Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
efaxmessengersetup-5-4-2-1.exe

Overview

General Information

Sample Name:efaxmessengersetup-5-4-2-1.exe
Analysis ID:1316773
MD5:bef9a29984282fb5c7134e44fb07327a
SHA1:4e6ba6482b9de16ae09c83a4043775d135975e9c
SHA256:dd6d2d7ce866c3f4a6179eae55e7fa67ee540a6ac76d3318fb2ba24c5abba421
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:40%

Compliance

Score:19
Range:0 - 100

Signatures

Yara detected Generic Downloader
Drops executables to the windows directory (C:\Windows) and starts them
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Drops PE files to the application program directory (C:\ProgramData)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Creates files inside the system directory
Stores files to the Windows start menu directory
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
EXE planting / hijacking vulnerabilities found
Modifies existing windows services
DLL planting / hijacking vulnerabilities found
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Checks for available system drives (often done to infect USB drives)
Creates or modifies windows services
Creates a process in suspended mode (likely to inject code)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64_ra
  • efaxmessengersetup-5-4-2-1.exe (PID: 4844 cmdline: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe MD5: BEF9A29984282FB5C7134E44FB07327A)
    • vc_redist.x86.exe (PID: 2984 cmdline: "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe" MD5: 1A15E6606BAC9647E7AD3CAA543377CF)
      • vc_redist.x86.exe (PID: 1616 cmdline: "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe" -burn.unelevated BurnPipe.{2760BEA1-1D1E-47F2-9625-8259E2028C2E} {01FFCAC3-379E-43AE-945B-7D1463EF65BD} 2984 MD5: 1A15E6606BAC9647E7AD3CAA543377CF)
    • efaxmessengersetup-5-4-2-1.exe (PID: 2084 cmdline: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe /i "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger 5.4.2.1\install\eFaxMessengerSetup.5.4.2.1.msi" /L*V C:\Windows\Temp\MessengerInstallerPackage.log AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFax Messenger" APPDIR="C:\Program Files (x86)\eFax Messenger" SECONDSEQUENCE="1" CLIENTPROCESSID="4844" AI_MORE_CMD_LINE=1 MD5: BEF9A29984282FB5C7134E44FB07327A)
  • msiexec.exe (PID: 4080 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 2D9F692E71D9985F1C6237F063F6FE76)
    • msiexec.exe (PID: 2828 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 2B31506387DDD11D66298EB03C081485 C MD5: F9A3EEE1C3A4067702BC9A59BC894285)
      • efaxmessengersetup-5-4-2-1.exe (PID: 5532 cmdline: "C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe" /groupsextract:100; /out:"C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites" /callbackid:2828 MD5: BEF9A29984282FB5C7134E44FB07327A)
    • MSI25F5.tmp (PID: 2724 cmdline: "C:\Windows\Installer\MSI25F5.tmp" /EnforcedRunAsAdmin /RunAsAdmin "C:\Program Files (x86)\eFax MessengerPrinterDriver\VPDInstaller.x64.msi" /qn /x MD5: CF1CA35724AD9079EF81CB3F4D733407)
    • msiexec.exe (PID: 1908 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 136F63757D21B78AF66F116E0C3B64B3 MD5: F9A3EEE1C3A4067702BC9A59BC894285)
    • msiexec.exe (PID: 5888 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E265C3B71819EF1A38ADE570A432189C E Global\MSI0000 MD5: F9A3EEE1C3A4067702BC9A59BC894285)
    • MSIBFC9.tmp (PID: 164 cmdline: C:\Windows\Installer\MSIBFC9.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" parseOptions installationType="1" language="English" coverpageToImport="-1" user="-1" password="-1" validateUserAccount="-1" addressBookCSVToImport="-1" regionalSend="-1" disableTrayApp="-1" costRecoveryNoNewEntries="-1" costRecoveryFileToImport="-1" costRecoveryRequireToSend="-1" loginSessionExpiresOnClose="-1" loginSessionExpiryLength="-1" hideFaxReferenceField="-1" noFileAssociations="-1" guiInstall="1" apiBaseUrl="https://api.fax.j2.com/myaccount" sharedAddressBookLocation="-1" enableSharedLocation="0" ssoCustomerId="-1" enableUpdateAutocheck="1" defaultCoverpage="-1 MD5: CF1CA35724AD9079EF81CB3F4D733407)
      • InstallHelper.exe (PID: 3880 cmdline: C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" parseOptions installationType="1" language="English" coverpageToImport="-1" user="-1" password="-1" validateUserAccount="-1" addressBookCSVToImport="-1" regionalSend="-1" disableTrayApp="-1" costRecoveryNoNewEntries="-1" costRecoveryFileToImport="-1" costRecoveryRequireToSend="-1" loginSessionExpiresOnClose="-1" loginSessionExpiryLength="-1" hideFaxReferenceField="-1" noFileAssociations="-1" guiInstall="1" apiBaseUrl="https://api.fax.j2.com/myaccount" sharedAddressBookLocation="-1" enableSharedLocation="0" ssoCustomerId="-1" enableUpdateAutocheck="1" defaultCoverpage="-1 MD5: AC03152C7B4B00DB7A8D67278C579010)
        • conhost.exe (PID: 3132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
    • MSICBB1.tmp (PID: 632 cmdline: "C:\Windows\Installer\MSICBB1.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" configureMessenger MD5: CF1CA35724AD9079EF81CB3F4D733407)
      • InstallHelper.exe (PID: 4832 cmdline: "C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" configureMessenger MD5: AC03152C7B4B00DB7A8D67278C579010)
        • conhost.exe (PID: 6124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
  • SrTasks.exe (PID: 3532 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1 MD5: EAB7745B9C75EB09DAB1CD3EF671D297)
    • conhost.exe (PID: 2208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
  • eFax Messenger.exe (PID: 1468 cmdline: "C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe" MD5: 50FB8341416A6A54E0F0A9BDC449D72E)
    • updater.exe (PID: 2884 cmdline: "C:\Program Files (x86)\eFax Messenger\updater.exe" MD5: 496BE4E6094E41DAFBD321E2C3AA4185)
  • eFax Messenger.exe (PID: 1208 cmdline: "C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe" MD5: 50FB8341416A6A54E0F0A9BDC449D72E)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\eFax Messenger\Library\Messenger.Services.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Program Files (x86)\eFax Messenger\Library\ABCpdf.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeEXE: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: IPHLPAPI.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: USP10.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: VSSAPI.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: srpapi.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: VERSION.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: SPP.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: Cabinet.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: WININET.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: NETUTILS.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: WindowsCodecs.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: VssTrace.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: WKSCLI.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: msi.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: cryptnet.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: msls31.dll

      Compliance

      barindex
      Uses 32bit PE files
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      EXE planting / hijacking vulnerabilities found
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeEXE: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
      DLL planting / hijacking vulnerabilities found
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: IPHLPAPI.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: USP10.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: VSSAPI.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: srpapi.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: VERSION.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: SPP.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: Cabinet.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: WININET.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: NETUTILS.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: WindowsCodecs.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: VssTrace.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: WKSCLI.DLL
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: msi.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: cryptnet.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDLL: msls31.dll
      Found installer window with terms and condition text
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL STUDIO 2015 ADD-ONs VISUAL STUDIO SHELLS and C++ REDISTRIBUTABLE These license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software except to the extent those have different terms.IF YOU COMPLY WITH THESE LICENSE TERMS YOU HAVE THE RIGHTS BELOW.1.INSTALLATION AND USE RIGHTS. a.You may install and use any number of copies of the software.b.Backup copy. You may make one backup copy of the software for reinstalling the software.2.TERMS FOR SPECIFIC COMPONENTS.a.Utilities. The software may contain some items on the Utilities List at <http://go.microsoft.com/fwlink/?LinkID=523763&clcid=0x409>. You may copy and install those items if included with the software on your machines or third party machines to debug and deploy your applications and databases you develop with the software. Please note that Utilities are designed for temporary use that Microsoft may not be able to patch or update Utilities separately from the rest of the software and that some Utilities by their nature may make it possible for others to access machines on which they are installed. As a result you should delete all Utilities you have installed after you finish debugging or deploying your applications and databases. Microsoft is not responsible for any third party use or access of Utilities you install on any machine.b.Microsoft Platforms. The software may include components from Microsoft Windows; Microsoft Windows Server; Microsoft SQL Server; Microsoft Exchange; Microsoft Office; and Microsoft SharePoint. These components are governed by separate agreements and their own product support policies as described in the license terms found in the installation directory for that component or in the Licenses folder accompanying the software.c.Third Party Components. The software may include third party components with separate legal notices or governed by other agreements as may be described in the ThirdPartyNotices file accompanying the software. Even if such components are governed by other agreements the disclaimers and the limitations on and exclusions of damages below also apply. 3.DATA. The software may collect information about you and your use of the software and send that to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may opt-out of many of these scenarios but not all as described in the product documentation. There are also some features in the software that may enable you to collect data from users of your applications. If you use these features to enable data collection in your applications you must comply with applicable law including providing appropriate notices to users of your applications. You can learn more about data collection and use in the help documentatio
      Creates license or readme file
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1028\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1029\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1031\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1036\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1040\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1041\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1042\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1045\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1046\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1049\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1055\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\2052\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\3082\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\license.rtf
      Creates install or setup log file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Windows\Temp\MessengerInstallerPackage.log
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallHelper.exe.log
      PE / OLE file has a valid certificate
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: certificate valid
      Contains modern PE file flags such as dynamic base (ASLR) or NX
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: z:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: x:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: v:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: t:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: r:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: p:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: n:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: l:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: j:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: h:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: f:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: b:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: y:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: w:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: u:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: s:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: q:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: o:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: m:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: k:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: i:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: g:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: e:
      Source: C:\Windows\Installer\MSIBFC9.tmpFile opened: c:
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile opened: a:

      Networking

      barindex
      Yara detected Generic Downloader
      Source: Yara matchFile source: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Services.dll, type: DROPPED
      Source: Yara matchFile source: C:\Program Files (x86)\eFax Messenger\Library\ABCpdf.dll, type: DROPPED
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownDNS traffic detected: queries for: www.efax.com
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\60e6c6.msi
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\60e6c3.msi
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeSection loaded: lpk.dll
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeSection loaded: tsappcmp.dll
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeSection loaded: lpk.dll
      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeSection loaded: tsappcmp.dll
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeSection loaded: lpk.dll
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeSection loaded: tsappcmp.dll
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile read: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: unknownProcess created: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
      Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2B31506387DDD11D66298EB03C081485 C
      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe "C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe" /groupsextract:100; /out:"C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites" /callbackid:2828
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess created: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe"
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeProcess created: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe" -burn.unelevated BurnPipe.{2760BEA1-1D1E-47F2-9625-8259E2028C2E} {01FFCAC3-379E-43AE-945B-7D1463EF65BD} 2984
      Source: unknownProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
      Source: C:\Windows\System32\SrTasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe "C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe" /groupsextract:100; /out:"C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites" /callbackid:2828
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeProcess created: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe" -burn.unelevated BurnPipe.{2760BEA1-1D1E-47F2-9625-8259E2028C2E} {01FFCAC3-379E-43AE-945B-7D1463EF65BD} 2984
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess created: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe /i "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger 5.4.2.1\install\eFaxMessengerSetup.5.4.2.1.msi" /L*V C:\Windows\Temp\MessengerInstallerPackage.log AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFax Messenger" APPDIR="C:\Program Files (x86)\eFax Messenger" SECONDSEQUENCE="1" CLIENTPROCESSID="4844" AI_MORE_CMD_LINE=1
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI25F5.tmp "C:\Windows\Installer\MSI25F5.tmp" /EnforcedRunAsAdmin /RunAsAdmin "C:\Program Files (x86)\eFax MessengerPrinterDriver\VPDInstaller.x64.msi" /qn /x
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 136F63757D21B78AF66F116E0C3B64B3
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E265C3B71819EF1A38ADE570A432189C E Global\MSI0000
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess created: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe"
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess created: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe /i "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger 5.4.2.1\install\eFaxMessengerSetup.5.4.2.1.msi" /L*V C:\Windows\Temp\MessengerInstallerPackage.log AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFax Messenger" APPDIR="C:\Program Files (x86)\eFax Messenger" SECONDSEQUENCE="1" CLIENTPROCESSID="4844" AI_MORE_CMD_LINE=1
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI25F5.tmp "C:\Windows\Installer\MSI25F5.tmp" /EnforcedRunAsAdmin /RunAsAdmin "C:\Program Files (x86)\eFax MessengerPrinterDriver\VPDInstaller.x64.msi" /qn /x
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 136F63757D21B78AF66F116E0C3B64B3
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E265C3B71819EF1A38ADE570A432189C E Global\MSI0000
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIBFC9.tmp C:\Windows\Installer\MSIBFC9.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" parseOptions installationType="1" language="English" coverpageToImport="-1" user="-1" password="-1" validateUserAccount="-1" addressBookCSVToImport="-1" regionalSend="-1" disableTrayApp="-1" costRecoveryNoNewEntries="-1" costRecoveryFileToImport="-1" costRecoveryRequireToSend="-1" loginSessionExpiresOnClose="-1" loginSessionExpiryLength="-1" hideFaxReferenceField="-1" noFileAssociations="-1" guiInstall="1" apiBaseUrl="https://api.fax.j2.com/myaccount" sharedAddressBookLocation="-1" enableSharedLocation="0" ssoCustomerId="-1" enableUpdateAutocheck="1" defaultCoverpage="-1
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess created: C:\Program Files (x86)\eFax Messenger\InstallHelper.exe C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" parseOptions installationType="1" language="English" coverpageToImport="-1" user="-1" password="-1" validateUserAccount="-1" addressBookCSVToImport="-1" regionalSend="-1" disableTrayApp="-1" costRecoveryNoNewEntries="-1" costRecoveryFileToImport="-1" costRecoveryRequireToSend="-1" loginSessionExpiresOnClose="-1" loginSessionExpiryLength="-1" hideFaxReferenceField="-1" noFileAssociations="-1" guiInstall="1" apiBaseUrl="https://api.fax.j2.com/myaccount" sharedAddressBookLocation="-1" enableSharedLocation="0" ssoCustomerId="-1" enableUpdateAutocheck="1" defaultCoverpage="-1
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe "C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe"
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSICBB1.tmp "C:\Windows\Installer\MSICBB1.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" configureMessenger
      Source: C:\Windows\Installer\MSICBB1.tmpProcess created: C:\Program Files (x86)\eFax Messenger\InstallHelper.exe "C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" configureMessenger
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe "C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe"
      Source: C:\Program Files (x86)\eFax Messenger\eFax Messenger.exeProcess created: C:\Program Files (x86)\eFax Messenger\updater.exe "C:\Program Files (x86)\eFax Messenger\updater.exe"
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIBFC9.tmp C:\Windows\Installer\MSIBFC9.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" parseOptions installationType="1" language="English" coverpageToImport="-1" user="-1" password="-1" validateUserAccount="-1" addressBookCSVToImport="-1" regionalSend="-1" disableTrayApp="-1" costRecoveryNoNewEntries="-1" costRecoveryFileToImport="-1" costRecoveryRequireToSend="-1" loginSessionExpiresOnClose="-1" loginSessionExpiryLength="-1" hideFaxReferenceField="-1" noFileAssociations="-1" guiInstall="1" apiBaseUrl="https://api.fax.j2.com/myaccount" sharedAddressBookLocation="-1" enableSharedLocation="0" ssoCustomerId="-1" enableUpdateAutocheck="1" defaultCoverpage="-1
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSICBB1.tmp "C:\Windows\Installer\MSICBB1.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" configureMessenger
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess created: C:\Program Files (x86)\eFax Messenger\InstallHelper.exe C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" parseOptions installationType="1" language="English" coverpageToImport="-1" user="-1" password="-1" validateUserAccount="-1" addressBookCSVToImport="-1" regionalSend="-1" disableTrayApp="-1" costRecoveryNoNewEntries="-1" costRecoveryFileToImport="-1" costRecoveryRequireToSend="-1" loginSessionExpiresOnClose="-1" loginSessionExpiryLength="-1" hideFaxReferenceField="-1" noFileAssociations="-1" guiInstall="1" apiBaseUrl="https://api.fax.j2.com/myaccount" sharedAddressBookLocation="-1" enableSharedLocation="0" ssoCustomerId="-1" enableUpdateAutocheck="1" defaultCoverpage="-1
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Users\user\AppData\Roaming\j2 Global Cloud Services
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Windows\Temp\MessengerInstallerPackage.log
      Source: classification engineClassification label: sus24.troj.evad.winEXE@31/266@1/0
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile read: C:\Users\desktop.ini
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf92dcc11e428fd5adf02632b5d4414f\mscorlib.ni.dll
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger
      Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files (x86)\eFax Messenger\updater.ini
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL STUDIO 2015 ADD-ONs VISUAL STUDIO SHELLS and C++ REDISTRIBUTABLE These license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software except to the extent those have different terms.IF YOU COMPLY WITH THESE LICENSE TERMS YOU HAVE THE RIGHTS BELOW.1.INSTALLATION AND USE RIGHTS. a.You may install and use any number of copies of the software.b.Backup copy. You may make one backup copy of the software for reinstalling the software.2.TERMS FOR SPECIFIC COMPONENTS.a.Utilities. The software may contain some items on the Utilities List at <http://go.microsoft.com/fwlink/?LinkID=523763&clcid=0x409>. You may copy and install those items if included with the software on your machines or third party machines to debug and deploy your applications and databases you develop with the software. Please note that Utilities are designed for temporary use that Microsoft may not be able to patch or update Utilities separately from the rest of the software and that some Utilities by their nature may make it possible for others to access machines on which they are installed. As a result you should delete all Utilities you have installed after you finish debugging or deploying your applications and databases. Microsoft is not responsible for any third party use or access of Utilities you install on any machine.b.Microsoft Platforms. The software may include components from Microsoft Windows; Microsoft Windows Server; Microsoft SQL Server; Microsoft Exchange; Microsoft Office; and Microsoft SharePoint. These components are governed by separate agreements and their own product support policies as described in the license terms found in the installation directory for that component or in the Licenses folder accompanying the software.c.Third Party Components. The software may include third party components with separate legal notices or governed by other agreements as may be described in the ThirdPartyNotices file accompanying the software. Even if such components are governed by other agreements the disclaimers and the limitations on and exclusions of damages below also apply. 3.DATA. The software may collect information about you and your use of the software and send that to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may opt-out of many of these scenarios but not all as described in the product documentation. There are also some features in the software that may enable you to collect data from users of your applications. If you use these features to enable data collection in your applications you must comply with applicable law including providing appropriate notices to users of your applications. You can learn more about data collection and use in the help documentatio
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeWindow detected: Number of UI elements: 19
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
      Source: efaxmessengersetup-5-4-2-1.exeStatic file information: File size 80255048 > 1048576
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: certificate valid
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x267200
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: efaxmessengersetup-5-4-2-1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

