B02413
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B00461 1_2_00B00461
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B02642 1_2_00B02642
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B0E73C 1_2_00B0E73C
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AFF8C3 1_2_00AFF8C3
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AFFC35 1_2_00AFFC35
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B09DE0 1_2_00B09DE0
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AFFEDF 1_2_00AFFEDF
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AF3F71 1_2_00AF3F71
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D53243D 1_2_6D53243D
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D5425B1 1_2_6D5425B1
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D548F2E 1_2_6D548F2E
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D54DB18 1_2_6D54DB18
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D542382 1_2_6D542382
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D548A80 1_2_6D548A80
Found potential string decryption / allocating functions
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: String function: 6D533872 appears 84 times
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: String function: 00AD38BA appears 501 times
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: String function: 6D53DA89 appears 40 times
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: String function: 00B0FB09 appears 681 times
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: String function: 00B0FFF0 appears 34 times
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: String function: 00B12B5D appears 79 times
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: String function: 00AD2022 appears 54 times
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: String function: 01222022 appears 34 times
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: String function: 01262B5D appears 79 times
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: String function: 0125FB09 appears 396 times
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: String function: 012238BA appears 349 times
PE file contains executable resources (Code or Archives)
Source: System.Numerics.Vectors.dll.8.dr Static PE information: Resource name: RT_VERSION type: Hitachi SH little-endian COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82
Sample file is different than original file name gathered from version info
Source: JabraDirectSetup.exe, 00000001.00000003.357428936.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDIFxApp.dll vs JabraDirectSetup.exe
Source: JabraDirectSetup.exe, 00000001.00000002.592704181.000000006D55D000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: OriginalFilenamewixstdba.dll\ vs JabraDirectSetup.exe
Source: JabraDirectSetup.exe, 00000007.00000002.595459097.00000000705BD000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: OriginalFilenamewixstdba.dll\ vs JabraDirectSetup.exe
Tries to load missing DLLs
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Section loaded: tsappcmp.dll
Source: C:\Users\user\Desktop\JabraDirectSetup.exe File read: C:\Users\user\Desktop\JabraDirectSetup.exe Jump to behavior
Source: JabraDirectSetup.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\JabraDirectSetup.exe "C:\Users\user\Desktop\JabraDirectSetup.exe"
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Process created: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe "C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe" -burn.clean.room="C:\Users\user\Desktop\JabraDirectSetup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=568
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Process created: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe "C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe" -q -burn.elevated BurnPipe.{D9E1E3E0-161A-4566-8CAE-5A87964B54C8} {D37BA658-0E76-49AC-BEF7-9E23554C8C54} 1120
Source: unknown Process created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe "C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Process created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" /burn.log.append "C:\Users\user\AppData\Local\Temp\Jabra_Direct_20220923074951.log
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Process created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" -burn.clean.room="C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" -burn.filehandle.attached=560 -burn.filehandle.self=580 /burn.log.append "C:\Users\user\AppData\Local\Temp\Jabra_Direct_20220923074951.log
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 094F350B1881CEA527676BAF5570DA2D
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\\System32\taskkill.exe" /F /IM jabra-direct.exe
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Process created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe "C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" -q -burn.elevated BurnPipe.{9C247021-F0C8-4FC2-9304-77A36769657D} {3D1A53A5-B618-4AC6-9F29-86FEE8B34C1A} 1240
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Process created: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe "C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe" -burn.clean.room="C:\Users\user\Desktop\JabraDirectSetup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=568 Jump to behavior
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Process created: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe "C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe" -q -burn.elevated BurnPipe.{D9E1E3E0-161A-4566-8CAE-5A87964B54C8} {D37BA658-0E76-49AC-BEF7-9E23554C8C54} 1120 Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Process created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" /burn.log.append "C:\Users\user\AppData\Local\Temp\Jabra_Direct_20220923074951.log Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Process created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" -burn.clean.room="C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" -burn.filehandle.attached=560 -burn.filehandle.self=580 /burn.log.append "C:\Users\user\AppData\Local\Temp\Jabra_Direct_20220923074951.log Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 094F350B1881CEA527676BAF5570DA2D Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\\System32\taskkill.exe" /F /IM jabra-direct.exe Jump to behavior