      Persistence and Installation Behavior

      barindex
      Drops executables to the windows directory (C:\Windows) and starts them
      Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSIBFC9.tmp
      Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI25F5.tmp
      Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSICBB1.tmp
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe (copy)Jump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\PhoneNumbers.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Auth.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\System.Net.Http.Formatting.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\ABCpdf.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\PrintDriverImport.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\ChakraCore32.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\BouncyCastle.Crypto.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\msvcp140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\ABCpdf11-32.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Models.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\lzmaextractor.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\x64\SQLite.Interop.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Users\user\AppData\Local\Temp\MSI305D.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4262.tmpJump to dropped file
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\wixstdba.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Views.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\MimeKit.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\eFax Messenger.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\System.Windows.Interactivity.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Core.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Hardcodet.Wpf.TaskbarNotification.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\concrt140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Messenger.eFaxWrapper.Console.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\MvvmDialogs.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\PrintHook64.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Messenger.ViewModels.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2DA9.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\ABCpdf11-64.dllJump to dropped file
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe (copy)Jump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Microsoft.Practices.ServiceLocation.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\System.Data.SQLite.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\WpfScreenHelper.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\ARSoft.Tools.Net.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\vccorlib140.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\System.Web.Http.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Messenger.eFaxWrapper.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI402E.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\PrintHook32.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\viewer.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Win32\SQLite.Interop.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\LINQtoCSV.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Users\user\AppData\Local\Temp\pre6511.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\x86\SQLite.Interop.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Users\user\AppData\Local\Temp\shi2A0A.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Bugsnag.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\PauseApp.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Services.dllJump to dropped file
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.be\VC_redist.x86.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\3DGlue11-64.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\vcruntime140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\CoverPageManagement\CoverPageManagement.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Messenger.EFX.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\CoverPageManagement\Newtonsoft.Json.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\J2GSDK44.DLLJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Priority Queue.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\ChakraCore64.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\3DGlue11-32.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Utility.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Gmail.v1.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Extras.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Platform.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\vccorlib140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\vcruntime140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\msvcp140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI402E.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\concrt140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4262.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1028\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1029\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1031\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1036\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1040\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1041\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1042\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1045\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1046\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1049\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1055\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\2052\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\3082\license.rtf
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\license.rtf
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile created: C:\Windows\Temp\MessengerInstallerPackage.log
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallHelper.exe.log
      Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFax Messenger
      Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFax Messenger\eFax Messenger.lnk
      Source: C:\Windows\System32\msiexec.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess information set: NOGPFAULTERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exe TID: 3948Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\PhoneNumbers.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Auth.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\System.Net.Http.Formatting.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\ABCpdf.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\PrintDriverImport.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\ChakraCore32.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\BouncyCastle.Crypto.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\ABCpdf11-32.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Models.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\lzmaextractor.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\x64\SQLite.Interop.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Views.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\MimeKit.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcomp140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\System.Windows.Interactivity.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Core.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Hardcodet.Wpf.TaskbarNotification.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Messenger.eFaxWrapper.Console.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\MvvmDialogs.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\PrintHook64.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Messenger.ViewModels.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2DA9.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\ABCpdf11-64.dllJump to dropped file
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDropped PE file which has not been started: C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe (copy)Jump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Microsoft.Practices.ServiceLocation.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\System.Data.SQLite.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\WpfScreenHelper.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\ARSoft.Tools.Net.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\System.Web.Http.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Messenger.eFaxWrapper.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\PrintHook32.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Win32\SQLite.Interop.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\LINQtoCSV.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\x86\SQLite.Interop.dllJump to dropped file
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi2A0A.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Bugsnag.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\PauseApp.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Services.dllJump to dropped file
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.be\VC_redist.x86.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\3DGlue11-64.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\CoverPageManagement\CoverPageManagement.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Messenger.EFX.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\CoverPageManagement\Newtonsoft.Json.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\J2GSDK44.DLLJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Priority Queue.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\ChakraCore64.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Utility.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\3DGlue11-32.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Gmail.v1.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Extras.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Platform.dllJump to dropped file
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger 5.4.2.1\install FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\Users\user\AppData\Roaming\j2 Global Cloud Services FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger 5.4.2.1\install FullSizeInformation
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeFile Volume queried: C:\Windows FullSizeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeMemory allocated: page read and write | page guard
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeProcess created: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe "c:\users\user\appdata\roaming\j2 global cloud services\efax messenger\prerequisites\visual c++ redistributable for visual studio 2015\vc_redist.x86.exe" -burn.unelevated burnpipe.{2760bea1-1d1e-47f2-9625-8259e2028c2e} {01ffcac3-379e-43ae-945b-7d1463ef65bd} 2984
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeProcess created: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe "c:\users\user\appdata\roaming\j2 global cloud services\efax messenger\prerequisites\visual c++ redistributable for visual studio 2015\vc_redist.x86.exe" -burn.unelevated burnpipe.{2760bea1-1d1e-47f2-9625-8259e2028c2e} {01ffcac3-379e-43ae-945b-7d1463ef65bd} 2984
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess created: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe c:\users\user\desktop\efaxmessengersetup-5-4-2-1.exe /i "c:\users\user\appdata\roaming\j2 global cloud services\efax messenger 5.4.2.1\install\efaxmessengersetup.5.4.2.1.msi" /l*v c:\windows\temp\messengerinstallerpackage.log ai_euimsi=1 shortcutdir="c:\programdata\microsoft\windows\start menu\programs\efax messenger" appdir="c:\program files (x86)\efax messenger" secondsequence="1" clientprocessid="4844" ai_more_cmd_line=1
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess created: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe c:\users\user\desktop\efaxmessengersetup-5-4-2-1.exe /i "c:\users\user\appdata\roaming\j2 global cloud services\efax messenger 5.4.2.1\install\efaxmessengersetup.5.4.2.1.msi" /l*v c:\windows\temp\messengerinstallerpackage.log ai_euimsi=1 shortcutdir="c:\programdata\microsoft\windows\start menu\programs\efax messenger" appdir="c:\program files (x86)\efax messenger" secondsequence="1" clientprocessid="4844" ai_more_cmd_line=1
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIBFC9.tmp c:\windows\installer\msibfc9.tmp" /enforcedrunasadmin /runasadmin /hidewindow "c:\program files (x86)\efax messenger\installhelper.exe" parseoptions installationtype="1" language="english" coverpagetoimport="-1" user="-1" password="-1" validateuseraccount="-1" addressbookcsvtoimport="-1" regionalsend="-1" disabletrayapp="-1" costrecoverynonewentries="-1" costrecoveryfiletoimport="-1" costrecoveryrequiretosend="-1" loginsessionexpiresonclose="-1" loginsessionexpirylength="-1" hidefaxreferencefield="-1" nofileassociations="-1" guiinstall="1" apibaseurl="https://api.fax.j2.com/myaccount" sharedaddressbooklocation="-1" enablesharedlocation="0" ssocustomerid="-1" enableupdateautocheck="1" defaultcoverpage="-1
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess created: C:\Program Files (x86)\eFax Messenger\InstallHelper.exe c:\program files (x86)\efax messenger\installhelper.exe" parseoptions installationtype="1" language="english" coverpagetoimport="-1" user="-1" password="-1" validateuseraccount="-1" addressbookcsvtoimport="-1" regionalsend="-1" disabletrayapp="-1" costrecoverynonewentries="-1" costrecoveryfiletoimport="-1" costrecoveryrequiretosend="-1" loginsessionexpiresonclose="-1" loginsessionexpirylength="-1" hidefaxreferencefield="-1" nofileassociations="-1" guiinstall="1" apibaseurl="https://api.fax.j2.com/myaccount" sharedaddressbooklocation="-1" enablesharedlocation="0" ssocustomerid="-1" enableupdateautocheck="1" defaultcoverpage="-1
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIBFC9.tmp c:\windows\installer\msibfc9.tmp" /enforcedrunasadmin /runasadmin /hidewindow "c:\program files (x86)\efax messenger\installhelper.exe" parseoptions installationtype="1" language="english" coverpagetoimport="-1" user="-1" password="-1" validateuseraccount="-1" addressbookcsvtoimport="-1" regionalsend="-1" disabletrayapp="-1" costrecoverynonewentries="-1" costrecoveryfiletoimport="-1" costrecoveryrequiretosend="-1" loginsessionexpiresonclose="-1" loginsessionexpirylength="-1" hidefaxreferencefield="-1" nofileassociations="-1" guiinstall="1" apibaseurl="https://api.fax.j2.com/myaccount" sharedaddressbooklocation="-1" enablesharedlocation="0" ssocustomerid="-1" enableupdateautocheck="1" defaultcoverpage="-1
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess created: C:\Program Files (x86)\eFax Messenger\InstallHelper.exe c:\program files (x86)\efax messenger\installhelper.exe" parseoptions installationtype="1" language="english" coverpagetoimport="-1" user="-1" password="-1" validateuseraccount="-1" addressbookcsvtoimport="-1" regionalsend="-1" disabletrayapp="-1" costrecoverynonewentries="-1" costrecoveryfiletoimport="-1" costrecoveryrequiretosend="-1" loginsessionexpiresonclose="-1" loginsessionexpirylength="-1" hidefaxreferencefield="-1" nofileassociations="-1" guiinstall="1" apibaseurl="https://api.fax.j2.com/myaccount" sharedaddressbooklocation="-1" enablesharedlocation="0" ssocustomerid="-1" enableupdateautocheck="1" defaultcoverpage="-1
      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe "C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe" /groupsextract:100; /out:"C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites" /callbackid:2828
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeProcess created: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe "C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe"
      Source: C:\Windows\Installer\MSIBFC9.tmpProcess created: C:\Program Files (x86)\eFax Messenger\InstallHelper.exe C:\Program Files (x86)\eFax Messenger\InstallHelper.exe" parseOptions installationType="1" language="English" coverpageToImport="-1" user="-1" password="-1" validateUserAccount="-1" addressBookCSVToImport="-1" regionalSend="-1" disableTrayApp="-1" costRecoveryNoNewEntries="-1" costRecoveryFileToImport="-1" costRecoveryRequireToSend="-1" loginSessionExpiresOnClose="-1" loginSessionExpiryLength="-1" hideFaxReferenceField="-1" noFileAssociations="-1" guiInstall="1" apiBaseUrl="https://api.fax.j2.com/myaccount" sharedAddressBookLocation="-1" enableSharedLocation="0" ssoCustomerId="-1" enableUpdateAutocheck="1" defaultCoverpage="-1
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\dialog_template_image.jpg VolumeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\dialog_template_image.jpg VolumeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\banner_template_image.jpg VolumeInformation
      Source: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png VolumeInformation
      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeQueries volume information: C:\Program Files (x86)\eFax Messenger\InstallHelper.exe VolumeInformation
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeQueries volume information: C:\Program Files (x86)\eFax Messenger\Library\Newtonsoft.Json.dll VolumeInformation
      Source: C:\Program Files (x86)\eFax Messenger\InstallHelper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      1
      Replication Through Removable Media      		1
      Command and Scripting Interpreter      		2
      Windows Service      		2
      Windows Service      		122
      Masquerading      		OS Credential Dumping1
      Process Discovery      		1
      Replication Through Removable Media      		Data from Local SystemExfiltration Over Other Network Medium1
      Non-Application Layer Protocol      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/Job1
      Registry Run Keys / Startup Folder      		11
      Process Injection      		1
      Disable or Modify Tools      		LSASS Memory21
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
      Application Layer Protocol      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)1
      DLL Side-Loading      		1
      Registry Run Keys / Startup Folder      		21
      Virtualization/Sandbox Evasion      		Security Account Manager11
      Peripheral Device Discovery      		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)2
      DLL Search Order Hijacking      		1
      DLL Side-Loading      		11
      Process Injection      		NTDS2
      File and Directory Discovery      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon Script2
      DLL Search Order Hijacking      		1
      DLL Side-Loading      		LSA Secrets13
      System Information Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common2
      DLL Search Order Hijacking      		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
      File Deletion      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      efaxmessengersetup-5-4-2-1.exe0%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\lzmaextractor.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\viewer.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\MSI2DA9.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\MSI305D.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\pre6511.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\shi2A0A.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\wixstdba.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.be\VC_redist.x86.exe0%ReversingLabs
      C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe0%ReversingLabs
      C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\concrt140.dll0%ReversingLabs
      C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\msvcp140.dll0%ReversingLabs
      C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\vccorlib140.dll0%ReversingLabs
      C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\vcruntime140.dll0%ReversingLabs
      C:\Windows\Installer\MSI402E.tmp0%ReversingLabs
      C:\Windows\Installer\MSI4262.tmp0%ReversingLabs
      C:\Windows\SysWOW64\mfc140.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140chs.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140cht.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140deu.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140enu.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140esn.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140fra.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140ita.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140jpn.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140kor.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140rus.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfc140u.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfcm140.dll0%ReversingLabs
      C:\Windows\SysWOW64\mfcm140u.dll0%ReversingLabs
      C:\Windows\SysWOW64\vcamp140.dll0%ReversingLabs
      C:\Windows\SysWOW64\vcomp140.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\CoverPageManagement\CoverPageManagement.exe0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\CoverPageManagement\Newtonsoft.Json.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\InstallHelper.exe0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\3DGlue11-32.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\3DGlue11-64.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\ABCpdf.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\ABCpdf11-32.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\ABCpdf11-64.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\ARSoft.Tools.Net.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\BouncyCastle.Crypto.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Bugsnag.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\ChakraCore32.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\ChakraCore64.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Extras.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Platform.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Auth.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Core.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Gmail.v1.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Hardcodet.Wpf.TaskbarNotification.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\J2GSDK44.DLL0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\LINQtoCSV.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Messenger.EFX.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Messenger.Models.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Messenger.Services.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Messenger.Utility.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Messenger.ViewModels.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Messenger.Views.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Messenger.eFaxWrapper.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Microsoft.Practices.ServiceLocation.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\MimeKit.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\MvvmDialogs.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\PhoneNumbers.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\PrintHook32.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\PrintHook64.dll3%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Priority Queue.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\System.Data.SQLite.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\System.Net.Http.Formatting.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\System.Web.Http.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\System.Windows.Interactivity.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\Win32\SQLite.Interop.dll2%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\WpfScreenHelper.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\x64\SQLite.Interop.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Library\x86\SQLite.Interop.dll0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\Messenger.eFaxWrapper.Console.exe0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\PauseApp.exe0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\PrintDriverImport.exe0%ReversingLabs
      C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      www.efax.com
      		unknown
      		unknownfalse
        		high

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox Version:38.0.0 Beryl
        Analysis ID:1316773
        Start date and time:2023-09-29 19:17:42 +02:00
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
        Number of analysed new started processes analysed:29
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        Analysis Mode:stream
        Analysis stop reason:Timeout
        Sample file name:efaxmessengersetup-5-4-2-1.exe
        Detection:SUS
        Classification:sus24.troj.evad.winEXE@31/266@1/0
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, VSSVC.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 172.64.151.253, 104.18.36.3
        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtProtectVirtualMemory calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Report size getting too big, too many NtSetInformationFile calls found.
        • Timeout during stream target processing, analysis might miss dynamic analysis data
        • VT rate limit hit for: efaxmessengersetup-5-4-2-1.exe

        Created / dropped Files

        C:\Config.Msi\60e6c5.rbs

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):13848
        Entropy (8bit):5.628486859586102
        Encrypted:false
        SSDEEP:
        MD5:0B90B727B8E6A6EA9DFD6F3423E8B99E
        SHA1:3FBF7CF7BD497E9D2419C54E6BB4D970411D4BCC
        SHA-256:F1652B8B845DA63B06BA4DF0018B744394A29815A1A03777893C97D446C9824F
        SHA-512:D920DEF4C5827C6795205470D2A746ACE23362B1E24A637184F14D21065F68F91C472A5F6EFE9ACF59344ECB03E802B2B4759102A95CA8DFFA2B31FA5E59F629
        Malicious:false
        Reputation:low
        Preview:...@IXOS.@.....@b.=W.@.....@.....@.....@.....@.....@......&.{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}:.Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026..vc_runtimeMinimum_x86.msi.@.....@.Y...@.....@........&.{FAAAAE30-DAD4-41E5-AD8A-D0738EDC14A2}.....@.....@.....@.....@.......@.....@.....@.......@....:.Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{9C501CB1-E3C9-3DF3-9B8D-C55D81B59E6A}&.{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}.@......&.{42F41217-AF8B-33D4-9CB3-FF5F696BECBB}&.{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}.@......&.{E8E39D3B-4F35-36D8-B892-4B28336FE041}&.{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}.@......&.{A2AA960C-FD3C-3A6D-BD6F-14933011AFB3}&.{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}.@......&.{9FC931F8-9ED1-3263-A0F1-8ADE330D0ECE}&.{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}.@......&.{0200CF79-B9A1-3BE4-955A-29FA9D4B1A5C}&.{

        C:\Config.Msi\60e6c9.rbs

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):17053
        Entropy (8bit):5.552338979903635
        Encrypted:false
        SSDEEP:
        MD5:B1D6C904B42CF3D60D63E0DEE0E70A90
        SHA1:B0343746B63E2C797D584B481B3DBC74FCC45578
        SHA-256:B814203A6B0D04A3B20B99DB1DCAAE40800A9F27CBD80BE7F5BDD01C25A53082
        SHA-512:B319EE723C31B187CE7C14057C6B2CDAF177711F771928B6C1F3FA082BC3F0661FD445580B623F5FFA968BA159967D84444084B31A155D72C0E409A405CC9C3A
        Malicious:false
        Reputation:low
        Preview:...@IXOS.@.....@c.=W.@.....@.....@.....@.....@.....@......&.{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}=.Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026..vc_runtimeAdditional_x86.msi.@.....@.Y...@.....@........&.{571F0B53-0598-4520-9A8B-9928D3FB90AF}.....@.....@.....@.....@.......@.....@.....@.......@....=.Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{2FBCCF06-0D7B-3E2D-A6AF-5DA2828EBEE9}&.{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}.@......&.{4FD4AB8C-C57F-3782-9230-9CCA22153AD3}&.{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}.@......&.{46A1EA6B-3D81-3399-8991-127F7F7AE76A}&.{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}.@......&.{C94DDE19-CC70-3B9A-A6AF-5CA7340B9B9A}&.{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}.@......&.{946D6FA6-49BB-3415-AD2D-4D634C432CF0}&.{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}.@......&.{E533B148-A83A-3788-A763-0C6C46C

        C:\Config.Msi\60e6cc.rbs

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:modified
        Size (bytes):10229622
        Entropy (8bit):6.687885234764245
        Encrypted:false
        SSDEEP:
        MD5:F19216FBFB8872B67CBA6A80F70EF49D
        SHA1:D5C081E373651F495FB0341854914C7EF9B57077
        SHA-256:EF252BF765E1D162C61428DFB9C5D733D30DDE619C6EE272B2CB99B507B55357
        SHA-512:CE0AF728C89028D95D67BAEE18B7B95687EA2FCE03CD7CA4BB1B03FDFCC2A4902CF46B345BB4F83EBDDA766EBC92F0B13DA2DD86EC6E8D273346A99709A6B664
        Malicious:false
        Reputation:low
        Preview:...@IXOS.@.....@r.=W.@.....@.....@.....@.....@.....@......&.{510EFD2F-E45F-48C2-BE1C-846692E025A0}..eFax Messenger..eFaxMessengerSetup.5.4.2.1.msi.@.....@.....@.....@......efax_icon.exe..&.{141B9747-18E5-4220-BB41-5089304395F7}.....@.....@.....@.....@.......@.....@.....@.......@......eFax Messenger......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A6F59300-5D39-42B5-A1DC-1D876F095ED3}&.{510EFD2F-E45F-48C2-BE1C-846692E025A0}.@......&.{AC2C73EF-6C80-4E4C-BF59-954F17824410}&.{510EFD2F-E45F-48C2-BE1C-846692E025A0}.@......&.{DBB277D5-F604-470E-BD61-ED876B0100D1}&.{510EFD2F-E45F-48C2-BE1C-846692E025A0}.@......&.{1898935B-0351-4B17-BE2B-9392D877EB4F}&.{510EFD2F-E45F-48C2-BE1C-846692E025A0}.@......&.{DDFE121E-39EC-4A55-90E8-5C13E0FB539A}&.{510EFD2F-E45F-48C2-BE1C-846692E025A0}.@......&.{008607C2-68AB-4C20-BEEC-ED529100073B}&.{510EFD2F-E45F-48C2-BE1C-846692E025A0}.@......&.{EB81E32A-A7ED-4D93-A65A-8

        C:\Program Files (x86)\eFax Messenger\CoverPageManagement\CoverPageManagement.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):20248
        Entropy (8bit):6.6794341953439496
        Encrypted:false
        SSDEEP:
        MD5:0D9C11E8DAE878A7B09ABA7FF1740672
        SHA1:322353FE0896F8A829791D23BD1D1B908FE71E38
        SHA-256:C8877030F2061FDAE28F233B8D9A6D2382A3EBCFA8E54C9D58D2E3507D49487E
        SHA-512:00F895173CF29CA1E9CBDE6983EA6E893FB70C32B45CD9F693E8166BD12E91BB81B47E850AEC1DCC42080420524EC0D864B9B42984407806CCEE60CF2D6A106A
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0..............;... ...@....@.. ..............................x.....`.................................7;..O....@...............&...)...`......h:..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................k;......H.......0&..8............................................................0............i./.r...p(.... ....(........+e.....r7..po....,7.(......(....,..(....&+.rm..p.r...p(....(.... ....(.....r...po....,...............X....i2.~....,:~....(.........~....(....,.~....(....*r...p(.... ....(....*....0...........(....rc..pr...pr...p(......rc..ps.......r...po....&.(....(.....~....-9.r...p.....(......%...%...(.....%...(.....(....(.........~....{....~......( ...o!...&~....-I ....r...p...

        C:\Program Files (x86)\eFax Messenger\CoverPageManagement\CoverPageManagement.exe.config

        Download File
        Process:C:\Windows\SysWOW64\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):548
        Entropy (8bit):5.058073620172909
        Encrypted:false
        SSDEEP:
        MD5:A94C1FDDF4D7E33ADCC723708A900869
        SHA1:BAE90C0F454924A8A72B7208750334A44634E324
        SHA-256:1EE33D2571001253228225B2055B8914361AC3497ECB1D68E2D2E903DF6DBDBA
        SHA-512:09555660617FF80D640BC49A4B6D952410AB18753F2BF382D46319CC90EE9BE6631A236E8C5EE596C910B124C53A354633955F8F55EB7DBC58CED6F04889389C
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/>.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/>.. <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0"/>.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

        C:\Program Files (x86)\eFax Messenger\CoverPageManagement\Messenger.Utility.dll.config

        Download File
        Process:C:\Windows\SysWOW64\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):446
        Entropy (8bit):4.987585341680369
        Encrypted:false
        SSDEEP:
        MD5:B9D66DC7837C49DED11A4ECF2873D5CC
        SHA1:D9ADB330D47430AAAD22D221103489FE4EB7C276
        SHA-256:70C8D0DA45C2B3570328402E5DC2D7D0808A7FC852E65E3FEB413DD6734553AB
        SHA-512:B391F16A3D52B217EE5DB7AC46B37F6255418EBE37EACED8EDB349B9F335B767B4D4353D2EB12A22C361235E3C9FD9A9FE4460D506B0436541EEFB1E608C7A78
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/>.. <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0"/>.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

        C:\Program Files (x86)\eFax Messenger\CoverPageManagement\Newtonsoft.Json.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):711952
        Entropy (8bit):5.967185619483575
        Encrypted:false
        SSDEEP:
        MD5:195FFB7167DB3219B217C4FD439EEDD6
        SHA1:1E76E6099570EDE620B76ED47CF8D03A936D49F8
        SHA-256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
        SHA-512:56EB7F070929B239642DAB729537DDE2C2287BDB852AD9E80B5358C74B14BC2B2DDED910D0E3B6304EA27EB587E5F19DB0A92E1CBAE6A70FB20B4EF05057E4AC
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O......................../.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

        C:\Program Files (x86)\eFax Messenger\CoverPageManagement\Newtonsoft.Json.xml

        Download File
        Process:C:\Windows\SysWOW64\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):657803
        Entropy (8bit):4.728751455518001
        Encrypted:false
        SSDEEP:
        MD5:6B47C4C2B6D19605C834376388552F53
        SHA1:7B7FE649165D4C29740929E3E8B94065C5AEC55A
        SHA-256:10D80124CBFC664459E5C9BBA80A657C088D5BEC9E5D306EA120AD704B8CB8FA
        SHA-512:62353CF20A061E9AB1FC85DDF667D356D4A0FFE5AAB71BB87C66C523E96EBA5DCEFCD6BACBC31675166CCCE8B934DEE8E52AF27B132FB420BE16FA6ED36339F6
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>Represents a BSON Oid (object id).</summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>Gets or sets the value of the Oid.</summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the class... <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/>.. </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>Represents a reader that provides fast, non-cached, forward-only access to serialized BSON data.</summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonReader.JsonNet35Bi

        C:\Program Files (x86)\eFax Messenger\GmailAPICredentials.json

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):431
        Entropy (8bit):5.11318659717947
        Encrypted:false
        SSDEEP:
        MD5:0C736E31F0AFCD8FF9A8FD01500EE7FE
        SHA1:4B49383A37BFA03E9CA5AEE2CCA8FFFF53E728DB
        SHA-256:75351D2164C9805AAC8F648045FBE8281A31C15BA5998291A44F01E58806BFD8
        SHA-512:3918828C81ADE912C68E18E7426A2DAF2B96D5A2F714237617330B0C1E8720E0693A43B3785AE9D7E44D74E83165C0B48C10C8162D7C12C74C0642416D8ECC65
        Malicious:false
        Reputation:low
        Preview:{"installed":{"client_id":"21858953832-hotdon4vrq3sf847pftb60gkq9p949aa.apps.googleusercontent.com","project_id":"testgmailapi-1554712469730","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"8-PHhhg6v6QOKFBuKFhkO1wi","redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]}}

        C:\Program Files (x86)\eFax Messenger\InstallHelper.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):51992
        Entropy (8bit):6.1311978678429995
        Encrypted:false
        SSDEEP:
        MD5:AC03152C7B4B00DB7A8D67278C579010
        SHA1:C8E888C3B653F46425BEC1910BFA0C24EEF474C2
        SHA-256:1A19372554422A2B05F00C9C2F8FFFD9C250E82F96052247407D29CC9733B5FC
        SHA-512:7FA5BE25CB06D3EB347216622B716874187E6CA6836EC06544968FF5157605B875BDCD4F0D7130AA69F136DE77CBA6801E676E95814B4DA023F7FF080F910406
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e..............0.................. ........@.. ....................................`....................................O........................)........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........Y...Z......,....................................................0..........(....~+.....9...s....o...+s.........(....~+.....:...s....o...+s.........r...ps.........(....~+.....;...s....o...+(....~+.....<...s....o...+(....~+.....=...s....o...+(....~+.....>...s....o...+s.........(....~+.....?...s ...o...+s!........(....~+.....@...s"...o...+(....~+.....A...s#...o...+(....~+.....B...s$...o...+(....~+.....C...s%...o...+(....~+.....D...s&...o...+(....~+.....E...s'...o...+(..

        C:\Program Files (x86)\eFax Messenger\InstallHelper.exe.config

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):1860
        Entropy (8bit):5.087627971992177
        Encrypted:false
        SSDEEP:
        MD5:882881D79C853564CCB8D9C2C6C3919A
        SHA1:8B1CBB9B6AE6FB6721890439426F4CFAD4AF321D
        SHA-256:F44444B6375AE092A964AFED2D013BE7F058699C10DFBB6481A6373E5A4BB89B
        SHA-512:A414DD9B7882E67822C3135389C498B8085239D0D66FA3570347469D2544C514BE82475740CA9186A26F836F324F3EF173CF1040FDC872C153E6EF0732055CE1
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <probing privatePath="lib;Library" />.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>.. <appSettings>.. <add key="IniEncrypted" value="true" />.. <add key="Cl

        C:\Program Files (x86)\eFax Messenger\Library\3DGlue11-32.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):2318512
        Entropy (8bit):6.727934057241741
        Encrypted:false
        SSDEEP:
        MD5:7128885F302ACA089E5BD82EA1F1BBC8
        SHA1:2F7325764C42FA609F6D60B25CD61FE59B7ED5DB
        SHA-256:7155A4DDDD0A34A8E58F00A59F01A4E2B688B29F98838401971CC627D83C1692
        SHA-512:D7FCFB8802A29AC4ABC71BAD4477BC4077C196E2720BA640359537B6011A9D60168D6CAB21BCEF7C81D33A6F31033F31DB8414EF407E84D5A1606732C535B36B
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=f.S5.S5.S5S..5.S5S..5@.S5S..5.S5>.P4..S5>.V4.S5>.W4.S5,.V4.S5...5.S5...5.S5.R5X.S5,.Z4C.S5,.S4.S5,.5.S5..5.S5,.Q4.S5Rich.S5........PE..L....eZ...........!.........T.......*........................................$.....K.#...@..........................I ......N ......P"..............H#......`".|...P...p...................X...........@............................................text.............................. ..`.rdata..^...........................@..@.data... ....` ..R...P .............@....rsrc........P".......!.............@..@.reloc..|....`".......!.............@..B................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\3DGlue11-64.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
        Category:dropped
        Size (bytes):2922672
        Entropy (8bit):6.351253909553989
        Encrypted:false
        SSDEEP:
        MD5:6BD6BE47A194C87B9325C01C865EF0D7
        SHA1:A3259912C1BA3A831E6B889E2FDD4C533516AECF
        SHA-256:95B6D70CCEEDDB9295A71D1FAD80AFEFD93052D88E2BA5953CDD6895F7BC3F04
        SHA-512:1E4221DB6E073FD035E6F8399DFED81B077408443B0EEC82779AEEBE6DA1607510E6F2A3AD21C5A93449C9002845F2D6415AC689F3035D250165AC737F9D2F2E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......../e%.N.v.N.v.N.vJ..v.N.vJ..vYN.vJ..v.N.v',.w.N.v',.w.N.v',.w.N.v5-.w.N.v.6.v.N.v.6.v.N.v.N.v<N.v5-.wZN.v5-.w.N.v5-.v.N.v.N.v.N.v5-.w.N.vRich.N.v................PE..d.....eZ.........." .....<...........j........................................-......+-...`...........................................).......)......0-.......,. -....,......@-.P1..`.#.p.....................#.(.....#..............P...............................text...L:.......<.................. ..`.rdata...N...P...P...@..............@..@.data....]....).......).............@....pdata.. -....,.......+.............@..@.rsrc........0-......H,.............@..@.reloc..P1...@-..2...N,.............@..B................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\ABCpdf.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):6809776
        Entropy (8bit):6.009922872504102
        Encrypted:false
        SSDEEP:
        MD5:5659A0A158E1E9327EF0A0ED9DA74C3F
        SHA1:E5E84B929735D7BB0F29233F362780C74C26EB37
        SHA-256:97E3405B997D541BAE62324A301B15454E230E957DCEB63BECCF95459054F960
        SHA-512:9407AADC21C77BA2E562797A18277E9D3934C17EEFB4F18CE7D8449B9D5B45EED348800D56B2735E15792D1F67A4A83A79ED393E0F93BDFA09785D4319C68A0D
        Malicious:true
        Yara Hits:
        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\eFax Messenger\Library\ABCpdf.dll, Author: Joe Security
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....eZ.........." ..0...g.. ......R.f.. ....g...... ........................h.......h...@...................................f.O.....g...............g.......g......f.............................................. ............... ..H............text....g.. ....g................. ..`.rsrc.........g.......g.............@..@.reloc........g.......g.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\ABCpdf11-32.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):18814128
        Entropy (8bit):7.046345411746307
        Encrypted:false
        SSDEEP:
        MD5:2EECE2D64E01AC8E255B4B1A70C8D6EA
        SHA1:A22DE6DEC10EA74E854302A17E250A55F964A3D3
        SHA-256:B441626FFB4A9F76C76FF10E4673E3CF2FD6AA7B2EBA58C1F275B41AFAC6820A
        SHA-512:17DDAD97617D451A0FD9F26DCB4B6649067C5025D86749758507D1C4CAA7BF83346BD9BC3B5BFAFC705022E49CE28A622313C4C7F1EC862067D9DAAE9725CB6A
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$..........h...;...;...;<.:;...;<.8;S..;<.9;...;.4.;...;Q..:...;Q..:...;..H;...;..;...;.R.;...;C..:...;C..:...;...;...;.{.;..;..X;...;...;..;..O;...;Q..:..;C..:f..;C..:...;C.4;...;..\;...;C..:...;Rich...;........................PE..L.....eZ...........!.........x..........................................................@.............................lL...................................P.. m..Pv..p....................v......`...@...................{.......................text............................. ..`.rdata....0..... 0................@..@.data....T@.......?.................@..._RDATA...)...`...*..................@..@.rsrc...............................@..@.reloc.. m...P...n..................@..B................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\ABCpdf11-64.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
        Category:dropped
        Size (bytes):21240496
        Entropy (8bit):6.756358513352592
        Encrypted:false
        SSDEEP:
        MD5:978894449596FED85CA60CC0D2FD5385
        SHA1:39CFE02A0175A470BCD0B5302795369E88530F02
        SHA-256:070C16C2BC6E6032E17B1946C558163366FB5425D693F24F7B7AA5CFBB6F5FEE
        SHA-512:8FD85B9C293794243AA4698531CDD81FEA0A318CB58F1F0E44C9C936B141F62EFA14FB595A9DF3DD25A1B21811630CC512FF1BB260854B8AE2F46C2EE25C1502
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......4.p.p...p...p....I.R....I.....I.E....u.y.......|.......V...y...}...W.c.........q.......O...p.......S:.-...y...k...y...q...p...(.......6...............q......q...p..q.......q...Richp...................PE..d.....eZ.........." .................4........................................E......@D...`..........................................a..lL..\.........B......`;.0#....D.......C.P...`...p.......................(.................... ..8....B.......................text...w........................... ..`.rdata....G.. ....G.................@..@.data....zB.......A.................@....pdata..0#...`;..$...z:.............@..@_RDATA..x)....B..*....A.............@..@.rsrc.........B.......A.............@..@.reloc..P.....C.......B.............@..B........................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\ARSoft.Tools.Net.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):299520
        Entropy (8bit):6.1931044549212615
        Encrypted:false
        SSDEEP:
        MD5:939DF139496EF2523CAF86810A06D321
        SHA1:6925C59E4D743C78D4065067C98097644E83F6B9
        SHA-256:38025717F348A2D3F712E5F3C6D7834F86FD19C032100BE909A3C4240E36285A
        SHA-512:1F062B4957C41105B409D8A8D1570E2C0B583172B25BC33E3304A4808A982371E6966B6A3D2CD623AE45E356881F24F8040FA7118F709E3023512C8D45B09A07
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y.........." ..0.................. ........... ...............................7....`.................................8...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................l.......H.........................................................................{....*..{ ...*..{!...*r.(".....}......} .....}!...*....0..S........u......,G(#....{.....{....o$...,/(%....{ ....{ ...o&...,.('....{!....{!...o(...*.*..0..K....... x.t. )UU.Z(#....{....o)...X )UU.Z(%....{ ...o*...X )UU.Z('....{!...o+...X*..0...........r...p......%..{.....................-.q.............-.&.+.......o,....%..{ ....................-.q.............-.&.+.......o,....%..{!.....................

        C:\Program Files (x86)\eFax Messenger\Library\ARSoft.Tools.Net.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):345462
        Entropy (8bit):4.468798502715243
        Encrypted:false
        SSDEEP:
        MD5:EB6B9DE88673F740833B49A7340EE366
        SHA1:DF3298A0623825312342AF9203B3EB31C469F332
        SHA-256:80E2C24FCB4DD76BC7D928C9D49F291CACA433DE785249DC226E531AD7F1F8A8
        SHA-512:6D0D4A8AD80DE28D6EF06E15CCFDC1940C7BA093334BD3080EA6E2672B0A9F9805BBBDE447DE8530F7818568894E844FC073E6013D9DAC7D4B0616FD0F0F6207
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>ARSoft.Tools.Net</name>.. </assembly>.. <members>.. <member name="T:ARSoft.Tools.Net.BaseEncoding">.. <summary>.. <para>Extension class for encoding and decoding Base16, Base32 and Base64</para>.. <para>.. Defined in.. <see cref="!:http://tools.ietf.org/html/rfc4648">RFC 4648</see>.. </para>.. </summary>.. </member>.. <member name="M:ARSoft.Tools.Net.BaseEncoding.FromBase16String(System.String)">.. <summary>.. Decodes a Base16 string as described in <see cref="!:http://tools.ietf.org/html/rfc4648">RFC 4648</see> ... </summary>.. <param name="inData"> An Base16 encoded string. </param>.. <returns> Decoded data </returns>.. </member>.. <member name="M:ARSoft.Tools.Net.BaseEncoding.FromBase16CharArray(System.Char[],System.Int32,System.Int32)">.

        C:\Program Files (x86)\eFax Messenger\Library\BouncyCastle.Crypto.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):2371584
        Entropy (8bit):5.806651137790807
        Encrypted:false
        SSDEEP:
        MD5:79F298BDEB949083B32DD6602DE71567
        SHA1:0C9E6657DC231CA6A835BCAB3EFAF5C13FBAA1C8
        SHA-256:CD630C1F254F1851840BE81C575C4B866956D19BD23645DA2AB14DE12EA0F87D
        SHA-512:09B50E96C8453AEAF248AB850175E1BB15CC7682AFEBA33EC9DFD5DDB76AEF394A69F0061892CCB4991776CDDBDA07CB8809940C532CBBB1ACB166500B58A58E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C.Z...........!......$.. ........$.. ... $...@.. .......................`$.....Y.$.......................................$.S.... $.`....................@$...................................................... ............... ..H............text...$.#.. ....$................. ..`.rsrc...`.... $.......$.............@..@.reloc.......@$...... $.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\Bugsnag.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):53248
        Entropy (8bit):5.7813343975321425
        Encrypted:false
        SSDEEP:
        MD5:50D5B553ACA135B9794FB17D31C918FC
        SHA1:083393302B140F817B8671E844FD61376475465B
        SHA-256:5D5E8E8B2C717D2B555B81558306C5800D47B9F76BC27F7F6D258E37D0AC40D2
        SHA-512:F5FC616FF141124688CC382137AAD1E6E891CAB0ABA9F02EBA84B9CBF45B4288CB5D927BD7DBB6E259DBC2D09E2F6962FAEE72A502EDE4B9FB2615C1EC1AE1D8
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.Y.........." ..0.................. ........... .......................@............`.....................................O............................ ......\................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........P.....................................................................($...........o%...o&........('....o(...t......o)...*..E................................+..*.*2.(....,..*.*....0..a........(.....s*......YE................+0s+...%r...p.o,.....r...pr...po-....rY..p.o-...+..r...p.o-....*..{....*..{....*"..}....*..{....*"..}....*..{....*:...(....(....*..(......}......(......(......(....}....*>..s....%.}....*..0..a.......(......ro..po/.....(0....V...(......s1.....s2...

        C:\Program Files (x86)\eFax Messenger\Library\ChakraCore32.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):5533872
        Entropy (8bit):6.464419060754194
        Encrypted:false
        SSDEEP:
        MD5:F9F2CA9FEE64AB92F98C9FB1F0E3AACF
        SHA1:E61E2C3CBB434A2AFDB8E9AFC45A43FD580A3B42
        SHA-256:8CD3553CCCE5D2D258BBEE6D5B20D08A10934EBAB925AD7E8494C5E9143945B9
        SHA-512:80CAB9E613BE02D1BC088DEF650320DBB7256E432A5EDEF792070399414FF02209765FAF570C058768C9C68B39B5498C62264081BC4F4BF50755EED177EA6EF0
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......[...............=.../...=......=...7...$.......$..............$...;...=.............................g....................Rich............................PE..L.....Y...........!.....<B..X".....a.?......PB...............................d.....p%U...@.........................0.N.(...X.N.......`.............XT.......b.....`.M.p....................M.....HBC.@............PB......N.@....................text....;B......<B................. ..`.rdata..D....PB......@B.............@..@.data....Q....N.......N.............@....gfids.......P`.......O.............@..@.mrdata......``.......O.............@..@.tls....-....p`.......O.............@....rsrc........`.......O.............@..@.reloc........b......xQ.............@..B................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\ChakraCore64.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
        Category:dropped
        Size (bytes):7353520
        Entropy (8bit):6.250011690054069
        Encrypted:false
        SSDEEP:
        MD5:6F5DA6C0C318C96E580EB96DCDBF0A4B
        SHA1:1D06712A45F98A726451C665AE76F6FBC26AFFEA
        SHA-256:A193EB0A72D27983FE1396A1B74254CE60AB7471FA5827D3F2DAB89352FF11D4
        SHA-512:072A974ACBF9B330E4CA2C0A25000E7E8FE92E59F561954B4696462377346FC90431BDC388B6BC4FB0A998A7F135C6F83D2F49787DBB71370183C3BC5E99F8E7
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............L..L..L..M..L..M..L..MP..L..M..L..M..LT.M..LQ.M..L..M.L..M..L..L...LT.My..LT.M..LQ.JL..L."L..LT.M..LRich..L........PE..d...s.Y.........." .....`Q..........FN.......................................p.....NIp...`......................................... .f.(...H.g.......m......h.t.....p......po.@`..0.a.p.....................a.(...P.Q..............pQ.......f.@....................text...n^Q......`Q................. ..`.rdata......pQ......dQ.............@..@.data...`....0g..^....g.............@....pdata..t.....h......vh.............@..@.gfids........m......(m.............@..@.mrdata.......m......*m.............@..@.tls....Q.....m......,m.............@....rsrc........m.......m.............@..@.reloc..@`...po..b....n.............@..B................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Extras.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):17920
        Entropy (8bit):5.270960413150321
        Encrypted:false
        SSDEEP:
        MD5:99F85EC0E471BB3D03639DC50056EFF4
        SHA1:8FC5936429E1CE626DB25ACA37FE383AFA0FAB3A
        SHA-256:EB2AF4E82070EF8A5CADEA509F3C8FF2FFC2E093DAC48F77A96DCF89F2ED5A05
        SHA-512:FB26565FF7088E7FFECC234EBE1C62545FB15F236BE5059325EE89799E328F1A477CACFB470FC5B8A059D1986BB07F8C4A81322A7515103C71E9128AC7C32126
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......W.........." ..0..<..........NZ... ...`....... ....................................@..................................Y..O....`...............................X............................................... ............... ..H............text...T:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B................0Z......H........0...'..................DX........................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*. ..O' )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.....................-.q.............-.&.+.......o.....(....*..(....*V~....%-.&s;...%.....*"..(...+*..0..K............(......{.....o ...-..*.(!...,..{.....o"

        C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Extras.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):27338
        Entropy (8bit):4.419214775042686
        Encrypted:false
        SSDEEP:
        MD5:C138D1F10A5323A2822E1357D3F3D661
        SHA1:55B466198D0A475E6592C257F418CB252876959A
        SHA-256:DF91AB2041D24A25FA5E1E539867CF8934A48712020D144576172E312EB437DF
        SHA-512:1DFEF3F2CFFF61405D5CA455C7B38AFAD45F267C66963A103501E246177B5BBFD70AD6239DDC0FE3A1CEEC6D535BE8B77714BD29BD72442338EDE3032BC66659
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>GalaSoft.MvvmLight.Extras</name>.. </assembly>.. <members>.. <member name="T:GalaSoft.MvvmLight.Ioc.ISimpleIoc">.. <summary>.. A very simple IOC container with basic functionality needed to register and resolve.. instances. If needed, this class can be replaced by another more elaborate.. IOC container implementing the IServiceLocator interface... The inspiration for this class is at https://gist.github.com/716137 but it has.. been extended with additional features... </summary>.. </member>.. <member name="M:GalaSoft.MvvmLight.Ioc.ISimpleIoc.ContainsCreated``1">.. <summary>.. Checks whether at least one instance of a given class is already created in the container... </summary>.. <typeparam name="TClass">The class that is queried.</typeparam>.. <returns>True if at least

        C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Platform.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):13824
        Entropy (8bit):5.095096383330166
        Encrypted:false
        SSDEEP:
        MD5:E74E1E65C32DAFE45CDADA01F5DEFC67
        SHA1:13A49C5A588C7884035A45C893A2C98BC7A13F3E
        SHA-256:2B213A15FA2330BDDD575E97FB9D93656D492CF5E11D354897A6CE2FE9508573
        SHA-512:83D962233EB6EE3B866E908C860826A623F361C65766BF435226F7F742F8001554FAF90A774AB3951CAEDC0E721C14C529BBFDA294A9F400EF23F7B9BEBD714C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......W.........." ..0..*...........H... ...`....... ..............................F.....`..................................H..O....`..l...........................XG............................................... ............... ..H............text....(... ...*.................. ..`.rsrc...l....`.......,..............@..@.reloc...............4..............@..B.................H......H........'.......................F.......................................~....*.......*..-.*(....(....o....,..o....*(...........o....&*.(....-(r...ps....%o....&%rS..po....&o....s....z*^(....(...........o....*.(....,.(....o....o....,.*(....(....*..(....*F.~....(....t....*6.~.....(....*2.~....(....*6.~.....(....*F.{....%-.&.(....*:..}.....(!...*F.~....(.....*...*J.~......*...(....*..|....(....,..|....(....*.(....*N..s ...}.....(!...*6.(!....(!...*2.("...u....*..(....*..{....*".

        C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.Platform.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):20175
        Entropy (8bit):4.615391520854141
        Encrypted:false
        SSDEEP:
        MD5:537508E26780CF1DA99E92DFA9D41131
        SHA1:A0D435C7884E789312F50816964E2D2D38939E4E
        SHA-256:16E2E4334A02B8D73EB883DD24D43444EA05AAA5E8105D256B34201465232D27
        SHA-512:92B19E4BC343FBE817CB0BB5286F28C2B47EE75392777E210ABE12046FA9BEE2019112FE37EE954D5E16554D55DB21B3121F88F32530A6A1876671FAE8582A05
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>GalaSoft.MvvmLight.Platform</name>.. </assembly>.. <members>.. <member name="T:GalaSoft.MvvmLight.CommandWpf.RelayCommand">.. <summary>.. A command whose sole purpose is to relay its functionality to other.. objects by invoking delegates. The default return value for the CanExecute.. method is 'true'. This class does not allow you to accept command parameters in the.. Execute and CanExecute callback methods... </summary>.. <remarks>If you are using this class in WPF4.5 or above, you need to use the .. GalaSoft.MvvmLight.CommandWpf namespace (instead of GalaSoft.MvvmLight.Command)... This will enable (or restore) the CommandManager class which handles.. automatic enabling/disabling of controls based on the CanExecute delegate.</remarks>.. </member>.. <member name="M:GalaSoft.MvvmLight.Command

        C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):29184
        Entropy (8bit):5.483114965045702
        Encrypted:false
        SSDEEP:
        MD5:A42907A9B2D89C4C04DC3975DC17CCD2
        SHA1:63504E01D50CA045665CABF60E5883699BD06FBA
        SHA-256:77DDF6CF93536C2BE590C254039B11B01D97EBD718A55EDB575C4CF6BB12B107
        SHA-512:A76F7DD5FF98BE3E5422F501EDD3C797476A9E7DEB63AC89130AAD5B64AAC60060975AE5334F8853C8675D3014BE628598D8588A7E106C051C24044FE484D5B9
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......W.........." ..0..h.............. ........... ....................................@.....................................O...................................H................................................ ............... ..H............text....f... ...h.................. ..`.rsrc................j..............@..@.reloc...............p..............@..B........................H........;...H..........................................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*..{....*....0..*........(......(....-..(.....o....-.r...p.s....z*...0...........{......,....s....o....*.0...........{....,..(...+..(....-...o....*..0..O........-.r'..ps....z.o....u<...%-.rM..pr'..ps....zo....u....%-.ro..pr'..ps....zo ...*.(!....q.....o"...,..*.........o...+.*.(!....q.....o"...,..*.

        C:\Program Files (x86)\eFax Messenger\Library\GalaSoft.MvvmLight.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):101994
        Entropy (8bit):4.492008946142152
        Encrypted:false
        SSDEEP:
        MD5:6BE0C32ACF53FBDF0EAE6AB161777FB5
        SHA1:C949E8094E58AD1951B8B1D4FBCE2CE6ACACAC63
        SHA-256:18CA1D3E692D66032895BA867C969698641BDDB1135C86A7FE0B9F4087A9FCB4
        SHA-512:9EB0FF00CAFED7807E93AEF9B57806C3EE37E6BAFFB062BEBC9F3002B937EEC4A6A7E70439E555C1DC53DA6EEC33034DD0F239761C4C39064CC5FEDF945CEC3D
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>GalaSoft.MvvmLight</name>.. </assembly>.. <members>.. <member name="T:GalaSoft.MvvmLight.Command.RelayCommand">.. <summary>.. A command whose sole purpose is to relay its functionality to other.. objects by invoking delegates. The default return value for the CanExecute.. method is 'true'. This class does not allow you to accept command parameters in the.. Execute and CanExecute callback methods... </summary>.. <remarks>If you are using this class in WPF4.5 or above, you need to use the .. GalaSoft.MvvmLight.CommandWpf namespace (instead of GalaSoft.MvvmLight.Command)... This will enable (or restore) the CommandManager class which handles.. automatic enabling/disabling of controls based on the CanExecute delegate.</remarks>.. </member>.. <member name="M:GalaSoft.MvvmLight.Command.RelayComman

        C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Auth.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):113664
        Entropy (8bit):5.882594448487783
        Encrypted:false
        SSDEEP:
        MD5:3F1346478D94C1ACD3592AB125668D40
        SHA1:4515E468B0C5C5187DA7FD3B2545BDA0E39FE3B2
        SHA-256:08C7DB00B0731880CCE7E03AE2AA2D715A665B845F736677B9E9467DAA7C7205
        SHA-512:6C57337E9AC133264233A210DDCC0633B5257BC285596C1330C468C56439AF48A15D81DE062C56CB997E2D38E95326FE503C447F7A2F25022CEAF5F7A0CBC2A5
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b=-..........." ..0.............6.... ........... ....................... .......@....`.....................................O.......T...............................T............................................ ............... ..H............text...<.... ...................... ..`.rsrc...T...........................@..@.reloc..............................@..B........................H...........'..................l.........................................{....*..{....*V.( .....}......}....*...0..;........u......,/(!....{.....{....o"...,.(#....{.....{....o$...*.*. ..f. )UU.Z(!....{....o%...X )UU.Z(#....{....o&...X*.0...........r...p......%..{.....................-.q.............-.&.+.......o'....%..{.....................-.q.............-.&.+.......o'....((...*j.sP...%.oW...%.oY...(....**....(....*...0..Q..........}.......}.......}.......}......()...}....

        C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Auth.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):138536
        Entropy (8bit):4.686540771619832
        Encrypted:false
        SSDEEP:
        MD5:AF1456E8863ACC29E685E181E8E20756
        SHA1:87D37EA41002F038DE458980757A99C0C8B4B549
        SHA-256:0B451069BEF4BA136DAF87247CC098515C792134B0F7B5CA920B6918CABE335C
        SHA-512:55740271061B01CDC57953370B7F0C5237D73AB5B46F4DE59C82AA32DE81AAE7E91F4FF63503109A2313FDFE5FB0D704D7A4FA7F65A4DD7FA99E7391C320FFBC
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Google.Apis.Auth</name>.. </assembly>.. <members>.. <member name="T:Google.Apis.Auth.GoogleJsonWebSignature">.. <summary>.. Google JSON Web Signature as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount... </summary>.. </member>.. <member name="M:Google.Apis.Auth.GoogleJsonWebSignature.ValidateAsync(System.String,Google.Apis.Util.IClock,System.Boolean)">.. <summary>.. Validates a Google-issued Json Web Token (JWT)... Will throw a <see cref="T:Google.Apis.Auth.InvalidJwtException"/> if the passed value is not valid JWT signed by Google... </summary>.. <remarks>.. <para>Follows the procedure to.. <see href="https://developers.google.com/identity/protocols/OpenIDConnect#validatinganidtoken">validate a JWT ID token</see>... </para>.. <para>Google

        C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Core.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):67584
        Entropy (8bit):5.93340295932598
        Encrypted:false
        SSDEEP:
        MD5:C3F5324FA877F5B6786D2CE14E7F6796
        SHA1:F346549DB5FF7687F1C8EB974178F6654A0A209E
        SHA-256:E55AF69427ADB48EE4AC217F9A0F2473E4D94E7B45B463BD0DED8B3599736ED9
        SHA-512:1270E965CD22ADD553DD360A49130FDEC993D2248A1C03E1141DDDF46980284CA3A841DCEADC40D321171FC2742B75D4A75DF504EA167BCBD6F73622FBAAD192
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....AG..........." ..0.................. ... ....... .......................`......'.....`.................................1...O.... ..d....................@......<...T............................................ ............... ..H............text........ ...................... ..`.rsrc...d.... ......................@..@.reloc.......@......................@..B................e.......H.......8h.....................................................................*V~....%-.&s....%.....*.~....,.~....u....-.r...ps"...z......*..{....*r...(#....rg..p(...+&..}....**....(....*..{....*"..}....*..{....*"..}....*^r...p.($....{....(%...*..{....*..{....*^.#.....@o@(&.....(....*...0..b........s'...}.....((....~)...(*...-..#.......?(+...(,...,.r...ps-...z..2....1.r...ps-...z..}......}....*...0............0.r...ps-...z..(....1.~....*.{.....(.......(/...#.......Zi.(.....

        C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Core.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):95169
        Entropy (8bit):4.669016078567125
        Encrypted:false
        SSDEEP:
        MD5:82B51EC89CC88B7B6A71F63EBC012FB1
        SHA1:3809B74338A4FF07663D11E6046C517E7874DB0A
        SHA-256:B7AEEACF933EBFE12362E049780757057FEC7E164795283D445AD245C7373DB9
        SHA-512:A93450F3ED9F8994D4C913E3EF23477BB709323CBD4AA65905E211B347A55B6DDF31D60CACEB56C87EB27C95BF575D12C82A5055E7D9CE9C20FD0A04F1448653
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Google.Apis.Core</name>.. </assembly>.. <members>.. <member name="T:Google.ApplicationContext">.. <summary>Defines the context in which this library runs. It allows setting up custom loggers.</summary>.. </member>.. <member name="P:Google.ApplicationContext.Logger">.. <summary>Returns the logger used within this application context.</summary>.. <remarks>It creates a <see cref="T:Google.Apis.Logging.NullLogger"/> if no logger was registered previously</remarks>.. </member>.. <member name="M:Google.ApplicationContext.RegisterLogger(Google.Apis.Logging.ILogger)">.. <summary>Registers a logger with this application context.</summary>.. <exception cref="T:System.InvalidOperationException">Thrown if a logger was already registered.</exception>.. </member>.. <member name="T:Google.Apis.Discovery.DiscoveryVersion">..