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01224639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 0_2_01224639
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AD4639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 1_2_00AD4639
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "jabra-direct.exe")
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "jabra-direct.exe")
Source: C:\Users\user\Desktop\JabraDirectSetup.exe File created: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\ Jump to behavior
Source: classification engine Classification label: clean8.evad.winEXE@18/177@0/0
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_012628BD GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess, 0_2_012628BD
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe File read: C:\Windows\win.ini Jump to behavior
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01222078 FormatMessageW,GetLastError,LocalFree, 0_2_01222078
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AF68EE ChangeServiceConfigW,GetLastError, 1_2_00AF68EE
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5984:120:WilError_01
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D53D41A FindResourceExA,GetLastError,LoadResource,GetLastError,SizeofResource,GetLastError,LockResource,GetLastError, 1_2_6D53D41A
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra Jump to behavior
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: cabinet.dll 1_2_00AD1070
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: msi.dll 1_2_00AD1070
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: version.dll 1_2_00AD1070
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: wininet.dll 1_2_00AD1070
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: comres.dll 1_2_00AD1070
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: clbcatq.dll 1_2_00AD1070
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: msasn1.dll 1_2_00AD1070
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: crypt32.dll 1_2_00AD1070
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: feclient.dll 1_2_00AD1070
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Command line argument: cabinet.dll 1_2_00AD1070
Source: JabraDirectSetup.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: JabraDirectSetup.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Automated click: I accept the terms in the
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Automated click: Install
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Automated click: I accept the terms in the
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Automated click: Install
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Window detected: Number of UI elements: 15
Source: C:\Windows\System32\msiexec.exe File opened: C:\Windows\SysWOW64\msvcr100.dll Jump to behavior
Source: JabraDirectSetup.exe Static file information: File size 85228936 > 1048576
Source: JabraDirectSetup.exe Static PE information: certificate valid
Source: JabraDirectSetup.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: JabraDirectSetup.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: JabraDirectSetup.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: JabraDirectSetup.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: JabraDirectSetup.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: JabraDirectSetup.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: JabraDirectSetup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: JabraDirectSetup.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaterFactory\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.Factories.pdb source: GNAudio.DeviceApis.FirmwareUpdate.Factories.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\MX_UVC\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.MxUvc.pdbSHA256 source: GNAudio.DeviceApis.FirmwareUpdate.MxUvc.dll.8.dr
Source: Binary string: D:\a\1\s\Source\GnProtocolOverUsbHid\obj\Release\net472\GNAudio.DeviceApis.GnProtocol.UsbHid.pdbSHA256 source: GNAudio.DeviceApis.GnProtocol.UsbHid.dll.8.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\SfxCA.pdb source: MSI3570.tmp.8.dr
Source: Binary string: D:\a\1\s\Source\GnProtocolOverUsbHid\obj\Release\net472\GNAudio.DeviceApis.GnProtocol.UsbHid.pdb source: GNAudio.DeviceApis.GnProtocol.UsbHid.dll.8.dr
Source: Binary string: c:\Development\Open Source\Autofac\src\Source\Autofac\obj\Release\Autofac.pdb source: Autofac.dll0.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR_OTA\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.CsrOta.pdb source: GNAudio.DeviceApis.FirmwareUpdate.CsrOta.dll.8.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: MSI3570.tmp.8.dr
Source: Binary string: D:\a\1\s\Source\Release\SitelHidFwu.pdb source: SitelHidFwu.dll.8.dr
Source: Binary string: C:\B\DKPCSW\Berlin_SoftphonePlugin_CiscoIPCommunicatorIntegration_3.0\Binaries\CustomActions.pdb source: MSI3570.tmp.8.dr
Source: Binary string: D:\a\1\s\Source\Release\BluecorePsKeyApi.pdb source: BluecorePsKeyApi.dll.8.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\wixca.pdb source: MSI3570.tmp.8.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: JabraDirectSetup.exe
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaterFactory\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.Factories.pdbSHA256#;2 source: GNAudio.DeviceApis.FirmwareUpdate.Factories.dll.8.dr
Source: Binary string: D:\a\1\s\Source\CommandLineParser\obj\Release\net472\GNAudio.CommandLineParser.pdb source: GNAudio.CommandLineParser.dll.8.dr