        C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Gmail.v1.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):102912
        Entropy (8bit):5.729316399668061
        Encrypted:false
        SSDEEP:
        MD5:8A91B5ABA246142D1A9783EBE67E3741
        SHA1:6BC93DEF03B689F77C80131825EBFF327A41E1AF
        SHA-256:22F13BE3FF1265540DE3CC17BA303E9CF231CB5BFE649343ABD6E6BF5CF8E749
        SHA-512:E1545E88F9FB757EE3F6E1F5FB56A756FD66D2D4563622B8C3C6487A9AC249FC7A6DC9969CA6BBCD705C2E0853CAB41120779C028A6E2C132DD5A1B835B9BBFF
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....W3..........." ..0.................. ........... ..............................P.....`.................................[...O...................................\...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......H|...".........................................................2.s....(....*R..(......s....}....*... ...*.r...p*.r...p*.rc..p*.r...p*.r...p*..{....*.*"..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0...........(.....(....r...ps....%r...po....%.o....%r...po ...%r...po!...%.o"...o#....(....r...ps....%r...po....%.o....%r...po ...%.o!...%.o"...o#....(....r!..ps....%r!..po....%.o....%r...po

        C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.Gmail.v1.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):252917
        Entropy (8bit):4.680530341501088
        Encrypted:false
        SSDEEP:
        MD5:126B4B46350532DD300AA07718082F33
        SHA1:71BC8EDC7E8C98F4FA4AAA0BBB3DE199EF5426A9
        SHA-256:DE3ECF5F58356AD29C6BCF2D9B37AF41359D3A8CE3C0DCB52AE848E02656B64C
        SHA-512:5621ABA55A1D9EB0092F380F9105D90880D4D09855553E9FDE38F6AED1647046FC0AB5837030814BC9EF877265226EEAE3128379FFE0B0C354A4ECCBF6BC5B58
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Google.Apis.Gmail.v1</name>.. </assembly>.. <members>.. <member name="T:Google.Apis.Gmail.v1.GmailService">.. <summary>The Gmail Service.</summary>.. </member>.. <member name="F:Google.Apis.Gmail.v1.GmailService.Version">.. <summary>The API version.</summary>.. </member>.. <member name="F:Google.Apis.Gmail.v1.GmailService.DiscoveryVersionUsed">.. <summary>The discovery version used to generate this service.</summary>.. </member>.. <member name="M:Google.Apis.Gmail.v1.GmailService.#ctor">.. <summary>Constructs a new service.</summary>.. </member>.. <member name="M:Google.Apis.Gmail.v1.GmailService.#ctor(Google.Apis.Services.BaseClientService.Initializer)">.. <summary>Constructs a new service.</summary>.. <param name="initializer">The service initializer.</param>.. </member>.. <memb

        C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):76800
        Entropy (8bit):5.965584790010468
        Encrypted:false
        SSDEEP:
        MD5:1B5701A3E01A2DE5B204A6915F9167DC
        SHA1:100526691C202CD75A14DBA6BBE6234D1AECDFA1
        SHA-256:90FE6CE181C810ABC40FD44463D8E4008367D28C367394A413847410CCD755DA
        SHA-512:93ED55D1EC52E1E6C69DAA931568FBC8926ECDA815DADCEA2868F30D3354E4726BB5BCE90302233D36E0F5F1876094484CFB25313972FD7581CF0D20402B6145
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....c..........." ..0.."...........A... ...`....... ..............................h.....`.................................oA..O....`...............................@..T............................................ ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................A......H.......0........................@........................................{....*..(......-..(.....(....+..}.....{....(....-..{....( ...&*....0..c.......r...p(!.....("...-..*r...p(!.....("...-0r...p(!.....("...,..r7..prE..p(#.....rQ..p(....*r{..ps$...z..0..K........("...,.r...ps%...z(&.........o'.....{..........((...(....(.....()...~....*..0..C........("...,.r...ps%...z.{..........((...(....(......(*...,..(+...~....*..0..x........("...,.r...ps%...zs,.....{..........((...(....(

        C:\Program Files (x86)\eFax Messenger\Library\Google.Apis.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):93894
        Entropy (8bit):4.610362166125055
        Encrypted:false
        SSDEEP:
        MD5:54C5BD0407C3E71C1A35DED18CF4B258
        SHA1:8A9E23143ED23E1368DD398DD3E92A5E6ED0529A
        SHA-256:CB7AD99E4D1BBEA7F166D768A2BE28BC5B3CCE51C158B0E878CE4AF709B26321
        SHA-512:E5688197FD08D9997EC262CBB9A5F9AA96877045B0E0168B13806173EC8254C37882298CDAEB627901BC41D977D51C707C1C3BD10C79A322942AB5999D870A13
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Google.Apis</name>.. </assembly>.. <members>.. <member name="T:Google.Apis.Download.DownloadStatus">.. <summary>Enum which represents the status of the current download.</summary>.. </member>.. <member name="F:Google.Apis.Download.DownloadStatus.NotStarted">.. <summary>The download has not started.</summary>.. </member>.. <member name="F:Google.Apis.Download.DownloadStatus.Downloading">.. <summary>Data is being downloaded.</summary>.. </member>.. <member name="F:Google.Apis.Download.DownloadStatus.Completed">.. <summary>The download was completed successfully.</summary>.. </member>.. <member name="F:Google.Apis.Download.DownloadStatus.Failed">.. <summary>The download failed.</summary>.. </member>.. <member name="T:Google.Apis.Download.IDownloadProgress">.. <summary>Reports downloa

        C:\Program Files (x86)\eFax Messenger\Library\Hardcodet.Wpf.TaskbarNotification.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):45056
        Entropy (8bit):5.6056707762562175
        Encrypted:false
        SSDEEP:
        MD5:810105219D96749674C5BF31C82A3B09
        SHA1:0DE6E8B9834B4BB742E8CA90BDB02019A355A422
        SHA-256:4A2438ECFCAD3E6E7BB942ACF2C40FBE2C0D72E4982DF303AB5828AF26CA753E
        SHA-512:18FD5C687FA8BDB5E3F65CD9D86CEF452E32831D9711AF1A1FD7A9E053B914455C8F0DA23E1A22EDF0C24E9589F15E75F560B82DEDDD177A6050A230807B96AA
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Kn.V...........!..................... ........... ....................... ............`.....................................O.......X............................................................................ ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H........O...s...........................................................0..b............(....-P....=....s......o....o.......(.....o....o.......(....s....s............,..o.....~....*..........7R.......0..).......(.......(....-.#.......?*..( ......(!...*....0..).......(.......(....-.#.......?*..( ......("...*....0............s......o.....o...........o....-...(#....X...($.....+p.o.....3...(#......($.....(%...Y.Y..+J.o.....3...(#......(&.....(%...X.X..+$.o.....3...(#.....('...Y.

        C:\Program Files (x86)\eFax Messenger\Library\Hardcodet.Wpf.TaskbarNotification.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):114700
        Entropy (8bit):4.596776713558837
        Encrypted:false
        SSDEEP:
        MD5:F4234F6769B095E9D82558E93CACA732
        SHA1:177321E60E7D3E760BB21A84F01578FC9A1428E7
        SHA-256:DE8EA5729A080BB0122C166676D64D245F55E90DD978CCBDA485A4BDE5C0133D
        SHA-512:2C2E6606A1A2CC14A6250567AF06D4C640891350BDD45198D967599DA8A7E7DEDC242598F14D9AF4ECD25AB4511BC97C0C99F240A63B7712B01BAD7223F83FA8
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Hardcodet.Wpf.TaskbarNotification</name>.. </assembly>.. <members>.. <member name="T:Hardcodet.Wpf.TaskbarNotification.BalloonIcon">.. <summary>.. Supported icons for the tray's balloon messages... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.None">.. <summary>.. The balloon message is displayed without an icon... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Info">.. <summary>.. An information is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Warning">.. <summary>.. A warning is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Error">..

        C:\Program Files (x86)\eFax Messenger\Library\J2GSDK44.DLL

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):3003392
        Entropy (8bit):6.5905451248829525
        Encrypted:false
        SSDEEP:
        MD5:89A810D009A250A14CD4560453806AF2
        SHA1:7E7D6A4B008A9E507F47F131C3F03469D5D36E54
        SHA-256:EFAB5C91216024350D903CAA3DD233E54E3AA9E33138794658253EB53A5EECCB
        SHA-512:AC41ACACA697CD053149B9F6EF75F7EA735C04863EFB0DB2F4011A400D59F34F973D0BE22FEB18D360565297DA6001D5FEF3A7C1D8AC6E6560A840CD884235BF
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........4Up.U;#.U;#.U;#~J0#gU;#.U;#.U;#.v1#.U;#.]R#.U;#.Y4#.U;#.Y[#.U;#.Yd#'U;#.]d#.U;#Lv'#.U;#.]f#.U;#lv"#.U;#.]f#.U;#.U:#.W;#.YX#gU;#.Yg#.U;#z^e#.U;#.Ya#.U;#Rich.U;#........................PE..L...R.QU...........!.....^...........h.......p.......................................................................g...^..|B..,.....%.PJ....................+..L...v...............................................p...............................text....].......^.................. ..`.rdata...U...p...V...b..............@..@.data............>..................@....rsrc...PJ....%..L....$.............@..@.reloc........+......B+.............@..B................................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\LINQtoCSV.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):28672
        Entropy (8bit):5.418594458635578
        Encrypted:false
        SSDEEP:
        MD5:2B73E62A336D285904ADB104229CA9CE
        SHA1:E2909C0B46179EF11C9BF2F0E0AFB056D0D7B112
        SHA-256:B28BCDBDACF6EBAC251DC885EA4331619223BD9BFC0A0BF394A7369257A9679B
        SHA-512:4FC304E57BF7813E924AB4CE2D631C8ECA3A1DCEF6E8D598E65271D3FD0236790C6EE95D3D2DE6FDE44A88ACB9B83CC7E232193B315C5753EBC6512E572F05F6
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!.....f..........^.... ........... ....................................@.....................................K................................................................................... ............... ..H............text...de... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B................@.......H........=..<F............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(.....r...p(..... ....(......(..... ....(.....r...p(....*..(......(......(......(.......(.......(.......(....*...0..............(...+..*6..s6...(...+*6..s6...(...+**....(...+*..0..`.......(....o.....{....3..{......3...}......+..s.......{ ...} .....{!...}".....{#...}$.....{%...}&....*..('...*.0..........

        C:\Program Files (x86)\eFax Messenger\Library\Messenger.EFX.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):4608
        Entropy (8bit):3.6806758836369853
        Encrypted:false
        SSDEEP:
        MD5:0DEF295F6E254D264F751AAFE1C6EBED
        SHA1:FE204D3DD7B53C1A876BC0EBD613EB80EA038D35
        SHA-256:7EE65AA5D35779906A83BA7579070B41F8E07677C67F0571628C61D84053927F
        SHA-512:58466F111378AEE0459B431F68C87B0419CDDAC318C04897F5BF6B886D4BE75CC7670EEE1A5E1F80743F43F183C09FE04A7E0D3D65BCF0F68977F48F7878B345
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)~7\.........." ..0..............(... ...@....... ....................................`.................................H(..O....@.......................`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................|(......H........ ..x............................................................0..".......s....r...p..o....&...(.........*.*....................(....*BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T...$...#Blob...........G..........3..........................................................W...x.W...?.%...w.....g................._.....+.....D.....~.....S.8...1.8.................................................................A.....P ....

        C:\Program Files (x86)\eFax Messenger\Library\Messenger.Models.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):139776
        Entropy (8bit):6.008059602653055
        Encrypted:false
        SSDEEP:
        MD5:67B6E13DB8A75D0C54CC62F5AE2B1738
        SHA1:9724005395DA39126545F0357D4325BE4120B34E
        SHA-256:E39EB134766514DA1316FBF4F0511FA7BB9E2758184C439BEF2BF3CA051753B8
        SHA-512:A211B6731EC22D8EE8CCFC561627EF2431EF28D4044D5BE4FD61F13651B160FE53585C0054A74EA75876A5E25E1DD1A48D9D41773EFCB19D302DB0BC6C4AF818
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........." ..0..............8... ...@....... ....................................`.................................88..O....@.......................`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................l8......H.......to................................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(y...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.

        C:\Program Files (x86)\eFax Messenger\Library\Messenger.Services.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):159232
        Entropy (8bit):5.899169613168235
        Encrypted:false
        SSDEEP:
        MD5:886BB7EAE4D422CD2F03901062CB80B5
        SHA1:0207E054D8DF0B54B8E4C229FB0A0A7B37727488
        SHA-256:84C66B4F891C700281370875A6C8F387101B3555E0057789D9AB2E3B5839B8CF
        SHA-512:746E9E37EF2F17B5FBFBEAEE07DE4ADA505D1B7EBE6DFEC75C272E0A1C9F79FAEB61C589CE959B2C85FD4113C23AA6A44D748E9EF1E3D22CB57B6E98D3DD77DE
        Malicious:true
        Yara Hits:
        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\eFax Messenger\Library\Messenger.Services.dll, Author: Joe Security
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........." ..0..f.............. ........... ....................................`.....................................O...................................P................................................ ............... ..H............text....e... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B........................H.......(...(e............................................................{....*:.(......}....*..0..)........u..........,.(.....{.....{....o....*.*.*v .Vn )UU.Z(.....{....o....X*..0..:........r...p......%..{.......%q.........-.&.+.......o.....(....*..{....*:.(......}....*....0..)........u..........,.(.....{.....{....o....*.*.*v N../ )UU.Z(.....{....o....X*..0..:........r3..p......%..{.......%q.........-.&.+.......o.....(....*..{....*..{ ...*V.(......}......} ...*.0..A.......

        C:\Program Files (x86)\eFax Messenger\Library\Messenger.Utility.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):317440
        Entropy (8bit):5.33659004247105
        Encrypted:false
        SSDEEP:
        MD5:C5E5716F4027AC5E8EDFB25C67907509
        SHA1:1A4B84459B9C30BD3216CF42EB3AC7492E72B07B
        SHA-256:1E4C27E6ABE174C0F32D8AEFBEA6189E0AD6F2D3566176557ED21BA4ABA0BAA2
        SHA-512:53FF21567B2D37D87CBD581343253F4F0806A44506F81A1CD6969C60E26CEEED9221CA8E226551DA99E8A59BEA71A0CB90A86AEB1E33D724768848D553BA59B8
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........." ..0.............j.... ........... .......................@............`.....................................O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................L.......H.........................................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. `DS$ )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*...0...........(....( ...o...+..( ...o...+}....r=..p........("...(#...o$....+'.o%.......o.....o=....o&...,.........+..o'...-..

        C:\Program Files (x86)\eFax Messenger\Library\Messenger.ViewModels.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):460288
        Entropy (8bit):5.935268734272689
        Encrypted:false
        SSDEEP:
        MD5:535BCACECAA9E41C3634EC973230E28F
        SHA1:AE7A95AC2FCFD67E453C15DCA2B147025ECF449B
        SHA-256:4716C5F18FE4148E4C9AA935A11C9AC7EC0330D7DFC721427E17C36603278D46
        SHA-512:AE5F3827CDDB31CC2372373ED7C4563D56877ABF1A176936143FED9C068A088EAF021D8CC1546E9E00ADBD84B0A98F1CD5379C01D8900AA23F2BAE6C8F3570BD
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........." ..0.............:.... ... ....... .......................`............`.....................................O.... .......................@....................................................... ............... ..H............text...@.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........................................................................0..K........(....(............s....o...+........s....s....}.....(....o...+}.....(....*..{....*........( ...(!........("...t....(#...(...+(...+.|.....(...+&*..{....*........( ...(!........("...t....(#...(...+(...+.|.....(...+&*..{....*........( ...(!........("...t....(#...(...+(...+.|.....(...+&*..{....*....0..C..............( ...(!........("...t....(#...(...+(...+.|.....(...+&.(....*..{....*..0..L.......

        C:\Program Files (x86)\eFax Messenger\Library\Messenger.Views.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):586752
        Entropy (8bit):6.213667743283291
        Encrypted:false
        SSDEEP:
        MD5:60099D19990AF1B5739F0E6C5ABCB319
        SHA1:B578774AC0FE1D33DE92AE59E7971E2BFDB99F6C
        SHA-256:E8A5D4EE5908D43B0BC01FAE88717039AE275F72BCBC31F40D618ED51672F836
        SHA-512:4338B0658272D8EECEA473BC9472BF4C2AEC22260A030F642DFEE2099B26F3F8839EBBFB09E0BCDE4CA803F15805DB9B017D41427B09E7F8CA9D6622A3DAB140
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........." ..0.............v.... ... ....... .......................`............`.................................$...O.... .......................@....................................................... ............... ..H............text...|.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................X.......H........!...............O.. ............................................0............ 4......(.....+..*.0.................o.....+..*B.........o.....*...0..1.........o ...r...p $...........%...%....o!...t.....+..*.....o"....*".(#....*B.($......(.....*..0..*.........{......,..+...}....r!..p.s%......(&....*...0..............('....+..*...0..5................+.....+...t....}....+...t....}....+...}....*....o(....o)....o*....o+...(,...o-....*".(.....*....0..W.........}.....(j......

        C:\Program Files (x86)\eFax Messenger\Library\Messenger.eFaxWrapper.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):72704
        Entropy (8bit):5.903517016096214
        Encrypted:false
        SSDEEP:
        MD5:54051B50024AFBC24DFE1CEF3C48F610
        SHA1:0E13AAB74AD20FA0316EA11FAA134F533EFD6424
        SHA-256:605EFFDE7B4A9810AF4ED09396A4AC2A8B25ACB952217C3F21C68915554D6B72
        SHA-512:6C2F58DA922735E6BB4454715A5DAC6E2C60970B2B36DDB1C81DC63EBA361EC9B22F20B0D6CE9BA9C24A10F95DC665340C78905AD8A3452E9EBB986103898815
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x.Xg<.64<.64<.645.48.64n.75>.64..75?.64".4>.64n.35(.64n.256.64n.55=.64..k4>.64<.74..64..359.64...4=.64<..4=.64..45=.64Rich<.64........................PE..L......e...........!.................=.......@...............................P............@..............................................*...................@.......A..T...........................xB..@............@.............. A..H............text....-.......................... ..`.rdata......@.......2..............@..@.data...............................@....rsrc....*.......,..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\Microsoft.Practices.ServiceLocation.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):18112
        Entropy (8bit):6.224403881687228
        Encrypted:false
        SSDEEP:
        MD5:92A533BE83B7FA43A1B18F009A7D450B
        SHA1:E9AC62EBB0643BFFB243D889C535A8ABCD1BA52A
        SHA-256:34005D6A80434542780C6D192E6ABD07BEA49B2EEB7E43FBFDFE90C2889986E5
        SHA-512:B7AE35D9AB96C51B50998B46B8E73BA61BFC01812853C870872A18A3AA986DB8A66D3B8E173E1D7DD58097C07B07AFB64E5297B4B894B8FA1BF565773856A491
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.gS...........!....."...........A... ...`....... ....................................@..................................A..O....`...............,..............T@............................................... ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................A......H........&..d............$..O...P .......................................J.#.....6z&2.c.d..4...L......|.<..bK... ....|e.u(.Q...v..D..#P.fu...........a[\%~..^..<..Y....,.{K....vE}+P.<..a.S+C...y.\..(....*"..(....*&...(....*v(....-.(#...s....z~....o....*.......*2~..........*&...o....*&...o....*...0.............o............o.....s....z.*...................0............o...........o.....s....z.*................^......(.....o.........*^......(.....o.........*.0..<.......(...

        C:\Program Files (x86)\eFax Messenger\Library\Microsoft.Practices.ServiceLocation.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):15978
        Entropy (8bit):4.473814111661763
        Encrypted:false
        SSDEEP:
        MD5:E23579C9737157465A9F874515298789
        SHA1:0F56E44FDF7D20990326BF85B3692263AFDD6501
        SHA-256:8DA3D04EE8E5E146CA17B2A2E786B769497CB71F83444CA94A907E4277FD4F40
        SHA-512:A2CFCF22E98D723EE609D825AFA31A3D8BA102D438D4F01F897222CEB0607143D4CBF8397C450849D8756EF16CA500437D84B4899517D5EECF8841B085F62312
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Practices.ServiceLocation</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Practices.ServiceLocation.ActivationException">.. <summary>.. The standard exception thrown when a ServiceLocator has an error in resolving an object... </summary>.. </member>.. <member name="M:Microsoft.Practices.ServiceLocation.ActivationException.#ctor">.. <summary>.. Initializes a new instance of the <see cref="T:System.Exception" /> class... </summary>.. </member>.. <member name="M:Microsoft.Practices.ServiceLocation.ActivationException.#ctor(System.String)">.. <summary>.. Initializes a new instance of the <see cref="T:System.Exception" /> class with a specified error message... </summary>.. <param name="message">.. The message that describes the error. ..

        C:\Program Files (x86)\eFax Messenger\Library\MimeKit.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):901632
        Entropy (8bit):5.885123255005408
        Encrypted:false
        SSDEEP:
        MD5:3C389ACD83C8EC0B33234117929A769D
        SHA1:EF61AC34E57DC90296C640E81E4F0E2479CCB517
        SHA-256:AEC49B5B0B28AE7B00FD813B797C450F73DC2B6516E4A240EC0E445A0023D2B2
        SHA-512:BAAEA84327273F39330C782ED1A79E0F4ED4FB16EDAB72C5D7D61932DD1F311DDC3615221CBC513DED0C9724777294698C0CF3C4385544B6C36A9DA00EA7432F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r\.........." ..0.............&.... ........... ....................... ......kx....`.....................................O.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........w...V...........................................................0..Q..........}c......}d......}e......}f.....(E...}b......}a....{b........(...+..|b...(G...*....0..A..........}j......}k.....(H...}i......}h....{i........(...+..|i...(J...*....0..A..........}p......}q.....(K...}o......}n....{o........(...+..|o...(M...*....0..A..........}w......}x.....(K...}v......}u....{v........(...+..|v...(M...*....0..I..........}.......}.......}......(H...}.......}.....{.........(...+

        C:\Program Files (x86)\eFax Messenger\Library\MimeKit.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):2086858
        Entropy (8bit):4.522739713638418
        Encrypted:false
        SSDEEP:
        MD5:85D3A2A43C3F4CE3F34C6827AAFDF829
        SHA1:4BBDD6F2B2370F63116A8EB4D157B2C50B6FF81A
        SHA-256:211B451F5A83860C1ED47F8F454573F0F58855BF0A5B31400F6986E6F9A78794
        SHA-512:56AE72BA1A8B58A594F8ABC191694D72C80F3344D62799DC16AB44A8FBE010BCC6B433929C4E6E6E0AA135AB9393F1DFB148E46E62DBB229F13CB11265D9698F
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>MimeKit</name>.. </assembly>.. <members>.. <member name="T:MimeKit.Cryptography.ApplicationPgpEncrypted">.. <summary>.. A MIME part with a Content-Type of application/pgp-encrypted... </summary>.. <remarks>.. An application/pgp-encrypted part will typically be the first child of.. a <see cref="T:MimeKit.Cryptography.MultipartEncrypted"/> part and contains only a Version.. header... </remarks>.. </member>.. <member name="M:MimeKit.Cryptography.ApplicationPgpEncrypted.#ctor(MimeKit.MimeEntityConstructorArgs)">.. <summary>.. Initializes a new instance of the <see cref="T:MimeKit.Cryptography.ApplicationPgpEncrypted"/>.. class based on the <see cref="T:MimeKit.MimeEntityConstructorArgs"/>... </summary>.. <remarks>.. This constructor is used by <see cref

        C:\Program Files (x86)\eFax Messenger\Library\MvvmDialogs.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):10752
        Entropy (8bit):4.788259396020986
        Encrypted:false
        SSDEEP:
        MD5:8601AE4B66D927732353C8FDB1967481
        SHA1:1A1193BADC1E0CE8BCBE2472D59AD4F01AE56D6D
        SHA-256:7B7CAB537AF276F47D6E9FE7F43ADEBF94D007BFB6A563992F01C84E9B010289
        SHA-512:0FBAF0E60C96C34F7B8A3198CE95D0BCE8DF0B860AADD80397B3481A53DA25F828BBF8D0D07195C1C75826BA49A292F629A50FE2A64E4E6C569790FB47EA3B25
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........." ..0.. ..........>>... ...@....... ....................................`..................................=..O....@..,....................`.......<............................................... ............... ..H............text...D.... ... .................. ..`.rsrc...,....@......."..............@..@.reloc.......`.......(..............@..B................ >......H.......4'..............................................................6.~.....o....*2.~....o....*..0..+.......s.......}......{....u....}.....{....-.*.{...........s....o....~.....{....o....-.~.....{...........s....o......(....u......,U.~.....{....o....o.....(...+o.....+...(......{....u....(......(....-...........o.......(....u......,I.~.....{....o....o ....(...+o.....+...(....(......(....-...........o.....*.........%....................0..>.......s.......}....(!....o"...o#..

        C:\Program Files (x86)\eFax Messenger\Library\Newtonsoft.Json.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):713541
        Entropy (8bit):4.6324452440106905
        Encrypted:false
        SSDEEP:
        MD5:D398FFE9FDAC6A53A8D8BB26F29BBB3C
        SHA1:BFFCEEBB85CA40809E8BCF5941571858E0E0CB31
        SHA-256:79EE87D4EDE8783461DE05B93379D576F6E8575D4AB49359F15897A854B643C4
        SHA-512:7DB8AAC5FF9B7A202A00D8ACEBCE85DF14A7AF76B72480921C96B6E01707416596721AFA1FA1A9A0563BF528DF3436155ABC15687B1FEE282F30DDCC0DDB9DB7
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

        C:\Program Files (x86)\eFax Messenger\Library\PhoneNumbers.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):14588928
        Entropy (8bit):6.209064432509632
        Encrypted:false
        SSDEEP:
        MD5:74647B57527C073CCF948C7D223D7415
        SHA1:8CC6C78268DEF364B6013CC902A64E0968D455BB
        SHA-256:208D53E9774839AEF7F951B6A0D61937C5374B561E16A500EA36C555AB44D753
        SHA-512:230CF4D4928571ACF11C7D5C956D13397904F5382BA5C71E748076EDB9BC3B60F83CC7861A539156EE87657FDC2DCB58AB5CB373673AA6CD416BCA2C72B1A36F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s............" ..0.................. ........... ....................................`.................................:...O.......P...............................8............................................ ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B................n.......H...........(...........0...X.............................................(....*:.(......}....*..{....*:..o.....o....*.sS...*.s\...*.0..".......(.......(....(.......(......2..*.*:...(....}....*....0...........{....o......-..*.o9.......(.....{.....o....(....(.......Y..{....o......o......+z....Yo........(........o......1......o....(.........(......./..*.{.....o.........j3..{.....o....*...Y.....1.....Yo....../....0..*...0..7.........+-..X.[..{.....o......j.3..*.j.1...Y....+...X.