Source: Binary string: D:\a\1\s\Source\CommandLineParser\obj\Release\net472\GNAudio.CommandLineParser.pdbSHA256 source: GNAudio.CommandLineParser.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR_USB_OTA\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.pdbSHA256 source: GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\MX_UVC\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.MxUvc.pdb source: GNAudio.DeviceApis.FirmwareUpdate.MxUvc.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR_OTA\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.CsrOta.pdbSHA256W source: GNAudio.DeviceApis.FirmwareUpdate.CsrOta.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.Csr.pdbSHA256 source: GNAudio.DeviceApis.FirmwareUpdate.Csr.dll.8.dr
Source: Binary string: D:\a\1\s\Source\Release\SitelHidFwu.pdbEE!GCTL source: SitelHidFwu.dll.8.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: System.Buffers.dll.8.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: System.Numerics.Vectors.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.Csr.pdb source: GNAudio.DeviceApis.FirmwareUpdate.Csr.dll.8.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: System.Threading.Tasks.Extensions.dll.8.dr
Source: Binary string: D:\a\1\s\Source\FirmwareUpdaters\CSR_USB_OTA\obj\Release\net472\GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.pdb source: GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.dll.8.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: JabraDirectSetup.exe, 00000001.00000002.592449598.000000006D54F000.00000002.00000001.01000000.00000007.sdmp, JabraDirectSetup.exe, 00000007.00000002.595352589.00000000705AF000.00000002.00000001.01000000.0000000D.sdmp
Source: JabraDirectSetup.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: JabraDirectSetup.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: JabraDirectSetup.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: JabraDirectSetup.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: JabraDirectSetup.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_0124E806 push ecx; ret 0_2_0124E819
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AFE806 push ecx; ret 1_2_00AFE819
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D53F346 push ecx; ret 1_2_6D53F359
PE file contains sections with non-standard names
Source: JabraDirectSetup.exe Static PE information: section name: .wixburn
Source: JabraDirectSetup.exe.0.dr Static PE information: section name: .wixburn
Source: JabraDirectSetup.exe.1.dr Static PE information: section name: .wixburn
Source: JabraDirectSetup.exe.2.dr Static PE information: section name: .wixburn
Source: libGLESv2.dll.8.dr Static PE information: section name: .00cfg
Source: libGLESv2.dll.8.dr Static PE information: section name: .voltbl
Binary contains a suspicious time stamp
Source: GNAudio.DeviceApis.FirmwareUpdate.dll.8.dr Static PE information: 0xC79CF94F [Sat Feb 15 00:50:23 2076 UTC]
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\applicationinsights-native-metrics\build\Release\native_metrics.node Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\panacastapi\build\Release\panacastapi.node Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\@gnaudio\jabra-node-sdk\build\Release\sdkintegration.node Jump to dropped file
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\msvcp80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\SitelHidFwu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\NEC SP 350 Integration\GNDeviceInterface.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\AvayaOneXV3Integration\AvayaOneXV3Integration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.MassStorage.dll Jump to dropped file
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe File created: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\panacastapi\build\Release\panacastapi.node Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\AvayaIPIntegration\AvayaIPIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.GnProtocol.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.Factories.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.CphAdvance.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\BluecorePsKeyApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.DfuEngine.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Memory.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\ZoomIntegration\Autofac.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.ModelBase.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\PanaCastAPIWrapper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\concrt140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\@gnaudio\jabra-node-sdk\build\Release\sdkintegration.node Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\AvayaIPIntegration\AvayaIP_InterfaceApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\JabraCmdlineFwUpdater.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\@gnaudio\jabra-node-sdk\build\Release\libjabra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.GnProtocol.UsbHid.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\CounterpathBriaIntegration\CounterpathBriaIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\CiscoWebExConnectIntegration\CiscoWebExConnectIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.UsbHidDevices.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\vulkan-1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 3cf367.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\BroadSoftIntegration\BroadSoftIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI38BC.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.UsbDeviceInformation.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Buffers.dll Jump to dropped file
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe File created: C:\Users\user\AppData\Local\Temp\DELC182.tmp (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\TestEngine.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.PanaCast.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\ffmpeg.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\libEGL.dll Jump to dropped file
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Jump to dropped file
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe File created: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.ba\wixstdba.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.QualcommHid.dll Jump to dropped file
Source: C:\Users\user\Desktop\JabraDirectSetup.exe File created: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Jump to dropped file