        C:\Program Files (x86)\eFax Messenger\Library\PhoneNumbers.xml

        Download File
        Process:C:\Windows\SysWOW64\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with very long lines (335), with CRLF line terminators
        Category:dropped
        Size (bytes):125742
        Entropy (8bit):4.64676060720649
        Encrypted:false
        SSDEEP:
        MD5:770E53CD3FC043F738DAC2BDDD6F397F
        SHA1:F675430C2AD0B0357416638E0D8C258EC1F1C160
        SHA-256:06960B11CC3E2DF1EA329C467AF2C414B23FB94EBDC7A4F4F35A0249B1F72FDE
        SHA-512:19797322E724BAE000E8389F70901425F6AE882C38AD25C045F3295C6658F13EDD802D946770237ED70625B6AC19366FB410C14136183C674BA2E8696A2FA869
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<doc>.. <assembly>.. <name>PhoneNumbers</name>.. </assembly>.. <members>.. <member name="T:PhoneNumbers.AreaCodeMap">.. <summary>.. A utility that maps phone number prefixes to a string describing the geographical area the prefix.. covers... @author Shaopeng Jia -->.. </summary>.. </member>.. <member name="M:PhoneNumbers.AreaCodeMap.GetSizeOfAreaCodeMapStorage(PhoneNumbers.AreaCodeMapStorageStrategy,System.Collections.Generic.SortedDictionary{System.Int32,System.String})">.. Creates an empty {@link AreaCodeMap}. The default constructor is necessary for implementing.. {@link Externalizable}. The empty map could later be populated by.. {@link #readAreaCodeMap(java.util.SortedMap)} or {@link #readExternal(java.io.ObjectInput)}... <summary>Gets the size of the provided area code map storage. The map storage passed-in will be filled.. a

        C:\Program Files (x86)\eFax Messenger\Library\PrintHook32.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):370864
        Entropy (8bit):6.607652051600382
        Encrypted:false
        SSDEEP:
        MD5:2D5850880DB218EE3A7CA91ACA39AD24
        SHA1:2CF176641A23A7128C7BABA73E35C303866C6CFC
        SHA-256:13CC11EB1329D1E591664E688BFEE251B89F37635577F85457A01ACF70889329
        SHA-512:FF3683488731B284D6A339B8F35EA6358EC5D11C71ACFE9664119D86CB0248C543A6EAE34CEE6F4C0137A9413A5EDD92330F9CEFD3D083A500F3CEC75466131F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......p..E4...4...4.......:...............)....|.."....|.......|.........=...=f}.9...4........}..<....}..5....}..5...4.y.5....}..5...Rich4...........................PE..L....eZ...........!.....~...........................................................s....@.........................................p..........................(F......p..........................0...@...............8............................text...W}.......~.................. ..`.rdata..N4.......6..................@..@.data...............................@....rsrc........p.......B..............@..@.reloc..(F.......H...H..............@..B........................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\PrintHook64.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
        Category:dropped
        Size (bytes):446128
        Entropy (8bit):6.2174205083684075
        Encrypted:false
        SSDEEP:
        MD5:F2B8D0F6B406E57371C0BC3B44007E6D
        SHA1:2E3049CB090F06D339631018B6B87642CBC13442
        SHA-256:0500FBEBF47181B3AE97FF431672F2E218A0DCB68E0EA53CB521A6CE2174918D
        SHA-512:C9C280669BAD32BCC9FDB8360C0979148D68B267265B67FB517F96FF4E84ABFB1ACEE123D2AB136BBB525B057F508C1ECFD673FDED0D32E2E48A07B92DCB4A85
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 3%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................KD.....KD,.s..KD-....&.....&.....&..............L.......b..4.....4.....4. ......H....4.....Rich...........PE..d.....eZ.........." ......................................................... ............`.....................................................................-...............!...I..p....................J..(....I...............................................text............................... ..`.rdata..............................@..@.data...L...........................@....pdata...-...........`..............@..@.rsrc...............................@..@.reloc...!......."..................@..B................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\Priority Queue.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):20480
        Entropy (8bit):5.171208450614712
        Encrypted:false
        SSDEEP:
        MD5:C31AD73BF1C520E5A19051C8222E43B3
        SHA1:A64CE9CFDF7B07A0CF2C991118B878A210DE25BC
        SHA-256:EB606CD8D3AB9EB84839DAD542EA1331FAB0CC67A493103ED1CC5EE715749F08
        SHA-512:D08F9E2C2947910C1959620611F22D1B34C886A2728E669708EBD2BD366A55EEF6911A34F2D756BFB645CCA8F4E16EFE4DC16547839ED4C700064521C6D8B747
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y.........." ..0..F..........re... ........... ....................................`................................. e..O....................................c............................................... ............... ..H............text...xE... ...F.................. ..`.rsrc................H..............@..@.reloc...............N..............@..B................Te......H........;..\(..........................................................6..(....(....*V...%......s....(....*..(......}.......X.....} .....j}!.....}"...*..{....*..{ ....i.Y*j.{ .....{....(#.....}....*..{ .........o$.....................*.0..r..............o%.....{.....X}.....{ ....{.................{....o&...........{!......jX}!....o'.....{ ....{.........((...*...0..]........{ .........o$..........{ .........o$...............o$................o$...o&..........o&...*....0..B...

        C:\Program Files (x86)\eFax Messenger\Library\Priority Queue.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):31357
        Entropy (8bit):4.43763954595324
        Encrypted:false
        SSDEEP:
        MD5:D6A520BE8D797F02D5F03DB4CDBA9465
        SHA1:6B148BC4B3898E1FBEBF8FFCC31180DE893640DA
        SHA-256:C324F5933B160747C3A761ECD7841FBA2ECA94B1C3812BEC954BA4C2B78F92F2
        SHA-512:1DC40A79435D0626FD7E5DF47323A3017953BB86F031791D7D0E7CC7D7954D46A0A885ED73A7B07346C7461D6D9FDE50A8B3A55D74CA0903F8CA2A20407B998A
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Priority Queue</name>.. </assembly>.. <members>.. <member name="T:Priority_Queue.GenericPriorityQueue`2">.. <summary>.. A copy of StablePriorityQueue which also has generic priority-type.. </summary>.. <typeparam name="TItem">The values in the queue. Must extend the GenericPriorityQueue class</typeparam>.. <typeparam name="TPriority">The priority-type. Must extend IComparable&lt;TPriority&gt;</typeparam>.. </member>.. <member name="M:Priority_Queue.GenericPriorityQueue`2.#ctor(System.Int32)">.. <summary>.. Instantiate a new Priority Queue.. </summary>.. <param name="maxNodes">The max nodes ever allowed to be enqueued (going over this will cause undefined behavior)</param>.. </member>.. <member name="M:Priority_Queue.GenericPriorityQueue`2.#ctor(System.Int32,System.Collections.Generic.ICo

        C:\Program Files (x86)\eFax Messenger\Library\System.Data.SQLite.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):364544
        Entropy (8bit):6.016735753684852
        Encrypted:false
        SSDEEP:
        MD5:ECAB575DD9FAA510F9D7BB67C55E0213
        SHA1:B9D5AF76D8DF1C4EE4CCBA33B2AFA8300952D923
        SHA-256:19AD18AD0A128F690667C7239DBAF89629ABE43A6BB365BAC295B72A8CC26318
        SHA-512:22BA1F1F9F92510DB76833BAAC3703D144D0B908539BAFC1BF8F9504EED3B5B82D3236D9A914B714E97753C9D7FCD39EC59D3DD090AD1E48371389E6619C1455
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......^...........!..................... ........... ..............................6S....@....................................S....... ............................................................................ ............... ..H............text...$.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B........................H......................0.......P .......................................Mf.6..>/..U.....6....B.W......X..a..l.5.{......1.6...w..n....0I...R&..l..s...kvM.....G......_.r.3..P..6...z2j..d.=D.Yy:.(......}....*..{....*:.(......}....*..{....*r.(......}......}......}....*..0..5........-..*~.....o.....X...s....~.......o......o .........*6..(....(....*"..(....*.0..T........~!...("...-..-.~#...*../....+...X....($...-..-.~#...*..s........(%...~.......o&...*Z.~....2..~.........

        C:\Program Files (x86)\eFax Messenger\Library\System.Data.SQLite.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):1102576
        Entropy (8bit):4.493804458653302
        Encrypted:false
        SSDEEP:
        MD5:053A448987A06C4A32A9073A53F3E1E6
        SHA1:4097726EAE3118545EA306FCF9EFFAEC2138D442
        SHA-256:0FB1342B154F09242FBB50AE8D637F8AECEE6531582371BBC6032ECADC9C523F
        SHA-512:D6F3E397A349DB805A2CF498A4F6FCDDFE73B74CEF4067E858ACD03C9D27AAE817A6AC366864E1597F9C0B3895C27947C3285B7FC9A829BD519EE760DC60DC91
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>System.Data.SQLite</name>.. </assembly>.. <members>.. <member name="T:System.Data.SQLite.AssemblySourceIdAttribute">.. <summary>.. Defines a source code identifier custom attribute for an assembly.. manifest... </summary>.. </member>.. <member name="M:System.Data.SQLite.AssemblySourceIdAttribute.#ctor(System.String)">.. <summary>.. Constructs an instance of this attribute class using the specified.. source code identifier value... </summary>.. <param name="value">.. The source code identifier value to use... </param>.. </member>.. <member name="P:System.Data.SQLite.AssemblySourceIdAttribute.SourceId">.. <summary>.. Gets the source code identifier value... </summary>.. </member>.. <member name="T:System.Data.SQLite.Assembl

        C:\Program Files (x86)\eFax Messenger\Library\System.Net.Http.Formatting.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):168520
        Entropy (8bit):6.14902664495126
        Encrypted:false
        SSDEEP:
        MD5:48803493C75F0034527DCAB87876B9AC
        SHA1:AC7DF896A47F2A309C08FB7D0ED1919B7EFC57D6
        SHA-256:1D36070EB6E3624A578BC3B99DA4DD0829FD8EC78875B3000FAD12BBCCE9C795
        SHA-512:5CF4022FB9B1B764E3E3DF638103F8B8AB756754887188974C8C6AEBACE851EB142906B8CE4F3DE0E71B642138EB05F9519C7F7E2F153A4BFD8C0BD064AD2295
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....I.P...........!.....n..........n.... ........@.. ...............................X....@.....................................S....... ............x..H............................................................ ............... ..H............text...tl... ...n.................. ..`.rsrc... ............p..............@..@.reloc...............v..............@..B................P.......H...........................'..P ...........................................B......6..$.U.....u..)"...Ui|...V6....`56P..Q.I.ec..Y..<R....p._J.d3.....9..A.<.sq...4..Li...f....r.1..k....XYZ..0..8........-.r...p(....z....o....,..u....,..............*........*.0..H.......(!...o"....{#...3..{$.....3...}$.....+..s%......{&...}'.....{(...})....*..(*...*.0...........{$.....E........p...v.......Y...8q.....}$....{'...-.r...p(....z.{)...-.r-..p(....z.{'....{)....|+...o,...,,

        C:\Program Files (x86)\eFax Messenger\Library\System.Net.Http.Formatting.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1300), with CRLF line terminators
        Category:dropped
        Size (bytes):137872
        Entropy (8bit):4.821249555520338
        Encrypted:false
        SSDEEP:
        MD5:5A488FA116245F3E588A1E1C5C15C760
        SHA1:4F58EF47E03DC69DB069FCB6A5EF4CDEEC921D25
        SHA-256:3FA5685FD4A78B54208A53BCB50DE99E50A78B43F84433F4AF60ACC3153F14C8
        SHA-512:4DBD496A6A0ECFBB31903CB1780825B040BCA29FE9671D5D253D8BE23E78DCFFD9BB9BCBB9C8816EA0D2A5CABEAFB4A924C4E6E89E8DE21A45D534C65CC18C3F
        Malicious:false
        Reputation:low
        Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Net.Http.Formatting</name>.. </assembly>.. <members>.. <member name="T:System.Net.Http.HttpClientExtensions">.. <summary>Extension methods that aid in making formatted requests using <see cref="T:System.Net.Http.HttpClient" />.</summary>.. </member>.. <member name="M:System.Net.Http.HttpClientExtensions.PostAsJsonAsync``1(System.Net.Http.HttpClient,System.String,``0)">.. <summary>Sends a POST request as an asynchronous operation, with a specified value serialized as JSON.</summary>.. <returns>A task object representing the asynchronous operation.</returns>.. <param name="client">The client used to make the request.</param>.. <param name="requestUri">The URI the request is sent to.</param>.. <param name="value">The value to write into the entity body of the request.</param>.. <typeparam name="T">The type of object to serialize.</typeparam>.. </member>.. <m

        C:\Program Files (x86)\eFax Messenger\Library\System.Web.Http.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):323168
        Entropy (8bit):6.193622407766815
        Encrypted:false
        SSDEEP:
        MD5:70AB19899C39D27C8140C0ECC9A86686
        SHA1:1EE1195AD94BE2743267EBF9FF959B46C3DFC860
        SHA-256:17587592CFEC8180FE8D304AAB213BD949D02E5F3F50341479C3EF1F3C7C1AC2
        SHA-512:665E845DF952EE56A477E2B7D91DB11D219BAD28DE8668B260D46EB249EE8770DF9279F41F5ADE36DEAFA0ACFCFE2275E8310DC73DA3EC1A646B254AA92955AD
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X{.O...........!................>.... ........@.. .......................@......Gf....@.....................................K.......................`.... ......l................................................ ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................ .......H.......................X...oA..P ........................................:...Bk`."..,.H.8Cn..2.....8V..-%...<.....V.-.[.h..c..>N.2...i.........ow......j....S.<...Q..S..m..`.b..n/Av5.p..".0..8........-.r...p(....z....o....,..u....,..............*........*.0..H.......(&...o'....{(...3..{).....3...}).....+..s*......{+...},.....{-...}.....*..(/...*.0...........{).....E........p...v.......Y...8q.....})....{,...-.r...p(....z.{....-.r-..p(....z.{,....{.....|0...o1...,,

        C:\Program Files (x86)\eFax Messenger\Library\System.Web.Http.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (323), with CRLF line terminators
        Category:dropped
        Size (bytes):379561
        Entropy (8bit):4.8569110676693406
        Encrypted:false
        SSDEEP:
        MD5:B05AF5D02DE014329FCE741D134AE13E
        SHA1:E311FFCEC04C647913500896C6B132FEC477FC7B
        SHA-256:5D2048F5644BB3B9C01DBC030D41A67314E94A0AB26C2FDDE838DD75CC58965F
        SHA-512:FC0EEED3F7442CB046420D48DC265453150284D0E95574DE398ED643F2288A0C1AD85229299872FA86AA5072E6CF6A98FE5059E6BD18ED1C6F599D9FA25C73C7
        Malicious:false
        Reputation:low
        Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Web.Http</name>.. </assembly>.. <members>.. <member name="M:System.Net.Http.HttpRequestMessageExtensions.CreateErrorResponse(System.Net.Http.HttpRequestMessage,System.Net.HttpStatusCode,System.Exception)">.. <summary>Creates an <see cref="T:System.Net.Http.HttpResponseMessage" /> that represents an exception.</summary>.. <returns>The request must be associated with an <see cref="T:System.Web.Http.HttpConfiguration" /> instance.An <see cref="T:System.Net.Http.HttpResponseMessage" /> whose content is a serialized representation of an <see cref="T:System.Web.Http.HttpError" /> instance.</returns>.. <param name="request">The HTTP request.</param>.. <param name="statusCode">The status code of the response.</param>.. <param name="exception">The exception.</param>.. </member>.. <member name="M:System.Net.Http.HttpRequestMessageExtensions.CreateErrorResponse(System.Net.Http.Htt

        C:\Program Files (x86)\eFax Messenger\Library\System.Windows.Interactivity.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):55904
        Entropy (8bit):6.299047178318044
        Encrypted:false
        SSDEEP:
        MD5:580244BC805220253A87196913EB3E5E
        SHA1:CE6C4C18CF638F980905B9CB6710EE1FA73BB397
        SHA-256:93FBC59E4880AFC9F136C3AC0976ADA7F3FAA7CACEDCE5C824B337CBCA9D2EBF
        SHA-512:2666B594F13CE9DF2352D10A3D8836BF447EAF6A08DA528B027436BB4AFFAAD9CD5466B4337A3EAF7B41D3021016B53C5448C7A52C037708CAE9501DB89A73F0
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W."Q...........!.................... ........ ;. ...................................`.....................................K.......................`>..........H................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......,O...`..........pD......P ......................................g.=d.N:..K..=mU.....M......^.....@........h.pX..9.web.~M}.R9 l9..2.....1S...{^..Pn....8.6k...S.-.K..$uXpy....t.'.%u/...+VC6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

        C:\Program Files (x86)\eFax Messenger\Library\Win32\SQLite.Interop.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):1879552
        Entropy (8bit):6.869045401115665
        Encrypted:false
        SSDEEP:
        MD5:A00590A83CC08F9037BE205491E50B69
        SHA1:88EA4C1AF78D0B75E0CCAD3448C8E614A13D4543
        SHA-256:974DF7DECBFA0A987A17AEC7B09EA3A31BBA9A83CB9B4024DCBDEE0EEAF4DFEB
        SHA-512:542FA9BE4172C46B0264AD6AA0ACB5F064972A919206A5BF976EE44AFFD688567342DD6925A0A3E3D53402A423E6DF240491895FD961CEDC78524D4312058C64
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 2%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q...5.s.5.s.5.s.......s.......s......s.<...<.s.5.r..s.5.s.!.s.Z...M.s.....4.s.....4.s.....4.s.....4.s.Rich5.s.........................PE..L.....3Z...........!................{O....................................... .......w....@......................... h...(..,\..P.... ..<....................0..t...`............................... U..@............................................text............................... ..`.rdata.............................@..@.data...dw.......8..................@....rsrc...<.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\WpfScreenHelper.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):10752
        Entropy (8bit):4.950771236080318
        Encrypted:false
        SSDEEP:
        MD5:90BD85EE181E53224EB2529FEF63A3E4
        SHA1:145F9D11F104FE07955B49C112DD1144D385B913
        SHA-256:10862EC3F8882317BE753165BAFCE58331DF0FC8DE3BA124489C819982B6D77E
        SHA-512:A7A6C5EC99C15003925B69DA576A4F03EC6680F4C8A5FCDF1DE36C3D13E8147D5979BBF9F7A2738526906FC1AA9F9040E75CF0B320BECCD61734130077FE4C9E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......T...........!....."...........@... ...`....... ....................................@.................................X@..S....`.............................. ?............................................... ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................@......H........&................................................................(....*N.P(...............*6..~....(....*...0...........(....~....,.. ..(....(....,".(0...(......(.....r...p(....8....s*......s.....(....&..|....{....l.|....{....l.|....{.....|....{....Yl.|....{.....|....{....Yls....(......{....._......(......{....s...... .....(....(......}....*...0..a.......~....,?s............s.....~......~....(....&.o....o.....1..o....(...+*......... ..(....s......*..{....*"..}...

        C:\Program Files (x86)\eFax Messenger\Library\x64\SQLite.Interop.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
        Category:dropped
        Size (bytes):1662976
        Entropy (8bit):6.57660497647947
        Encrypted:false
        SSDEEP:
        MD5:DF5C214D9A436A6A96C93CB8927194E4
        SHA1:70110AF5CD1600CA5552C3BA69A0AC58E33750E4
        SHA-256:96C952EFA25720EEC63437DF20E20B8959DDE5230C6F1D5C30BE68CF72665532
        SHA-512:2207725C056F109DFFA95F2AC2BD2FFB8131232CE558173C1EF608D715922E5166F2974CE3A2E132CF405317D1502A14A71FBE895334707FD96B9350825D3B86
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W-.6C..6C..6C....6C.....6C.....6C..N..6C..6B.;6C....6C.....6C.....6C.....6C.Rich.6C.................PE..d.... .^.........." .........p......d)...............................................b....@.........................................@....1..`...<.......<.......P...................0................................................................................text............................... ..`.rdata..;I.......J..................@..@.data...x|...P...f...:..............@....pdata..P...........................@..@text....]...........................@.. data.....c.......d..................@..@.rsrc...<............6..............@..@.reloc........... ...@..............@..B................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Library\x86\SQLite.Interop.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):1266176
        Entropy (8bit):6.860339359492495
        Encrypted:false
        SSDEEP:
        MD5:C09A5FF0CF2613EBCF29357BE05C9BC3
        SHA1:0ED14FA706E2E46933C4DBC27C8329CD99201070
        SHA-256:BA0BF347CD8966E53EFA282DF84A9F966BBC2FF99642EE0BE5B2A86644BB7F5E
        SHA-512:99EDA404EC421756049F5D7FC42C27079187C6AFB35AB125F4B8A8F9764687BF1777BAC018AD0B7FD7640B1215F0B3A2741689EAD569BEC938AEF428510CCAF8
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..E..WE..WE..W^.6W\..W^..W~..W^.7W)..WLb.W@..WE..W...W^.3WD..W^..WD..W^..WD..W^..WD..WRichE..W........................PE..L......^...........!.....J...........'.......`.......................................t....@.........................P`...2..lU..<.......<........................w.. b..............................PR..@............`...............................text...pI.......J.................. ..`.rdata...3...`...4...N..............@..@.data...HY.......H..................@....rsrc...<...........................@..@.reloc...}.......~..................@..B................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Messenger.eFaxWrapper.Console.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):16152
        Entropy (8bit):6.78183012213221
        Encrypted:false
        SSDEEP:
        MD5:5A763B095F4ED8AF47B579CB566F7603
        SHA1:3D963F6B0CB6AF7495CC0D834224460171E1087E
        SHA-256:A50F94E49B2D0A0B2D1DC5990707B61B0685BE2BF43DBAACB0ACB3339EB5741C
        SHA-512:2192751A99C34DC64D145E78B04ADAA9A8E47A4024DF175A11515BC78FB8A1F8E6E73B7C002AB42749424A6D2EF5369595AB7DB61355A884742228B1CC7791B0
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e..............0.............R)... ...@....@.. ...................................`..................................)..O....@..X................)...`.......'............................................... ............... ..H............text...X.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................4)......H........ ...............................................................0..2.......(....&..i.2....(....-.........(......o....(......*..........%%......Ns....r...p..o....&*..(....*BSJB............v4.0.30319......l...H...#~..........#Strings............#US.........#GUID.......D...#Blob...........G..........3................................................................C...........w.z...........B...&.B.....B.....B...c.B...|.B.....B.........i.......B...........&...T.&.....&...

        C:\Program Files (x86)\eFax Messenger\Messenger.eFaxWrapper.Console.exe.config

        Download File
        Process:C:\Windows\SysWOW64\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):592
        Entropy (8bit):5.07653808381967
        Encrypted:false
        SSDEEP:
        MD5:0D43DD56A7C7A06531A7C52695924367
        SHA1:392F72BA12660D3B3E562AC2EBA222E49B224829
        SHA-256:6D8936AFD03B7163C75209DB257216984D14F4FA9CA2751CCA838B442554053D
        SHA-512:00AFD297F5895BB27573E20675A385F70E2F6DBD1500B70B7DD78C298DEF92AF479157E552087A39FDC476AD00897306EF2AF129A4B6AB4725588773F2E8AB8C
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/>.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <probing privatePath="lib;Library"/>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/>.. <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0"/>.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

        C:\Program Files (x86)\eFax Messenger\MessengerSettings.json

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\InstallHelper.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):185
        Entropy (8bit):4.639179893968398
        Encrypted:false
        SSDEEP:
        MD5:74B3889C4D7EE9FAA4D14C88BB60403A
        SHA1:B4B037FECD54EBD2C79D8492E1FCBF680EC9B125
        SHA-256:8A51BCCCC4E011F15903189FB01FCEB82C156164A3F7D252CCDC9AB46655E29E
        SHA-512:2C2F544CE07B202E2E47AA0C88D1340E5FFFAAE82C9D13E2A7713A791C8CEFD763B83CC7A66CA398C0404E7A7D7CF0D210EE2EB380CB362DBAB50A1DB260E6FB
        Malicious:false
        Reputation:low
        Preview:{"installationType":"per-machine","language":"English","guiInstall":"true","apiBaseUrl":"https://api.fax.j2.com/myaccount","enableSharedLocation":"false","enableUpdateAutocheck":"true"}

        C:\Program Files (x86)\eFax Messenger\Migrations\1To2.sql

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (358), with CRLF line terminators
        Category:dropped
        Size (bytes):2182
        Entropy (8bit):5.029875750443825
        Encrypted:false
        SSDEEP:
        MD5:67FF46141BAFBFB0F54CB9AFA0B92FAC
        SHA1:4691E1E51A03D7E0B87543923B218032BC9FBDFF
        SHA-256:1F364CC78D0C29BD999ECC188C162D4B160035C98E5EF82441E7FFDFB02B9173
        SHA-512:50E79696469BB76A8D065ADEBF49675E2786AFB7B498EEEFCE32B74F10E12F0BA9FEC60FB0C1F26A15B8854F5531CC72F5EBDD1E78AA214CBE79439C4ADCE421
        Malicious:false
        Reputation:low
        Preview:.CREATE TABLE IF NOT EXISTS [Tag] ( Id INTEGER PRIMARY KEY AUTOINCREMENT,TagName TEXT );..CREATE TABLE IF NOT EXISTS [DocumentTagLink] ( Id INTEGER PRIMARY KEY AUTOINCREMENT,DocumentId INTEGER,TagId INTEGER );..CREATE TABLE IF NOT EXISTS [FaxRecipient] ( Id INTEGER PRIMARY KEY AUTOINCREMENT,Name TEXT,FaxNumber TEXT,FaxNumberForDisplay TEXT,Email TEXT,ContactId INTEGER );..CREATE TABLE IF NOT EXISTS [DocumentFaxRecipientLink] ( Id INTEGER PRIMARY KEY AUTOINCREMENT,DocumentId INTEGER,FaxRecipientId INTEGER );..CREATE TABLE IF NOT EXISTS [Document] ( Id INTEGER PRIMARY KEY AUTOINCREMENT,FilePath TEXT,FileExists BOOLEAN,FileSize INTEGER,Subject TEXT,IsCoverPageFile BOOLEAN,IsPrinterDriverImport INTEGER,PagesCount INTEGER,Status TEXT,DateCreated TEXT,LastTouch TEXT,CloudId TEXT,Reference TEXT );..CREATE TABLE IF NOT EXISTS [Contact] ( Id INTEGER PRIMARY KEY AUTOINCREMENT,Company TEXT,FaxNumber TEXT,Email TEXT,WorkNumber TEXT,MobileNumber TEXT,IsFavorite BOOLEAN,Title TEXT,FullName TEXT );

        C:\Program Files (x86)\eFax Messenger\Migrations\2To3.sql

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):72
        Entropy (8bit):4.592730871212992
        Encrypted:false
        SSDEEP:
        MD5:E739B8BFFB545B9D590CB090E4BB21ED
        SHA1:0A18B255245B3FE8217DFB120A1CCA5E2CC76F46
        SHA-256:A11B786DEE50C20094B2E883509907D79C62F8CDBAC0BCDDE5AAA33AEA39AD36
        SHA-512:1C258ECBDCC72A10A07B93C17D5ACFB001925E089C75826ED140A258D51B9DFFF1AB2B44458626EBC15DA50DA53AA91759F9AE0F0BBCE917D1414F6FBFBBB358
        Malicious:false
        Reputation:low
        Preview:ALTER TABLE [Document] ADD AttachmentsCount INTEGER NOT NULL DEFAULT(0);

        C:\Program Files (x86)\eFax Messenger\Migrations\3To4.sql

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):111
        Entropy (8bit):4.644953809349959
        Encrypted:false
        SSDEEP:
        MD5:B440D25EAD0901957B2547803888CC98
        SHA1:B699899A4095774C836153BB37A7296F2EAF911F
        SHA-256:29565635787EE0CAFD8F925D8EC44C71D44FFBED624526F0308D363E0DD7F5ED
        SHA-512:20C056FF5EFEDFB1A209A81BB2EEE9EC278B4B84E4BB00D3149C5FE07E4F9D99843D433AF7BD44C80321F53AB4D528EA2397DF5D67C68E52EEE516B1E0A5B21F
        Malicious:false
        Reputation:low
        Preview:ALTER TABLE [Document] ADD IsDeleted BOOLEAN NOT NULL DEFAULT(0);..ALTER TABLE [Document] ADD TrashDate TEXT;..

        C:\Program Files (x86)\eFax Messenger\Migrations\4To5.sql

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):43
        Entropy (8bit):4.359420499331697
        Encrypted:false
        SSDEEP:
        MD5:3AB325D2CEF8847726A45D58847CF63F
        SHA1:24D1102158E654E1EE607B4008C076581BF92BEE
        SHA-256:0D0372939FDEF0343AFD9576AB4ADF1F1E992C97ACABA90BE63D8478FF23290A
        SHA-512:39861355A6699C967AD4D013929F8124EC0D7D1B7C1DCE35E5965E57945C1343CAE5EFBFD8D97FDD5BE542B291BED11D76AD98A7400D65607DF0E3DFD72198D8
        Malicious:false
        Reputation:low
        Preview:ALTER TABLE [Document] ADD CustomerId TEXT;

        C:\Program Files (x86)\eFax Messenger\Migrations\5To6.sql

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with very long lines (835), with CRLF line terminators
        Category:dropped
        Size (bytes):1304
        Entropy (8bit):4.9224815657644845
        Encrypted:false
        SSDEEP:
        MD5:5259C65E22F4BDA484BE26372AE42E5A
        SHA1:AF453FBF7AE91ECB88DB8868D854A807547ADB50
        SHA-256:3302ECC1CC3D0C0C494526CCC84EE785EF33D948BD493A806AE4D8E648B0D912
        SHA-512:0EF5D200F65929EE5D023D5B26C1CAE75F55341F91E78EC69A875024DE46B363675CF28B55C2D610F74B19D63B0940DF461C32ADFB0A08090397CD67E5550DA4
        Malicious:false
        Reputation:low
        Preview:ALTER TABLE [Document] ADD Location TEXT;..CREATE TABLE IF NOT EXISTS [Folder] ( Id INTEGER PRIMARY KEY AUTOINCREMENT,ServiceId TEXT,Name TEXT,DisplayName TEXT,CanDelete BOOLEAN,CanRename BOOLEAN,IsSystemFolder BOOLEAN );..CREATE TABLE IF NOT EXISTS [Message] ( Id INTEGER PRIMARY KEY AUTOINCREMENT,MessageId TEXT,FaxPages TEXT,EnvFrom TEXT,ServiceId TEXT,CustomerKey TEXT,Body TEXT,MessageFormat TEXT,OriginIp TEXT,FaxMode TEXT,CallerId TEXT,ToEmail TEXT,MessageDate TEXT,PhoneNumber TEXT,MessageDuration TEXT,FromEmail TEXT,FormattedGeneralDate TEXT,FormattedGeneralDateTime TEXT,Subject TEXT,Date TEXT,FaxCsidRemote TEXT,Size INTEGER,MessageSize TEXT,ResponseStatus TEXT,CustomerId TEXT,File TEXT,MessageCreatorId TEXT,ServiceKey TEXT,BId TEXT,BillingCode TEXT,CDate TEXT,FaxDuration TEXT,FaxResultCode TEXT,FaxSubject TEXT,J2Id TEXT,RecipientFaxNumber TEXT,RecipientName TEXT,SDate TEXT,SenderEmail TEXT,TransactionId TEXT,DateReceived INTEGER,FileName TEXT,FlagRead INTEGER,Folder TEXT,Formatted

        C:\Program Files (x86)\eFax Messenger\PDImportConfig.xml

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):340
        Entropy (8bit):4.31941382842597
        Encrypted:false
        SSDEEP:
        MD5:746337FB70A31C2BCAF610A0D0350C94
        SHA1:A95DAAA20F2DC0861A7BED289869D33E2CE8E0A1
        SHA-256:3426DA1004D40EA03161A76E69A26CE1FD8257CE7DE7BC1337DD26FDD328C89C
        SHA-512:D81435D09003C4DF7626AD19FE7646CC5EEB45CCA8D9C0D121D8D6D9D674AFFA04F42D7529D21CDCBDF628F469DC0377B33BDEE6FD966FFE914035EDF4F3530B
        Malicious:false
        Reputation:low
        Preview:<messenger-config>.. <driver-tif-export-path>__driver-tif-export-path__</driver-tif-export-path>.. <messenger-import-path>__messenger-import-path__</messenger-import-path>.. <messenger-exe-location>__messenger-exe-location__</messenger-exe-location>.. <messenger-exe-name>__messenger-exe-name__</messenger-exe-name>..</messenger-config>

        C:\Program Files (x86)\eFax Messenger\PauseApp.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):15128
        Entropy (8bit):6.933149779860887
        Encrypted:false
        SSDEEP:
        MD5:F9D654860187FB07C8E31DA3FB296BCA
        SHA1:35EE83B6A1CEA80179B1BFF33B45051AAC64A74A
        SHA-256:5849A8E00677F65CA98AB916EC2130DC3823A6D8C74630F25DA3CE60876D78C3
        SHA-512:16205B476534E413906FB6BF1D34E68F3A1D01A106C105813BD0CBC1B9846D8BAF7ECF317273332F2C98A705C907A327162E66FDA272AC14485F79B8B7748A5D
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....s[.........."...0..............'... ...@....@.. ....................................`.................................L'..O....@...................)...`.......&............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......d ..............................................................".(....&*".(.....*..BSJB............v4.0.30319......l.......#~..8...T...#Strings............#US.........#GUID...........#Blob...........G..........3..........................................................k.....2.....7.....Z.................R...........7.....q.....F.....$.................K...............................A.....P ........'...Y ................F...................).....1.....9.....A.....I...

        C:\Program Files (x86)\eFax Messenger\PrintDriverImport.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):23832
        Entropy (8bit):6.55232909775847
        Encrypted:false
        SSDEEP:
        MD5:0586C5AEADCF2AE9366F3C52CB23CEE0
        SHA1:C835A1C1691CE06C0FEABA0B4EC1CCC5EFF1A71F
        SHA-256:C655E62861BFE7C8DF0F493EC8EE12DAA095E46607AE9AB2DD254121C0FCD158
        SHA-512:AD277BC7BD389D3868E1CDA74DA2C2E2AB41D454412A3746B53708AFB41DE983BA9AB490D389A226FD219E082D6D3AACD0574131944CDF2B1CD948BC1BFD3618
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........."...0..*..........~H... ...`....@.. ...............................T....`.................................,H..O....`...............4...)...........F............................................... ............... ..H............text....(... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B................`H......H.......t*...............................................................0..,.......s......o......(....-...o....,...o.....o....*..(....*.0..Y........r...p}.....r...p}.....r...p}.....r...p}.....(.....(.....(....o...+}.....(....o...+}....*....0..D.......s.......}....(....~....%-.&~..........s....%.....o...+(....~....%-.&~..........s....%.....o...+(....~....%-.&~..........s....%.....o...+(....~....%-.&~..........s....%.....o...+(....~....%-.&~..........s....%.....o...+(....~....

        C:\Program Files (x86)\eFax Messenger\PrintDriverImport.exe.config

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):938
        Entropy (8bit):5.053998548831781
        Encrypted:false
        SSDEEP:
        MD5:5436EBC752AA6FDCE65EBC071049EC7F
        SHA1:042E843676F5752CA9D9820801030A40020F8116
        SHA-256:3850259C79ABF4B328B9B7E9C088D1250CB6950F37FE0BD0BDEA2EB96CC8B24F
        SHA-512:7904CA01BB5C56926B91250FD12872A6835F05CFA173502B90A6312CCB288F8DA76A160AAB4EC499AFBE2D5B5D55982AB3B48DB3206FA9E7C86937D7CAC8163D
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <probing privatePath="lib;Library" />.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

        C:\Program Files (x86)\eFax Messenger\PrinterDriver\VPDInstaller.x64.msi

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: eFax Messenger Printer, Author: Two Pilots, Keywords: Installer, Comments: This installer database contains the logic and data required to install eFax Messenger Printer., Template: x64;1033, Revision Number: {D907C711-94DD-4218-96BC-088A2F7E653F}, Create Time/Date: Thu Sep 26 13:15:26 2019, Last Saved Time/Date: Thu Sep 26 13:15:26 2019, Number of Pages: 405, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
        Category:dropped
        Size (bytes):11231232
        Entropy (8bit):7.973466382087126
        Encrypted:false
        SSDEEP:
        MD5:51B2CAC3C9B22184D1E67A9BEF75567A
        SHA1:A4F91B8490BD57664F176B622BA78EAE6CE2CE66
        SHA-256:DAE91E8F51D205FFA87397BC41A20E71B4E5B169FA936DBBBAC5331CC5D2A3A0
        SHA-512:490C4CC9B85F993F954E0EBD10BD06A933CF413E8BDF9FF6B8159751F963791906F8FC406AA0F5D394C287FB870C3E78E1509CE593DC15F87F63EF72A6CBF647
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\eFax Messenger\Resources\Coverpages\Announcement.efax

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):106112
        Entropy (8bit):7.99849696424339
        Encrypted:true
        SSDEEP:
        MD5:E14093FB58952439FF9918862AC64999
        SHA1:A946796645F41C46F83F188ABFB0FFA0737099C7
        SHA-256:031A22C3B02C5BF0FEADCE615979F66A7EC626837238B2EB71F0DD1602225D3E
        SHA-512:53BA36F34FFBD0B48F61162C520B468DF04DC3DDA83FA6DB48F3CF144C1C1C993C101D97D49EB1C454AA3745874C39632848F8248363322A28163181E1557155
        Malicious:false
        Reputation:low
        Preview:.t.d.F..i.,.m&.....2Q....U....i.....%...Sj..0.+..e.Hqc.k........OVp|....DB(.:r..cy.....R8..3..o...1.[o.k8.a....@b.C]5s...FZ..PS.;..v....n.......?E.H.$..v..m...A.Q.L...-.I...l.....e..I.....6...^..j8...-..n....Qe.^...'...<...`.>.R...PU.*@}.Tr.u..e.....e..`qfK..u.6.ax.>..`X.mP...L.B.'t...H...W.81D<....eV.>...m.....Lp.[.bD..h...BvW.k.N....'~...2g....].n.4.lrWB....)1.iG.=.......O_.b.9@......Mm8e....i.W.....6L(.w....K[..G<:.......iM.G.)..0..H...c.F..9.3.Q...u..t..@..(..*...W{G....Us.<.....R^.|.4IZ.v~...l.4Ak..-N5..V.....b..s...5z..A...9m...I.......*CD..'0...)4I...Z....!.........$S....W.*.*.....>..rM...{U9....$:..e\k..J..`xo.D......^..J=q._.).#...f.]....\.u.(.YD....=.xcp...,........w@.n]....&...n.s39.'.*.|.e.k......R..?8..3.._..;.r&.1....;H.....k..(..{lM.....bH.....4_.....f6J).-.e\.2.4....U.....j.T.s..3......qJ....a...$@..+j..3.e...8.i43............K.z.b.....6..-.oy...(O.#E.Z......1 .A.F?....P...K~r.E.....pF;2..x#.|..+..4U^.Nx...v..&.z./.BQG,.w.

        C:\Program Files (x86)\eFax Messenger\Resources\Coverpages\Clean.efax

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:OpenPGP Public Key
        Category:dropped
        Size (bytes):30736
        Entropy (8bit):7.994634696014514
        Encrypted:true
        SSDEEP:
        MD5:0A43EB23528F45826EB7C928E0C5F8AA
        SHA1:E5BBFA0234334166A3FE1E922F4356A0216EF62F
        SHA-256:BF75DA0D2137A7A502F63F43D50EF4A41E18D8BF1CE523BF006E590FAD9B27E2
        SHA-512:9B93C223E60E259A63C05125BFF8894699B366C33F91F551CE42F44A7C97FC7D688511273A7E7C70400AD156A7DE4C709E32FBE7A5011F5F94A95474D2B548BF
        Malicious:false
        Reputation:low
        Preview:.*..k..J.3[.D....../X.O2H.B,......R(.\.|.........E........IJ.^......8S..G{....*~.......v..a...*Ks.M +....I.R...t..H.T..[....T...cjc?..2s2...@....&...c..@./...V..$.xQY...<...79.......)e]....J..xYgf&.r...kX.4l.h....Q....^...k...D.-.tI....)/.'...'..CT@..E...?..M.H...|......K......&UW......C x.....R.SLO.Gmr.3..PI.P{:.q.....zm]...qK^...,..C.W'MW...B..V?...0...{i......0.R......-4-.9!..j....A..HT^...>..<gM3^.*;.!.......h4..r.gjGh#.....A.,.<..w..D...{T..K...#O...9.Z.,.,....E..e.].`........Q.+...m.vH..1v.l`..t../>..C...y......3.X.l...[X..x.=N...;_.Q..l}...f......^..y3i&.K..<W...S.M.K...@.s.../.]|..4z.#.Ro.6.K..w..9..w.L...k.U..o7.(....4...Ahp...i...m.,...4..-$.>.8...)i.Ta..R.....*}D.C....5(B.~.cFCJ....[H.p.......d...v...{ju*%.....j..r 9.{.t31.G..k..xJ.sQR*M..s..j.....v..)..D.%r....SY...3.9.[.*8..Z.%...K...>.oJe.M...k|....)~."....Z.~.LQe3...A$.S.iJ..V......_.....m&H...I.{..".g...q.T..Iy.#..r?:.........v+t..5/.>.e\..x..n......j).&..{=..~.H$

        C:\Program Files (x86)\eFax Messenger\Resources\Coverpages\Confidential.efax

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):89936
        Entropy (8bit):7.998117166584401
        Encrypted:true
        SSDEEP:
        MD5:B6AE061BA517EA4DC3218548BF92EC2D
        SHA1:4EA13F0CC344A8E67BF89DD180545AB27CA911F7
        SHA-256:C3CBFA37CB769CFED929A7E9DE83D08BD3C84810A55447982C38EAFBE33C10F3
        SHA-512:3EF027944271CEDA09B3DC0CEEDBE0B71A131BBB0E5BAEBE227371561D68916B2497F61393B9C6FA3E9F17D459AD004A0D30D620B04A47FCC36F87AC4998AE64
        Malicious:false
        Reputation:low
        Preview:}.s....~.%69d..(.2..(.I.......T.I...bT..y<.8<......xB..T.[Hh.Xg...4.I<.......R....y.&[.=........*..~....j.j.a..A.p...Y,f..F1...$C.m...UK.......7,|....|n ..W.g.lN.F/.p..>mrN...e........8Y.Tq...+;s...,...a'...m....v..w/...}o.4.i..9..j. .;.p*...'.?;y:=.JX......t;8...W../..K............5........f.F...iP.)_.,G0....p..c.}...fc...PZw.=.m.-.u..&z...a...al..vu\...m..(.Q.s....a#. 9.)...9gX0Y.8...n0......FD..Q."..&.i-..5._GxLY...M.E..6.-A.Lqj>..z.3..{..w!..%.[....F~6.+..?.."....G.ey(Nj7.-.7...l.....".n.6....0...W.vP#l...B.V.C_.x.....,..T..ZL(...-R.y1..z.WXA(V....:....h.O.=@..O..yF..+.......D.v.F.5.0J..$.J^.a...p%r....j..r.'.:..?...t@.`J....X..K.`5:Mh.)oX.t..'.1Zh].{m....b..QOaV.....<.^#qU.j...">.yuS.].~....X.n..t....wCD.-.&....X[`.Y.J..1.3.j...4....".%+..+.Y........<.....&15rd....B.$.G......R...B...C....E.'..g....=...X...[M.f.v.9..j..MW{..B..I..Y.<..Y.C&...o...0q&.8.+.~.8kp.B....T5..mr....0.}..h.!,...)).}..@.H..w.[.2.m.4.......w.KG..6.|....^+R.`....

        C:\Program Files (x86)\eFax Messenger\Resources\Coverpages\Default.efax

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):91216
        Entropy (8bit):7.997873830777725
        Encrypted:true
        SSDEEP:
        MD5:DDEECB518D215B34F0DF2B0F9F00A1D3
        SHA1:C2BF7B5FFAA54A68DA99C3E904905B9E91196116
        SHA-256:450C5D56DC47C590429A7E22FDBE4983FE0C1ADFB3CB987900307E21D81754B0
        SHA-512:8D48FB01C0E5CB1C3CD6B74A86CE0EE8BD9B4BAB9DABE5CC73AC560A60535ADA9A91BF2E94B457D71DDF9F90B3C02108E159E7232C2A2575C5C78878AE8A9431
        Malicious:false
        Reputation:low
        Preview:......0.l.w.ht..js..-^.YU..aW.Gm~H....bo>`....G. s....p...Z..n..a.......oB..{[..$...y.....?.;.FI...........'.."x.EC.9Q.n.s9.>..y..D_.|..1..E.......AC...T..=....+[I.LV..e...}$$...u=.Iaz.X.]..l-yo.).Z.. .:"&....{......<...!w.}.8.+..W.S..N........?....9..$..P.....i......J.]zp6A..>..A.......x..mp...whV.A*.@R.l.2.C*{;N..`....<....|c...2....`.P..]..4..>.7.$..v9...P.E...>....8..;..K.*|..I..!..&.M..r&M...I.`...mu....C.ke.........hP..L.7.@.u...B.P.....4.%&i1..s~.../<......}..M.[..m.........I..Ix.....Ymu....A..bw..f....R'.....t..0.v.J,..Q.SRW^5w=.N...W+.?..9n..{.*C.M..E..eh.....Cgj..B..=6.]...%g.7.W..-..LF...b..3..........I..l;b.g.'1~..+.^tk.d,.$.b....Ei......E...=.,..3.fS.=.....r-.f...WG..z..................}!L#.C.....^....]4...<pz,Sd{,..{w....C.Q2!.E.V!.~.[....2...C..l@o.3:...Hm.....t..&6...1.$|MF...7E.N.4,..C..p.....%....G+t...nN .....=.L........K..d.....AqK.o........q.. o.nTo1...~.c.rQ..A.4..%'..@1..n. ..%.gO.....yv...[....V..nR247B...e.=.^./

        C:\Program Files (x86)\eFax Messenger\Resources\Coverpages\Professional.efax

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:OpenPGP Secret Key
        Category:dropped
        Size (bytes):72400
        Entropy (8bit):7.997524512812045
        Encrypted:true
        SSDEEP:
        MD5:806E4FC95D35078254EB0CDDC03444B5
        SHA1:43A17DEFB4BB31BE9961875891DFAADC26142BA0
        SHA-256:EA40FA03889B42A46EA9330701E14516A86B841568737A1C63F778189778F19E
        SHA-512:027CA1FA34B7EBB00FAE9AAFA40D1EBDB58CEF937F0F9B2F394A4E8843BD0B39C03B1CF7A01F4EE85E166D4A0DBEAF8DA57106A54ADD6EC9627404FB27CA3F93
        Malicious:false
        Reputation:low
        Preview:...u~[{.}.!...q..nN.=.d...P......z@..7....4..,f.........U.NK.Z..t.UD._%.4K'..@,.}.B....5..u.[.......W....>=..+i.P&j......C....SZ]d0.b.l..e...Q..6=*J...ml..k5P.).m|5jSe.a...PB5..9.#q..UX2Q...yL..p.q..aM.D...k,Pr.n...N.}z...&....}..D..h]~....6"E.<.....2.x...2.:..q_..(.*.m....5....L...u~..............4. ......]p...D\..Z4............g.3....c..q...;...D.............B.X.w$..c...............t.E...>....<.>...y..L.'E6.,l.......hb..:.......&.X.._.........(..L...m..{q8....7..6.../.Jf.....=-..........N.n..IG<..V.c.T.....H'..M.>!.....9&.;z[|.Ch....z......,..1.E....A.4....3.r.;.$W=.7.w.<..@......<2..Id...c......d.B...j.....Xz=......wD.....Z.o.lz...>9...Z.j.F.C..\....2.WJ[...H.b.V.y7...^..|...@0...l..f.f.W.j;.w%7.E;.m.......6G._.!37...4QbQ.Y..cYb8.W..cq..4...;0@9....)f{.2..._C.U..|\..I...&..?.U$.kkXi....g.Y:.y...M._.;g.AX........S.%...\..-_.)...E....|8....RB*..d......ih.(..xf\.Gu.Z.[....Ng....t$......Yx.P.Y....-m.}5[.^..!..)6...*)......(.=.O.b....U.R9:

        C:\Program Files (x86)\eFax Messenger\Resources\IncludedHTML\faq.html

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:HTML document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):1598
        Entropy (8bit):5.209459435980949
        Encrypted:false
        SSDEEP:
        MD5:0F0C9C108C965218630D3319E81DA869
        SHA1:C56D19D3E49F957DAFE4DF0EB9EAFEC31F4056F4
        SHA-256:40BC9537EAFD98EA316619F1C943E1A24F07419416DD20A6BF6F06471D83D6CF
        SHA-512:5CC8E370EC2A3D62F8B96DDEA1EBE77DFF5A3E00EEBE5CFD2A9EB4ED7E62DDBADE1C04429BC6C9E544F1A62E538687C908F50C837469D92D235EE8D6C01154DC
        Malicious:false
        Reputation:low
        Preview:<html>.. saved from url=(0016)http://localhost -->..<head>..<meta http-equiv="X-UA-Compatible" content="IE=9" > ..<title>FAQ</Title>.. <script type="Text/Javascript">........function toggle()..{...//alert('sdfsdf');.... var x = document.getElementById('faq2_content');.....x.style.display = "block";..}....function toggle2()..{...//alert('sdfsdf');.... var x = document.getElementById('faq11_content');.....x.style.display = "block";..}......</script>....</head>..<body>......<h1>eFax Messenger FAQ</h1>....<HR />....<h2>Table of Contents</h2>..<ul>..<li><a href="faq.html#faq2">FAQ 2</a></li>..<li><a href="faq.html#faq11">FAQ 11</a></li>..</ul>..<HR />....<h1>Faq 1</h1>..<p>Important Note about Faq point # 1</p>....<div>..<h2>..<a href="Javascript:toggle()" style="color:blue">Faq 2</a></h2>...<div id="faq2_content" style="display:none;">...<p>Important Note about Faq point # 2</p>...</div>..</div>..<h2>Faq 3</h2>..<p>Important Note about Faq point # 3</p>..<h2>Faq 4</h2>..<p>Import

        C:\Program Files (x86)\eFax Messenger\Resources\eFaxMsngr-FAQs.rtf

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
        Category:dropped
        Size (bytes):96835
        Entropy (8bit):4.942054253021962
        Encrypted:false
        SSDEEP:
        MD5:7B8CE6D86443C91AA18349F7C6ED7749
        SHA1:AEF6BD29E25947B1EFBB5EF013FA9B33584E3D11
        SHA-256:A890BFEFEC581BB40156DFB380256B5B2233E37120AB4A69E92DC9AC04F9E3BB
        SHA-512:D067B2C8838031CF446AA6F66CDF6CC07032ACD1DF884BEB4352EB65A59675FF4204FB7004306BA00AC062860081DCCE248954734D6334D37BFA819674A5D16C
        Malicious:false
        Reputation:low
        Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch38\stshfloch38\stshfhich38\stshfbi38\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 00000000000000000000}Verdana;}{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria;}..{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\flominor\f31504\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbminor\f31505\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhiminor\f31506\

        C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):5911320
        Entropy (8bit):7.724380656279322
        Encrypted:false
        SSDEEP:
        MD5:50FB8341416A6A54E0F0A9BDC449D72E
        SHA1:024359B816CB02C5E17F00D5993F2E8A8B280F0F
        SHA-256:63A9BEA3D6B6E60EFB5B9969FC10DE491EAACEDA016503B6DB32B5F8C53D1DA7
        SHA-512:E2104588415798236DE7AF2444152973414522B0F6B6704F8327D0E753DC7A6D57157883CAADE4B91546C11DE13B53E7D0A7154860F60B835E5BEBE89D3ECD6A
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........."...0...Y..j........Y.. ....Y...@.. .......................`Z.......Z...`...................................Y.O.....Y..f............Z..)...@Z.....|.Y.............................................. ............... ..H............text.....Y.. ....Y................. ..`.rsrc....f....Y..h....Y.............@..@.reloc.......@Z.......Z.............@..B.................Y.....H.......,................ ...U...........................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*.~....*F.r?..po....t....*6.r?..p.o....*..(....*Vs....(....t.........*.~....-.rc..p.....(....o....s.........~....*.~....*.......*V(....r...p~....o....*V(....r...p~....o....*V(....r...p~....o....*j(....r'..p~....o ...t....*V(....r;..p~....o....*V(....ro..p~....o....*V(....r...p~....o....*V(....r...p~....o....*V(....rG..p~....o....*V(....r...