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe File created: C:\Users\user\AppData\Local\Temp\{332EE04F-741A-4188-8924-1DBA26FBF992}\.ba\wixstdba.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\PanaCastAPI.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.FirmwareUpdate.DeviceFirmwareUpdateInfo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\AvayaOneXIntegration\AvayaOneXIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\SitelHidFwuWrapper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\CiscoJabberIntegration\CiscoJabberIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.MxUvc.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\System.ValueTuple.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.Sitel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1D05.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\DfuEngineWrapper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\MxUvcFwuWrapper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Text.Encodings.Web.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FwBuildVectorReader.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\applicationinsights-native-metrics\build\Release\native_metrics.node Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\CiscoIPCommunicatorIntegration\CiscoIPCommunicator_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.Csr.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.DeviceAdapter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\AvayaOneXV3Integration\Autofac.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\CiscoUCIntegration\CiscoUCIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.CommandLineParser.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Threading.Tasks.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\DfuEngine.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\pttransport.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.CsrOta.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\swiftshader\libGLESv2.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\jabra-direct.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.BluecorePsKeyApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\CiscoWebExConnectIntegration\GNDeviceInterface.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\swiftshader\libEGL.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.Conexant.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\vk_swiftshader.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\msvcr80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\Microsoft.Bcl.AsyncInterfaces.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Text.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\MxUvcFwu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\libGLESv2.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.UsbDeviceScanning.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe File created: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe Jump to dropped file
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe File created: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.ba\wixstdba.dll Jump to dropped file
Source: C:\Users\user\Desktop\JabraDirectSetup.exe File created: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1D05.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\concrt140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI38BC.tmp Jump to dropped file
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe File created: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.ba\license.rtf Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe File created: C:\Users\user\AppData\Local\Temp\{332EE04F-741A-4188-8924-1DBA26FBF992}\.ba\license.rtf Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found evasive API chain (date check)
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Evasive API call chain: GetLocalTime,DecisionNodes
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\msvcp80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\SitelHidFwu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\AvayaOneXV3Integration\AvayaOneXV3Integration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\NEC SP 350 Integration\GNDeviceInterface.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.MassStorage.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\panacastapi\build\Release\panacastapi.node Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.GnProtocol.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\AvayaIPIntegration\AvayaIPIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.Factories.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.CphAdvance.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\BluecorePsKeyApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.DfuEngine.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Memory.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\ZoomIntegration\Autofac.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.ModelBase.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\PanaCastAPIWrapper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\@gnaudio\jabra-node-sdk\build\Release\sdkintegration.node Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\AvayaIPIntegration\AvayaIP_InterfaceApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\JabraCmdlineFwUpdater.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\@gnaudio\jabra-node-sdk\build\Release\libjabra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.GnProtocol.UsbHid.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\CounterpathBriaIntegration\CounterpathBriaIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.UsbHidDevices.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\CiscoWebExConnectIntegration\CiscoWebExConnectIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\vulkan-1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 3cf367.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\BroadSoftIntegration\BroadSoftIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.UsbDeviceInformation.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Buffers.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\TestEngine.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.PanaCast.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\ffmpeg.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\libEGL.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.QualcommHid.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\PanaCastAPI.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\AvayaOneXIntegration\AvayaOneXIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.FirmwareUpdate.DeviceFirmwareUpdateInfo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\SitelHidFwuWrapper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.MxUvc.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\CiscoJabberIntegration\CiscoJabberIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\System.ValueTuple.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.Sitel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.CsrUsbOta.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\MxUvcFwuWrapper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\DfuEngineWrapper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Text.Encodings.Web.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FwBuildVectorReader.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\applicationinsights-native-metrics\build\Release\native_metrics.node Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\CiscoIPCommunicatorIntegration\CiscoIPCommunicator_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.Csr.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\AvayaOneXV3Integration\Autofac.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\CiscoUCIntegration\CiscoUCIntegration_Part.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.DeviceAdapter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.CommandLineParser.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Threading.Tasks.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\DfuEngine.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\pttransport.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.CsrOta.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\swiftshader\libGLESv2.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\jabra-direct.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.BluecorePsKeyApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\CiscoWebExConnectIntegration\GNDeviceInterface.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.Conexant.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\swiftshader\libEGL.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\vk_swiftshader.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\Microsoft.Bcl.AsyncInterfaces.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\msvcr80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\System.Text.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\MxUvcFwu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.UsbDeviceScanning.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\libGLESv2.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Jabra\Direct4\FWU\GNAudio.DeviceApis.FirmwareUpdate.dll Jump to dropped file
Uses the system / local time for branch decision (may execute only at specific dates)
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_0125F79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0125F839h 0_2_0125F79E
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_0125F79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0125F832h 0_2_0125F79E
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B0F79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00B0F839h 1_2_00B0F79E
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B0F79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00B0F832h 1_2_00B0F79E
Is looking for software installed on the system
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Registry key enumerated: More than 304 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Registry key enumerated: More than 152 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Found evasive API chain checking for process token information
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B18EF4 VirtualQuery,GetSystemInfo, 1_2_00B18EF4
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01223D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 0_2_01223D4E
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01263C72 FindFirstFileW,FindClose, 0_2_01263C72
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AE9A1D FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 1_2_00AE9A1D
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B13C72 FindFirstFileW,FindClose, 1_2_00B13C72
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AD3D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 1_2_00AD3D4E
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B07437 FindFirstFileExW, 1_2_00B07437
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D53689C FindFirstFileW,FindClose, 1_2_6D53689C
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D5471C2 FindFirstFileExA, 1_2_6D5471C2
Source: C:\Users\user\Desktop\JabraDirectSetup.exe API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64 Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages Jump to behavior
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_012534A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_012534A2
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_012239DF GetProcessHeap,RtlAllocateHeap, 0_2_012239DF
Enables debug privileges
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01254104 mov eax, dword ptr fs:[00000030h] 0_2_01254104
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B04104 mov eax, dword ptr fs:[00000030h] 1_2_00B04104
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D54428A mov eax, dword ptr fs:[00000030h] 1_2_6D54428A
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_0124E0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0124E0A8
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_012534A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_012534A2
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AFE707 SetUnhandledExceptionFilter, 1_2_00AFE707