        C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe.config

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):2647
        Entropy (8bit):5.143511882422027
        Encrypted:false
        SSDEEP:
        MD5:212AF6E50B2AF5156D50B5A3A0128A0F
        SHA1:C42E30CA5D666291E09C393BA313D191C718FC62
        SHA-256:AA492174133CE08B73928169183130FFF147222B65AE70DBFAC8571F0028D207
        SHA-512:B54120DC91975959BBA58C377FA6B7C6038C7AF282B9BCA0C9253CE36B92F3C1F3072C6D25E62135AB8AB219728DAB815711556D025D4964A4CC60EDECEC153F
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="bugsnagConfig" type="Bugsnag.ConfigurationStorage.ConfigSection, Bugsnag" />.. </configSections>.. <bugsnagConfig apiKey="ddd10d85295d5841e662e37b1f8e9a81" />.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <probing privatePath="lib;Library" />.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Google.Apis.Core" publicKeyToken="4b01fa6e34db77ab" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-1.42.0.0" newVersion="1.42.0.0" />.. </dependentAssembly>.. <dependentAssembly>..

        C:\Program Files (x86)\eFax Messenger\updater.ini

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):478
        Entropy (8bit):5.374365335448205
        Encrypted:false
        SSDEEP:
        MD5:978500D5E28CAB3BE726CDDDA1E91194
        SHA1:91112480629A6754AC167114DF9C523D471194DB
        SHA-256:3E68F95F34A7D789D460BBC87E391F025ED1F5BE0BCA51C5287C30F7B63FABC3
        SHA-512:802587BD75864DD7A0E738D67B64541A0481DFBE85DD217D300DED228D95219E6947FAAE436A58BA2F877ACB75A30BFB68C00F22F7297A3AF9EB72326A7383A0
        Malicious:false
        Reputation:low
        Preview:[General]..Flags=NoUpdaterInstallGUI..AppDir=C:\Program Files (x86)\eFax Messenger\..ApplicationName=eFax Messenger..CompanyName=j2 Global Cloud Services..ApplicationVersion=5.4.2.1..DefaultCommandLine=/silent..CheckFrequency=15..DownloadsFolder=C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\updates\..ID={CF365B80-1B69-457D-B25B-FC406D988D6F}..URL=https://www.efax.com/wp-content/themes/j2-child-theme/assets/files/efaxmessenger/MessengerUpdate.txt..

        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFax Messenger\eFax Messenger.lnk

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Sep 17 21:46:04 2023, mtime=Fri Sep 29 16:19:46 2023, atime=Sun Sep 17 21:46:04 2023, length=5911320, window=hide
        Category:dropped
        Size (bytes):1126
        Entropy (8bit):4.613567624854721
        Encrypted:false
        SSDEEP:
        MD5:E2B834B515F4B596F51903E532A2663E
        SHA1:FF7BC8B019BDB071FCC5D0BA803E1CE373B14CD3
        SHA-256:C569CA9AE8220B6E0A348375D39436A4E73157552F230F586963E11916C3FD05
        SHA-512:C1E78D618ED1BA827DF7AC279421F9FDB2720A227537AB0D2630FDC87E790DE5790230C8488577DD06ADB03D4DECFDE08E80513CE3F50874B50DC2DCE6088A16
        Malicious:false
        Reputation:low
        Preview:L..................F.... .............4%.............3Z..........................P.O. .:i.....+00.../C:\.....................1.....=Wr...PROGRA~2.........sN.&=Wr.....^...............V.....G4".P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1.....=Wx...EFAXME~1..N......=Wr.=Wx.....Nd........................e.F.a.x. .M.e.s.s.e.n.g.e.r.....r.2..3Z.1W. .EFAXME~1.EXE..V......1W.=Ww.....}d........................e.F.a.x. .M.e.s.s.e.n.g.e.r...e.x.e.......g...............-.......f...........'7.......C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe..G.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.e.F.a.x. .M.e.s.s.e.n.g.e.r.\.e.F.a.x. .M.e.s.s.e.n.g.e.r...e.x.e.5.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.t.a.r.t. .M.e.n.u.\.P.r.o.g.r.a.m.s.\.........*................@Z|...K.J.........`.......X.......138727..........N...n..O...}R....>...G..........N...n..O...}R....>...G..................A...

        C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe (copy)

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):530416
        Entropy (8bit):7.134793585501652
        Encrypted:false
        SSDEEP:
        MD5:02CE786C2214475AF0AF55857762D07E
        SHA1:63CA60153FF1EB393F6C6ED5B43C91E516A00746
        SHA-256:29CF2F79B42D4C6743025F1532943D3E09C9CC84887CCF6DAA7927D70CFE249C
        SHA-512:33BDB90401A2C86D5CF891E9DE93E4F7B6E6121C27DC61A5A45B7ED36406B4211144785F2A66607D38A9774C425DA6066B90BDE0D451D0D2A626E79BC3ACD44C
        Malicious:false
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-.}}~.}}~.}}~...~.}}~...~.}}~...~.}}~...~.}}~.}|~.|}~...~.}}~...~.}}~.}.~.}}~...~.}}~Rich.}}~........PE..L....S.T.....................6....................@..........................P............@..................................6..@........9..........8....>......03.. .......................H/......./..@............................................text............................... ..`.rdata.............................@..@.data....0...`.......:..............@....wixburn8............J..............@..@.tls.................L..............@....rsrc....9.......:...N..............@..@.reloc...D.......F..................@..B................................................................................................................................................................................................................................................

        C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:data
        Category:dropped
        Size (bytes):1264
        Entropy (8bit):2.937937607088611
        Encrypted:false
        SSDEEP:
        MD5:B224A4F90CEA928184FA4BD3A0A2ADBD
        SHA1:5F835A9893D3D808AE537D8BD948A4554E937DB3
        SHA-256:BA94B55186E1994320DBEFDA597959573774616A2B0B5B0D8830A2B9B5B44543
        SHA-512:E2BCB6F7C4DEE38845893BFC38EE92CA28C9F4F70A19D2B9DA0E4F8BF49AEEF487BFB7D0DAF1C01A1CE233B41E635061DBE25D8C5F18FC872DE63EA43B2FC36A
        Malicious:false
        Reputation:low
        Preview:D...............................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.............................W.i.x.B.u.n.d.l.e.N.a.m.e.....<...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.8.6.). .-. .1.4...0...2.3.0.2.6.........W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.........C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.j.2. .G.l.o.b.a.l. .C.l.o.u.d. .S.e.r.v.i.c.e.s.\.e.F.a.x. .M.e.s.s.e.n.g.e.r.\.p.r.e.r.e.q.u.i.s.i.t.e.s.\.V.i.s.u.a.l. .C.+.+. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .f.o.r. .V.i.s.u.a.l. .S.t.u.d.i.o. .2.0.1.5.\.v.c._.r.e.d.i.s.t...x.8.6...e.x.e.........W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r.........C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.

        C:\Users\Public\Desktop\eFax Messenger.lnk

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Sep 17 21:46:04 2023, mtime=Fri Sep 29 16:19:44 2023, atime=Sun Sep 17 21:46:04 2023, length=5911320, window=hide
        Category:dropped
        Size (bytes):1050
        Entropy (8bit):4.667400916502051
        Encrypted:false
        SSDEEP:
        MD5:6915FDE63FD01A0E8A168489BB4A3870
        SHA1:06F22B37D8B7EEA903ED1D697DCF5A1929CDC79D
        SHA-256:67872B86DF9A0DB29F84C6C7F6BBD6903AFAD54800FC4919C810CB31570A278E
        SHA-512:926633C0C48D0D61BDA468BC1C7D16E5A42992FC46321FCE31329411C095CC2DBBAE86E81FA2CA0C79BC6CE0099C0F05D873717877D9D27D0CE244DE7125204A
        Malicious:false
        Reputation:low
        Preview:L..................F.... ............_.$.............3Z..........................P.O. .:i.....+00.../C:\.....................1.....=Wr...PROGRA~2.........sN.&=Wr.....^...............V.....G4".P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1.....=Wx...EFAXME~1..N......=Wr.=Wx.....Nd........................e.F.a.x. .M.e.s.s.e.n.g.e.r.....r.2..3Z.1W. .EFAXME~1.EXE..V......1W.=Ws.....}d........................e.F.a.x. .M.e.s.s.e.n.g.e.r...e.x.e.......g...............-.......f...........'7.......C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe..>.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.e.F.a.x. .M.e.s.s.e.n.g.e.r.\.e.F.a.x. .M.e.s.s.e.n.g.e.r...e.x.e...C.:.\.U.s.e.r.s.\.P.u.b.l.i.c.\.D.e.s.k.t.o.p.\.........*................@Z|...K.J.........`.......X.......138727..........N...n..O...}R....>...G..........N...n..O...}R....>...G..................A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8.........9...1SPS..mD..p

        C:\Users\Public\Documents\eFax Messenger\eFaxSettings.json

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\InstallHelper.exe
        File Type:data
        Category:dropped
        Size (bytes):3696
        Entropy (8bit):7.945646484880853
        Encrypted:false
        SSDEEP:
        MD5:D9517BE9175156325D44BC469B8C7C49
        SHA1:8E15F55DC92DBD742581145C8661304D0BBC618A
        SHA-256:845F6846219AD03FDDFBFF3DBB3ABB07240E9AEB2025A5095543EA9FA4CE91FE
        SHA-512:51A2881DCC089F1045B28C935C403665C7B31C2412C2EE375AB30B10D236E89AF526EF8B9CE54AA2134AC7EBADEE9C8AC88A9A62B780A4525283C0D7CC2D3747
        Malicious:false
        Reputation:low
        Preview:!|.A.UQ.u....i^.T.........,......t_M.1Z.!iv*I.0..A.,?3...{g.."w..5)..v..h..jz.....6e...z..>..N.....[..m..H%......!z+..s...H.">n..n..k..f.Zz.wRQ!.d.*i..D.){......".c...i!.....P@.H0.....S:k....X.....$....I..-F...$....U.akL..h.......-{..z#.@<.mf....H..j.;e|@.h.9....P].<.....P.R.9..0.!|V....VJ..:u.i...}Ha.fy.6....rv0b...r..xl...x.MY.h...:?og...0<.K}....t..iso5...O/.^...MV...l.....1s./..Z.%].F.F...K..<.M9.O.|7 +.,....Lf!...).5.U$.j.z......6....eh.U...Qy3J...S.("....D7.o...c....$.>.7......'+....\A..I..=A...s...h^n..nU..1..={...c.+.I.E3Q..2..%~../...k...<....#.......w..,?W..V.s.b........g...LU...<.\b...q.Xi.,!....JG...O...P...y....h..1.gh..l....-5..ss............#...=.O..W..........n=...R.C..........-V.g<LVC.....dXZ..Z.-2......t....Z.%...[."../i..i..+.VI._..5..(xB.Z........f.)1^.k.h.^..."-.....xj.K.x..V.pJH...u..1^.c..k.!.8..nL._..V6.^....n.....r...>$[. ....Ae......^"(x<.....=..F.....LG....Lg....}..1...0.~....m.Pt;.Z..h.........%.k..x...

        C:\Users\Public\Documents\eFax Messenger\eFaxSettings.json.des

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):3659
        Entropy (8bit):5.0040478995477775
        Encrypted:false
        SSDEEP:
        MD5:3ECDC1F19E65AAD41D0E59BDFC2A2CA0
        SHA1:6ED8B4EDB2838E5E7932329A2B0A9EE3E83CE778
        SHA-256:DF7DC944D025D02953C84218194F2397BB7C4A6576AEDFFD928CD7FA75C1C469
        SHA-512:73DFE5EB8C321E5950AA8DD2A1A1534994EDF65E6739E3CB94F816FF519A10FEDD16D2ACB27683F62F740D6AB5E97D69FB9D6156D43710AFAAA444634E857A37
        Malicious:false
        Reputation:low
        Preview:{"WelcomeScreen_IsWelcomeVisibleAtStartup":"True","UserSettings_IsFreshInstallation":"True","StandardPageWidth_Width":"1728","StandardPageHeight_Height":"2150","ImportImageFormat_ImageFormat":".png","DocumentGrid_Column_0":"1","DocumentGrid_Column_1":"1.2","DocumentGrid_Column_2":"1.2","DocumentGrid_Column_3":"1.4","DocumentGrid_Column_4":"0.5","DocumentGrid_Column_5":"1.4","DocumentGrid_Column_6":"1.2","DocumentGrid_Column_7":"1.2","ShowWarningDialog_IsWarningDialogVisible":"True","ShowWarningDialogForThumbnailDelete_IsWarningDialogForThumbnailDeleteVisible":"True","ShowWarningDialogForThumbnailCut_IsWarningDialogForThumbnailCutVisible":"True","UserSettings_FaxMode":"fine","UserSettings_RegionalSend":"","UserSettings_UserLanguage":"English","UserSettings_IsCostRecoveryPanelEnable":"False","UserSettings_RequireCostRecoveryToSend":"False","UserSettings_CostRecoveryNoNewEntries":"False","UserSettings_CheckForUpdates":"True","UserSettings_OpeneFaxAtStartUp":"True","UserSettings_OpenTrayAp

        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eFax Messenger.exe.log

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:CSV text
        Category:dropped
        Size (bytes):3520
        Entropy (8bit):5.3642026762614226
        Encrypted:false
        SSDEEP:
        MD5:25384BF16DDF5D07AEA8A0D87D27F244
        SHA1:ED54A98D9608CCB90877A9D795CDECB2CBB5D8A6
        SHA-256:CBD6A2EB7A6C516240FC4EC4D078FB13C65F0B7F5CFB561CFBBB97F73ACF0FCD
        SHA-512:1AEE5AE19DF023E69A9BC07ABA2FCBC8690EF7916BFCEF7B929FF714D6565AADE99EB85785AE1C86987A32B94D0AFFC04744D92A558BAF0FD6AA00A3343B588B
        Malicious:false
        Reputation:low
        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\e074a852d0b7a87fc8713d9727b9a1bb\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\5aa66136dfbf2cc6e3ba6b00dd4d2e9f\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\954bf80526cb14a926c4e2335a4e5803\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\99085e4311ca84f7357f2d1a2794ca28\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\

        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallHelper.exe.log

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\InstallHelper.exe
        File Type:CSV text
        Category:modified
        Size (bytes):1273
        Entropy (8bit):5.3417538550915875
        Encrypted:false
        SSDEEP:
        MD5:189352AAE03E43531DFEDBEDCB9BBB2F
        SHA1:7284BBEA99AA40542F5910FEED0B1B2F5B05F60B
        SHA-256:4B2338E6F95365C3F1FC84D0A55E78DF0668926938D74C956BD0BF56F4391D1A
        SHA-512:B515EE8525A6DCE9384BCC2BD3F8FDAE145FA2D7CDAF73D34A7193F23076207A47CAC17E4D07F86DA1B15DAC4208EA158BC171D3DDB3D1C88D7E617F58FB7F1B
        Malicious:false
        Reputation:low
        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9340a40c55ba464d0af1399814a708eb\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d47bd74620ae94be7f47fd2afefcbe5b\System.Core.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\2eacbb1ff8a7bc859ff01b27ad15d0e6\System.Runtime.Serialization.ni.dll",0..3,"System.Numerics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\a804a88e898d4778dd5479deb7da4934\System.Numerics.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\New

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):15086
        Entropy (8bit):2.9169468593135157
        Encrypted:false
        SSDEEP:
        MD5:1E80DE80CEFEE55D7CFDA0DF2EDCF3B2
        SHA1:6E567D732354BBB21F9A57BBB72730C497F35380
        SHA-256:4E64F4E40D8CBFF082B37186C831AF4B49E3131C62C00A0CF53E0A6E7E24AC2B
        SHA-512:5EFEA023B18FFD5B87A19837BA2C72C179B55B7C3071B773A032C63D7268DBE25E2902AE8B111AD83A4F005346B378C7A75033ADAEE90805BCB4FEC2822E54C0
        Malicious:false
        Reputation:low
        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\Up

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):15086
        Entropy (8bit):2.7901346596966383
        Encrypted:false
        SSDEEP:
        MD5:FD64F54DB4CBF736A6FC0D7049F5991E
        SHA1:24D42FB471AAA7BCD54D7CCB36480F5ADD9B31D4
        SHA-256:C269353D19D50E2688DB102FEF8226CA492DB17133043D7EB5420EE8542D571C
        SHA-512:EC622AFAB084016F144864967A41D647E813282CB058F0F11E203865C0C175BA182E325A6D5164580FF00757C8475B61DE89CCC8E892E1B030E51B03AD4EAFB4
        Malicious:false
        Reputation:low
        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\banner_template_image.jpg

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.0.16], baseline, precision 8, 500x63, components 3
        Category:dropped
        Size (bytes):5574
        Entropy (8bit):7.611167496224181
        Encrypted:false
        SSDEEP:
        MD5:B5EBADC4CD3B4F67BF4C45C8B42A1FA4
        SHA1:830A37C9BC02C2F629C356ADE2C86BDDA9C3F423
        SHA-256:39E2B947C436B61A2E613EF085739282ECCDABFFC611C760D68891E5DF85D924
        SHA-512:381C6F919C0CBF90E6934238933ED60E2C64CA28E312C148B9F556B89F14701F7259565B42AF32ED32797E2F39637A06E2C484F955C3676817BA0827C1D44E0B
        Malicious:false
        Reputation:low
        Preview:......JFIF.....`.`.....hExif..MM.*.................>...........F.(...........1.........N.......`.......`....paint.net 4.0.16.....C....................................................................C.......................................................................?...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(........o..w.5.._b.B.\7.cA.....>...b).=Ge.m..2|...bV...i.z$.W&.

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\cmdlinkarrow

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
        Category:dropped
        Size (bytes):2862
        Entropy (8bit):3.160430651939096
        Encrypted:false
        SSDEEP:
        MD5:983358CE03817F1CA404BEFBE1E4D96A
        SHA1:75CE6CE80606BBB052DD35351ED95435892BAF8D
        SHA-256:7F0121322785C107BFDFE343E49F06C604C719BAFF849D07B6E099675D173961
        SHA-512:BDEE6E81A9C15AC23684C9F654D11CC0DB683774367401AA2C240D57751534B1E5A179FE4042286402B6030467DB82EEDBF0586C427FAA9B29BD5EF74B807F3E
        Malicious:false
        Reputation:low
        Preview:..............(...6...........h...^......... .h.......(....... .........................................................................................................................................................wv....."""""o.."""""o..www""......"/.....""......"/......r.........................?...........................................?......(....... ..................................................."..... .". .6.-.9.;.<.;.D.3.,...4...9...O.,.Q.$.M.2.S.:.\.1.U.$._.1.F.G.I.A.`.@.w.q...|...q...{.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\completi

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):15086
        Entropy (8bit):3.57715132031736
        Encrypted:false
        SSDEEP:
        MD5:C23AF89757665BC0386FD798A61B2112
        SHA1:FD4958B62F83EDF6774FCF7C691CC3270B82AA0B
        SHA-256:031ED0378F819926D7B5B2C6C9367A0FB1CBAE40E1A3959E2652FE30A47D52F2
        SHA-512:5727ABA9CD972C8F25B31F2A8E698CA2CAE640427A62A0EA4092FD426B907D39BAF58B8724B6E37965E76BE90EAA329F7D4A7EE4688922ED796D54E4377FC8CC
        Malicious:false
        Reputation:low
        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................................................................................................................................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d..............................................................................................................................................N.k................................................j....Z..............................................................................................................................o.d..........................................................d...s......

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\custicon

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):15086
        Entropy (8bit):3.2912578217465134
        Encrypted:false
        SSDEEP:
        MD5:BE6D2F48AA6634FB2101C273C798D4D9
        SHA1:21D1B2E7BCA49FE727E1C3A505E28E609EC53CC7
        SHA-256:0E22BC2BF7184DFDB55223A11439304A453FB3574E3C9034A6497AF405C628EF
        SHA-512:8BC2C9789640ED0E6F266FDC27647F7CE510EFE06ED1225BB8510F082E6C009E7911AEC38F21DE405FA68A418513DA2DC541EDB53F4FA6887603596EBD29F463
        Malicious:false
        Reputation:low
        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................................................................................................................................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d..............................................................................................................................................N.k................................................j....Z..............................................................................................................................o.d..........................................................d...s......

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\dialog_template_image.jpg

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.0.16], baseline, precision 8, 503x314, components 3
        Category:dropped
        Size (bytes):10210
        Entropy (8bit):7.399482969574617
        Encrypted:false
        SSDEEP:
        MD5:A5020BC9F9D43AE7BE65311E49A95944
        SHA1:F45E63432595E524A8B94CBC78080FB04655803C
        SHA-256:10471D4067A593A4E365DDEC494E673FEEF6F708B29A6B440FC1B3973453CCA5
        SHA-512:EBB6A840D124FA23E53C8E03011F933EA4C181A6EA1C830551667A70E34F083468AD5F7D9F70AA462DDB792EDDF47C68E2D1C0CB5B3B221A2FCBFC4E9482BE14
        Malicious:false
        Reputation:low
        Preview:......JFIF.....`.`.....hExif..MM.*.................>...........F.(...........1.........N.......`.......`....paint.net 4.0.16.....C....................................................................C.......................................................................:...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\exclamic

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):15086
        Entropy (8bit):3.486912391627119
        Encrypted:false
        SSDEEP:
        MD5:3FBB7DDBC13EDF109E3ACAA7A4A69A4E
        SHA1:BF53201D998ED6E6F2E07584EFDA9585113AEB0E
        SHA-256:F8429073C7A83377AD754824B0B81040D68F8C1350A82FF4DCCF8BC4BF31F177
        SHA-512:CF818A9E88002D373019C0F3C9AF1BE27F20E074C662973898724124EC40F95CEC89F73D4A2F693C73D63981109EFB135057DEEC9245865C3F6351C128AB93D2
        Malicious:false
        Reputation:low
        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%......................................................................................................................................................................................................................_....w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w..I..............2.w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w.....J............S....w..4...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...;....w..>......................?.w......Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y.