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AFE0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_00AFE0A8
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B034A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00B034A2
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AFE574 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00AFE574
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D53EC90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_6D53EC90
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D53F17C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_6D53F17C
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_6D54106A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_6D54106A
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Process created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe c:\programdata\package cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\jabradirectsetup.exe" -burn.clean.room="c:\programdata\package cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\jabradirectsetup.exe" -burn.filehandle.attached=560 -burn.filehandle.self=580 /burn.log.append "c:\users\user\appdata\local\temp\jabra_direct_20220923074951.log
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Process created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe c:\programdata\package cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\jabradirectsetup.exe" -burn.clean.room="c:\programdata\package cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\jabradirectsetup.exe" -burn.filehandle.attached=560 -burn.filehandle.self=580 /burn.log.append "c:\users\user\appdata\local\temp\jabra_direct_20220923074951.log Jump to behavior
Uses taskkill to terminate processes
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\\System32\taskkill.exe" /F /IM jabra-direct.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Process created: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe "C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe" -burn.clean.room="C:\Users\user\Desktop\JabraDirectSetup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=568 Jump to behavior
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Process created: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe "C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe" -q -burn.elevated BurnPipe.{D9E1E3E0-161A-4566-8CAE-5A87964B54C8} {D37BA658-0E76-49AC-BEF7-9E23554C8C54} 1120 Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Process created: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" -burn.clean.room="C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe" -burn.filehandle.attached=560 -burn.filehandle.self=580 /burn.log.append "C:\Users\user\AppData\Local\Temp\Jabra_Direct_20220923074951.log Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\\System32\taskkill.exe" /F /IM jabra-direct.exe Jump to behavior
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B10FA6 InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree, 1_2_00B10FA6
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00B132B9 AllocateAndInitializeSid,CheckTokenMembership, 1_2_00B132B9
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Queries volume information: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.ba\Background.png VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Queries volume information: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.ba\Background.png VolumeInformation Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{332EE04F-741A-4188-8924-1DBA26FBF992}\.ba\Background.png VolumeInformation Jump to behavior
Source: C:\ProgramData\Package Cache\{50c3bcea-1203-4bf1-9103-09af1bf52966}\JabraDirectSetup.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{332EE04F-741A-4188-8924-1DBA26FBF992}\.ba\Background.png VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AFE937 cpuid 1_2_00AFE937
Source: C:\Windows\Temp\{240BAF75-3E5B-4E93-8F26-E04B9DE786C2}\.be\JabraDirectSetup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01234E6A ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree, 0_2_01234E6A
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_0125F79E EnterCriticalSection,GetCurrentProcessId,GetCurrentThreadId,GetLocalTime,LeaveCriticalSection, 0_2_0125F79E
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01268039 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime, 0_2_01268039
Source: C:\Users\user\Desktop\JabraDirectSetup.exe Code function: 0_2_01263349 GetVersionExW, 0_2_01263349
Source: C:\Windows\Temp\{E08359EB-BFFA-49B5-8115-528C8789A364}\.cr\JabraDirectSetup.exe Code function: 1_2_00AD6203 GetUserNameW,GetLastError, 1_2_00AD6203
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 708232 Sample: JabraDirectSetup.exe Startdate: 23/09/2022 Architecture: WINDOWS Score: 8 7 msiexec.exe 210 194 2->7         started        10 JabraDirectSetup.exe 3 2->10         started        12 JabraDirectSetup.exe 2->12         started        file3 41 C:\Windows\SysWOW64\concrt140.dll, PE32 7->41 dropped 43 C:\Windows\Installer\MSI38BC.tmp, PE32 7->43 dropped 45 C:\Windows\Installer\MSI1D05.tmp, PE32 7->45 dropped 49 75 other files (none is malicious) 7->49 dropped 14 msiexec.exe 7->14         started        47 C:\Windows\Temp\...\JabraDirectSetup.exe, PE32 10->47 dropped 16 JabraDirectSetup.exe 18 10->16         started        19 JabraDirectSetup.exe 12->19         started        process4 file5 21 taskkill.exe 1 14->21         started        23 svchost.exe 14->23         started        35 C:\Windows\Temp\...\JabraDirectSetup.exe, PE32 16->35 dropped 37 C:\Windows\Temp\...\wixstdba.dll, PE32 16->37 dropped 25 JabraDirectSetup.exe 31 10 16->25         started        28 JabraDirectSetup.exe 12 19->28         started        process6 file7 30 conhost.exe 21->30         started        51 C:\ProgramData\...\JabraDirectSetup.exe, PE32 25->51 dropped 53 C:\Users\user\AppData\Local\...\wixstdba.dll, PE32 28->53 dropped 32 JabraDirectSetup.exe 5 28->32         started        process8 file9 39 C:\Users\user\AppData\...\DELC182.tmp (copy), PE32 32->39 dropped
No contacted IP infos