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\file_deleter.ps1

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):23157
        Entropy (8bit):6.026166836366981
        Encrypted:false
        SSDEEP:
        MD5:AABBDD64799B5CF8D5F2D3BB38A1CC8B
        SHA1:0443A33DE5AE8FF00B8A5102E7C65E8BC8BC3E26
        SHA-256:40A0B025ABD8C1643D0D10A8F113B258AED20169DEAC049D08C8A8D81AD26FA1
        SHA-512:3B067ABE7CF163D68C5FB7F81F290EEC50E5216F087524C884F6F0EAEBB9C3B821C85B090DEFF4C37DB5B8032005BF8C35A18726527A980976C3B50220858742
        Malicious:false
        Reputation:low
        Preview:param(.. [Parameter(Mandatory = $true)].. [string[]]$paths,.. [int]$retry_count = 0..)....# Delete paths using parallel jobs. ..$jobs = $paths | ForEach-Object {.. Start-Job -ScriptBlock {.. param(.. [string]$path,.. [int]$retry_count = 0.. ).... if (Test-Path -LiteralPath $path) {.. $count = 0.. while ($true) {.. Remove-Item -LiteralPath $path -Force.. if (-not (Test-Path -LiteralPath $path) -or ($count -ge $retry_count)) {.. return;.. }.. $count++.. Start-Sleep -s 5 #sleep 5 seconds.. } .. }.. } -ArgumentList $_, $retry_count ..}....# Wait for the delete jobs to finish..Wait-Job -Job $jobs....# Self delete..Remove-Item -Path $MyInvocation.MyCommand.Source....# SIG # Begin signature block..# MII9SwYJKoZIhvcNAQcCoII9PDCCPTgCAQExDzANBglghkgBZQMEAgEFADB5Bgor..# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMC

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\info

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):15086
        Entropy (8bit):3.347251063198798
        Encrypted:false
        SSDEEP:
        MD5:8595D2A2D58310B448729E28649443D6
        SHA1:08C1DF6FBF692F21157B2276EB1988AC732FF93C
        SHA-256:27F13C4829994B214BB1A26EEF474DA67C521FD429536CB8421BA2F7C3E02B5F
        SHA-512:AE409B8F210067AC194875E8EBF6A04797DF64FA92874646957B2213FB4A4F7DA2427EF1ED8D35CD2832B2A065E050298BAC0FC99C2A81DE4A569A417C2A1037
        Malicious:false
        Reputation:low
        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%.....................................................................................................................{...............................................................................................................................................................................................rqr............................................................................................................................................................................................rqr............................................................................................................................................................................................tst............................................................................................................................................................................}................yxy...................................

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\insticon

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):15086
        Entropy (8bit):3.9105220993102248
        Encrypted:false
        SSDEEP:
        MD5:EAC3781BA9FB0502D6F16253EB67B2B4
        SHA1:5EFF4FCDC405732702432008AB43164CA6F37101
        SHA-256:F864E8640C98B65C6C1B9B66A850661E8397ED6E66B06F4424396275488AF1BE
        SHA-512:D108687995B5B02778FC7ACF3A66706E761103B1EE47305D852BF9A190BDF1722B4C6277A13B65BDAD9F4E3F92406F5C7B1B06444D1493F2D4B1AAEAF4176E06
        Malicious:false
        Reputation:low
        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d...........................................................................................i...N...N...N...N...N...N...N...N...N..S...`.....s.k................................................j....Z.................................................................................N.......................................N.......d..........................................................d...s.............................................................................N......................................If...c..................................................................d....X..

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\lzmaextractor.dll

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):22848
        Entropy (8bit):6.87589034981969
        Encrypted:false
        SSDEEP:
        MD5:80481A4B1C55D7646705F8EDE4D67A96
        SHA1:5C1A4CE221212E003185EF373EFFF58C0EA61E99
        SHA-256:511A6F64FF709C17F907968B1F2E9AE4154C7A11345B722E76716ED27D27E67C
        SHA-512:497A6E13DB098F074E368F9100095E9632E3F044211321B9F2460E2E5959F4AD2C3BBCCB65CE8800C44ECB493C4B1FDA9757D5472649E027D64445FD1341535F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u9...j...j...jI..k...j...j...j...k...j...k...j...j...j...j...j...k...jRich...j........................PE..L......d.........."!...$............@........ ...............................`......O.....@.........................P".......$.......@..h...............@=...P..\....!..p............................................ ..X............................text...)........................... ..`.rdata..X.... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc..\....P......................@..B................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\removico

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):15086
        Entropy (8bit):3.8375433162027344
        Encrypted:false
        SSDEEP:
        MD5:1FFFE5C3CC990D0C012A428A59B2AE46
        SHA1:FAE8042826087D9BB4CD4194E7453D56A773EA64
        SHA-256:45791627AE8E67E6B616117CF21F04DA381722FAF08D07C0C25E0F28C9B8F82B
        SHA-512:694D63747AD129CA06EBD743E4090642E557F2260C62AA625321BC309C1E2E58D9BFFF1E0AEE37EFFE5FD4628938AD89B659C9ABB43FDC2CF2285212C1A209F2
        Malicious:false
        Reputation:low
        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%.............................................................................................................................................................................................................................................................................................@..z......u..m..d..c..m..z..........`...%..............................................................................................................................l....g..c..c..c..c..c..c..c..c..c..c..c..c..c..c..x.......-.......................................................................................................=...g..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c.......F.............................................................................................c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\repairic

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):15086
        Entropy (8bit):3.5353892544389707
        Encrypted:false
        SSDEEP:
        MD5:915E40A576FA41DC5F8486103341673E
        SHA1:528CF57F3775638E721C20A6988DBD322FB39273
        SHA-256:BF21B2BC3E7253968405F3D244CDB1C136672A5BDB088B524A333264898A2D11
        SHA-512:66385B58942BAF62B6B33AB646EA981D4A6682F8570B7DF4EFA1A7F4536CB35FE065803314877E95338B8DFB9A854E06A110BD0C2A2D3CE3A7C587E35006649E
        Malicious:false
        Reputation:low
        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................................................................................................................................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d..............................................................................................6bbb.III.III.iii................................N.k................................................j....Z...............................................................................+RRR.III.III.III.III.TTT....(..................o.d..........................................................d...s......

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\tabback

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:PC bitmap, Windows 3.x format, 1 x 200 x 24, cbSize 854, bits offset 54
        Category:dropped
        Size (bytes):854
        Entropy (8bit):3.802531598764924
        Encrypted:false
        SSDEEP:
        MD5:4C3DDA35E23D44E273D82F7F4C38470A
        SHA1:B62BC59F3EED29D3509C7908DA72041BD9495178
        SHA-256:E728F79439E07DF1AFBCF03E8788FA0B8B08CF459DB31FC8568BC511BF799537
        SHA-512:AB27A59ECCDCAAB420B6E498F43FDFE857645E5DA8E88D3CFD0E12FE96B3BB8A5285515688C7EEC838BBE6C2A40EA7742A9763CF5438D740756905515D9B0CC5
        Malicious:false
        Reputation:low
        Preview:BMV.......6...(.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_4844\viewer.exe

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):440088
        Entropy (8bit):6.584697521636124
        Encrypted:false
        SSDEEP:
        MD5:CF1CA35724AD9079EF81CB3F4D733407
        SHA1:E621370EF3D5C0A3A3EA0C76C3D1C617934D71D7
        SHA-256:14E6C8E0266C07C04E50173AEE3F05277109F25BD8ABF5B6753F20FF2BAAAB04
        SHA-512:6C558A4F25BC8156465B809CF46943736200BCD26333DB86E35EE216F704ED64983225F36412877906C9CBDAADE9FB89449E566904043819670F0541809D5349
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..M~m..~m..~m......sm.......m......mm......im....../m......im.......m......gm..~m...m..j...dm..j.s..m..~m...m..j....m..Rich~m..........PE..L......d.........."....$.........................@.......................................@..................................4..........8................).......:..@...p...............................@...............l............................text...F........................... ..`.rdata...R.......T..................@..@.data....7...P.......,..............@....rsrc...8............F..............@..@.reloc...:.......<...R..............@..B................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\AiFilesRemoveImpers_510EFD2F_E45F_48C2_BE1C_846692E025A0.bak

        Download File
        Process:C:\Windows\SysWOW64\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):89
        Entropy (8bit):1.518622607788485
        Encrypted:false
        SSDEEP:
        MD5:6F3C76DA7405563DE2A122209ADAEEC8
        SHA1:552B61ED12BC40967ED7F66C95D31985116C4A0D
        SHA-256:EE2B960AFA4E2D88096363CA64FA670B8EE8793687A2C1E0F5C2C3B569227990
        SHA-512:641C783FFF042DBCC82CEB4F39446F79278D2A0AC2FE826528951BB955DB90591B70FB39903E25C401F584687D3EB9858E566BC87C7827FDD78DEE9AE529BB7F
        Malicious:false
        Reputation:low
        Preview:........C.:.\...........................C.:.\.....D.:.\...........................D.:.\..

        C:\Users\user\AppData\Local\Temp\MSI2DA9.tmp

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):602432
        Entropy (8bit):6.4696654484377945
        Encrypted:false
        SSDEEP:
        MD5:A9941233B9415B479D3B4F3732161EAB
        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSI305D.tmp

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):1126208
        Entropy (8bit):6.47547142761303
        Encrypted:false
        SSDEEP:
        MD5:821A9095657D59C7CD66C28B3FD50ACE
        SHA1:AEF8A82D7D3DF689AF403BD0CCAB7ED04EC77609
        SHA-256:D5411A4C65860343B846D5503686181D3487CC324FC0562B4E5F3CD1662B80FE
        SHA-512:A885068D950307F1ABCF08DF41D3476174F02641105707EF3B81515D84F0F305DE84F6EA900421D250011EBFD4F3AFC1498CC4F3B14040E536CCB27FF6214C06
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J"..+L..+L..+L..YO..+L..YI.z+L.kUH..+L.kUO..+L.kUI..+L..YH..+L..YM..+L..+M..*L..TE..+L..TL..+L..T...+L..+..+L..TN..+L.Rich.+L.........PE..L......d.........."!...$.t..........0u.......................................P......(.....@.........................`...t...............................@=.......A.../..p....................0..........@...............4............................text...^s.......t.................. ..`.rdata...U.......V...x..............@..@.data...8...........................@....rsrc...............................@..@.reloc...A.......B..................@..B................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MessengerTemp\2023-09-29T19.20.14.9944780+02.00.json

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):53
        Entropy (8bit):4.334065681338158
        Encrypted:false
        SSDEEP:
        MD5:7211E1633642156E7CB7091993975114
        SHA1:51512E81AAE0B386DDB8F0B63944E6A2CB580547
        SHA-256:27E91DEE331E5DD6C2739A918932227E75BE1911F16173E59F2EAC0CFE1C0025
        SHA-512:3C2A9F5E69230C9C84F0E418918094576FC97AE4F7FEE4629D417C911B8147AAD738C527AF8EEF1484E05BFDA38AA7057226A1575C8A03919F5145C03FDE5A44
        Malicious:false
        Reputation:low
        Preview:{"Id":0,"ActionType":"OpenMessenger","Argument":null}

        C:\Users\user\AppData\Local\Temp\MessengerTemp\2023-09-29T19.20.16.2938955+02.00\Pages\0.tiff

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:TIFF image data, little-endian, direntries=15, height=3301, bps=-23040, compression=LZW, PhotometricIntepretation=RGB, width=2551
        Category:dropped
        Size (bytes):658750
        Entropy (8bit):7.389216977005262
        Encrypted:false
        SSDEEP:
        MD5:4BB5B8673664CE0AA8844F5ADEF5A857
        SHA1:6DD207EED5B00BC6F180AFDCBC72F8239FC8A981
        SHA-256:0CD47E4673850D8297329396491762B70F18FBA3A13C206A23D2CAE2ADD60662
        SHA-512:B93D212FA4C74EC24A2D959F47936536FF2C605ACDA308CA448E0A042055C83913A75DD324DB66FF5BB930FA5E3DF6B60DCD19669995C442E601DA16B4040E13
        Malicious:false
        Reputation:low
        Preview:II*.F....?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\

        C:\Users\user\AppData\Local\Temp\MessengerTemp\2023-09-29T19.20.16.2938955+02.00\document.json

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):5853
        Entropy (8bit):5.198790460617129
        Encrypted:false
        SSDEEP:
        MD5:65C2D5D8502ABCBA0E99FD5DF6BF4F59
        SHA1:D38F5170C9169F6E3D31579AD564E177840C9284
        SHA-256:0210E23042F96885C85A6B67114DAF18C314C31D292D875829F35298C513362C
        SHA-512:AC4A31F7AD041B94AEDC217E4079E5915F6AD7549E048EBABAF3E8572A2C40370900DCDAD36F6FE9EAF78DACF6FD87928E7213085891C893A9C3B8E13BA16EA2
        Malicious:false
        Reputation:low
        Preview:{"Id":-1,"FilePath":"C:\\Users\\jamie.sloniker\\Documents\\eFax Messenger\\Coverpages\\Announcement-New.efax","FileExists":false,"FileSize":0,"Subject":null,"IsCoverPageFile":true,"IsPrinterDriverImport":false,"PagesCount":1,"Status":3,"DateCreated":"2020-09-14T15:32:13.9165385-07:00","CloudId":null,"Reference":null,"AttachmentsCount":0,"Location":"Local Machine","IsDeleted":false,"TrashDate":"0001-01-01T00:00:00","CustomerId":"9247455","Tags":[],"Pages":[{"PageType":1,"PageNumber":1,"ImageName":"0.tiff","IsStaticCoverPage":false,"CoverPagePath":null}],"Attention":null,"Attachments":[],"Annotations":[{"Id":1,"Page":1,"XPosition":479.076923076923,"YPosition":411.80769230769232,"Width":1122.46153846154,"Height":58.153846153846359,"AnnotationType":7,"FillBrush":null,"Opacity":0.0,"OpacityBrush":null,"BorderBrush":null,"BorderThickness":0.0,"Text":"","FontFamily":"Calibri Light","ForegroundBrush":null,"FontSize":48.0,"Justification":"Left","IsBold":false,"IsItalic":false,"IsUnderLine":fals

        C:\Users\user\AppData\Local\Temp\MessengerTemp\2023-09-29T19.20.18.6339007+02.00\Pages\0.tiff

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:TIFF image data, little-endian, direntries=15, height=2149, bps=7632, compression=LZW, PhotometricIntepretation=RGB, width=1728
        Category:dropped
        Size (bytes):212862
        Entropy (8bit):7.189082145093796
        Encrypted:false
        SSDEEP:
        MD5:ED7D5E37A3F717E9372F6307395C12AA
        SHA1:2F5E2D69E8143E4F62D76BDC867EA90CA5C931ED
        SHA-256:8A33A018EE747243619AF47A74E1470760D6135C0CDED0822EECB0126481A86C
        SHA-512:D04D376103D331C14693B64B63EED6BB7302152A8D92C3C20894BC99F5F24138DB14DC3050B26E11709CA3E1624756DC71609405E6B3DABB1D2776E246552EAA
        Malicious:false
        Reputation:low
        Preview:II*......?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.@...e..o.\nW;...w.^oW......`pX<&....bqX.f7...drY<....?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.@...e..o.\nW;...w.^oW......`pX<&....bqX.f7...drY<....?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.@...e..o.\nW;...w.^oW......`pX<&....bqX.f7...drY<....?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.@...e..o.\nW;...w.^oW......`pX<&....bqX.f7...drY<....?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.@...e..o.\nW;...w.^oW......`pX<&....bqX.f7...drY<....?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.@...e..o.\nW;...w.^oW...

        C:\Users\user\AppData\Local\Temp\MessengerTemp\2023-09-29T19.20.18.6339007+02.00\document.json

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):4905
        Entropy (8bit):5.102866348251086
        Encrypted:false
        SSDEEP:
        MD5:DE524496B78DD819E61FD1E98EEBADDC
        SHA1:014664E851D733150EAA74EC61E44B3554824CAB
        SHA-256:CF1A2BC834B2D1F96145201BA5B8D7470422FCCBFA42158CCFA49F355E928C71
        SHA-512:8B6E1783E3C50E27868F5EE578E54418CFE5212E6B74D97FD9FA4804AD54526503240EC746E1B94D8324C80B43979FD70C572F13B8A4104F200E8B0B00E9B279
        Malicious:false
        Reputation:low
        Preview:{"Id":-1,"FilePath":"C:\\Users\\Jamie.Sloniker\\Documents\\eFax Messenger\\Coverpages\\Cleaner.efax","FileExists":false,"FileSize":0,"Subject":"","IsCoverPageFile":true,"IsPrinterDriverImport":false,"PagesCount":1,"Status":3,"DateCreated":"2019-10-10T08:56:48.1359344-07:00","CloudId":null,"Reference":null,"AttachmentsCount":0,"Location":"Local Machine","IsDeleted":false,"TrashDate":"0001-01-01T00:00:00","CustomerId":"49204821","Tags":[],"Pages":[{"PageType":1,"PageNumber":0,"ImageName":"0.tiff","IsStaticCoverPage":false,"CoverPagePath":null}],"Attention":null,"Attachments":[],"Annotations":[{"Id":1,"Page":0,"XPosition":688.0,"YPosition":110.5,"Width":926.0,"Height":74.0,"AnnotationType":7,"FillBrush":null,"Opacity":0.0,"OpacityBrush":null,"BorderBrush":null,"BorderThickness":0.0,"Text":"","FontFamily":"Calibri Light","ForegroundBrush":null,"FontSize":56.0,"Justification":"Left","IsBold":false,"IsItalic":false,"IsUnderLine":false,"IsStrikeThrough":false,"FilePath":"C:\\Users\\Jamie.Slon

        C:\Users\user\AppData\Local\Temp\MessengerTemp\2023-09-29T19.20.20.4639103+02.00\Pages\0.tiff

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:TIFF image data, little-endian, direntries=15, height=3301, bps=-29692, compression=LZW, PhotometricIntepretation=RGB, width=2551
        Category:dropped
        Size (bytes):652098
        Entropy (8bit):7.355948247950777
        Encrypted:false
        SSDEEP:
        MD5:E8C73896A622B70C8668B5925F729427
        SHA1:B1B192EB746CD8BC9A6B297088956623F9D727F0
        SHA-256:BA0CF6D9E4327B265A01698D1068E160804DDAD238A43B01C23A16D522B3AE5A
        SHA-512:B6C4CBD6E4A212BD9E6CBD0920C7E1368B623F80563C93EBE94C7B6312DB6E0EBD93CA66221F5148E4063E12590E031E60DF913893CC70E5FE22F6731BE14B3E
        Malicious:false
        Reputation:low
        Preview:II*.J....?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\

        C:\Users\user\AppData\Local\Temp\MessengerTemp\2023-09-29T19.20.20.4639103+02.00\document.json

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):5882
        Entropy (8bit):5.190832172051494
        Encrypted:false
        SSDEEP:
        MD5:BD139EADCF2F6AED16F1151C2A6326C6
        SHA1:596A5DACC66D2839474A7166D22643F2DBEC1145
        SHA-256:47AA82F8EA69E043CB64230073E97F663C1F9D5DA8479C5BDEE6C63B44881B3F
        SHA-512:FE21179F64C81D71136CEB0C94ADFEFF386E68DCCCC349F3AB6CFA4597F0050CF90E5A8DEDF84A98A743E1239AB7CD1280FE02F7024F47AD8FD56BC056B1646C
        Malicious:false
        Reputation:low
        Preview:{"Id":-1,"FilePath":"C:\\Users\\jamie.sloniker\\Documents\\eFax Messenger\\Coverpages\\Confidential-New.efax","FileExists":true,"FileSize":0,"Subject":null,"IsCoverPageFile":true,"IsPrinterDriverImport":false,"PagesCount":1,"Status":3,"DateCreated":"2020-09-15T09:24:55.3295532-07:00","CloudId":null,"Reference":null,"AttachmentsCount":0,"Location":"Local Machine","IsDeleted":false,"TrashDate":"0001-01-01T00:00:00","CustomerId":"9247455","Tags":[],"Pages":[{"PageType":1,"PageNumber":1,"ImageName":"0.tiff","IsStaticCoverPage":false,"CoverPagePath":null}],"Attention":null,"Attachments":[],"Annotations":[{"Id":1,"Page":1,"XPosition":368.30769230769238,"YPosition":394.57692307692304,"Width":1232.0000000000014,"Height":55.692307692307622,"AnnotationType":7,"FillBrush":null,"Opacity":0.0,"OpacityBrush":null,"BorderBrush":null,"BorderThickness":0.0,"Text":"","FontFamily":"Calibri Light","ForegroundBrush":null,"FontSize":48.0,"Justification":"Left","IsBold":false,"IsItalic":false,"IsUnderLine":f

        C:\Users\user\AppData\Local\Temp\MessengerTemp\2023-09-29T19.20.22.4638999+02.00\Pages\0.tiff

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:TIFF image data, little-endian, direntries=15, height=3301, bps=-28836, compression=LZW, PhotometricIntepretation=RGB, width=2551
        Category:dropped
        Size (bytes):652954
        Entropy (8bit):7.329686635531593
        Encrypted:false
        SSDEEP:
        MD5:A3131A5DFB80280D292DA7243E5133BF
        SHA1:D01FA9DE3504546CD5F97D183F984A4EE37501D9
        SHA-256:EEEBEDB1F963247ABD7EF2EA592C01EBC008FBF0FD5A619F2BA38EAF8D04AA23
        SHA-512:DFF71A94912D4056F0E3585F37EB1A3A5A15790FAF5E8CD8EC7296C2265EDCB89F112B237A0D8959B14866FA9D6974072972152D322515D5960714E333412DDF
        Malicious:false
        Reputation:low
        Preview:II*......?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\nW;...w.^oW...5..?.@.$....BaP.d6...DbQ8.V-..FcQ..v=..HdR9$.M'.JeR.d.]/.LfS9..m7.NgS...}?.PhT:%..G.RiT.e6.O.TjU:.V.W.VkU..v._.XlV;%..g.ZmV.e..o.\

        C:\Users\user\AppData\Local\Temp\MessengerTemp\2023-09-29T19.20.22.4638999+02.00\document.json

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):6579
        Entropy (8bit):5.202485252123149
        Encrypted:false
        SSDEEP:
        MD5:D9694951C21E0E0D41F72C616BA300B4
        SHA1:CE4AAE4C3791C07529BD9BC5DFBA3759BD460B75
        SHA-256:5417FA604B444AC193EDBB19042DB266A386D65ADA497FDC9658EF33BFBEBF95
        SHA-512:DF42A611E981CD851822E10E80594663B8BBF311FD942D587FC442B50F2730DCF3C022E9E740F23CD26852557D6814BC9B82EFB7CC7C01F5A608BFA078FF09A4
        Malicious:false
        Reputation:low
        Preview:{"Id":-1,"FilePath":"C:\\Users\\jamie.sloniker\\Documents\\eFax Messenger\\Coverpages\\Default-NewNew.efax","FileExists":false,"FileSize":0,"Subject":null,"IsCoverPageFile":true,"IsPrinterDriverImport":false,"PagesCount":1,"Status":3,"DateCreated":"2020-09-17T07:25:40.2839544-07:00","CloudId":null,"Reference":null,"AttachmentsCount":0,"Location":"Local Machine","IsDeleted":false,"TrashDate":"0001-01-01T00:00:00","CustomerId":"9247455","Tags":[],"Pages":[{"PageType":1,"PageNumber":1,"ImageName":"0.tiff","IsStaticCoverPage":false,"CoverPagePath":null}],"Attention":null,"Attachments":[],"Annotations":[{"Id":2,"Page":1,"XPosition":245.23076923076917,"YPosition":829.03846153846166,"Width":1312.0000000000005,"Height":63.076923076922583,"AnnotationType":7,"FillBrush":null,"Opacity":0.0,"OpacityBrush":null,"BorderBrush":null,"BorderThickness":0.0,"Text":"","FontFamily":"Calibri Light","ForegroundBrush":null,"FontSize":48.0,"Justification":"Left","IsBold":false,"IsItalic":false,"IsUnderLine":fa

        C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20230929191830.log

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:ASCII text, with very long lines (382), with CRLF line terminators
        Category:dropped
        Size (bytes):16453
        Entropy (8bit):5.533042196260072
        Encrypted:false
        SSDEEP:
        MD5:F68D78F71A239DBCD5959A67100450E9
        SHA1:45426FE0B068DD7EB8573EA959A7D487C94F83BC
        SHA-256:D89DB0167F39F35594D6A83272D14E81FB85A34EE774D5DB9E5CD2721243B69A
        SHA-512:A867EA5566F81516B3E6942EF53EB0CD5DC60C0AD4E3EB9FACA7AB74C441AC19306BCF613AB3EDD6DFBD1EEE89C8AE3E6124E19C55EA818B29EB51AD9F3A1ED2
        Malicious:false
        Reputation:low
        Preview:[0650:0CFC][2023-09-29T19:18:30]i001: Burn v3.7.3813.0, Windows v10.0 (Build 18363: Service Pack 0), path: C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe, cmdline: '-burn.unelevated BurnPipe.{2760BEA1-1D1E-47F2-9625-8259E2028C2E} {01FFCAC3-379E-43AE-945B-7D1463EF65BD} 2984'..[0650:0CFC][2023-09-29T19:18:30]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20230929191830.log'..[0650:0CFC][2023-09-29T19:18:30]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe'..[0650:0CFC][2023-09-29T19:18:30]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++

        C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20230929191830_000_vcRuntimeMinimum_x86.log

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-16, little-endian text, with very long lines (588), with CRLF line terminators
        Category:dropped
        Size (bytes):184380
        Entropy (8bit):3.7932782536199885
        Encrypted:false
        SSDEEP:
        MD5:F7B16C0701545F5999B7F4690E05BC2C
        SHA1:238BF04A86CCC6CD928E2A3E2B0A80096B6E461D
        SHA-256:1FE5953C26C94AC8CA312C9623A0F1256B4999F37CC6F4C7E607F3570DA7A9ED
        SHA-512:3761524F6925521C5348C6F9E50174B20F18981BC1C76CC7F79BAC00FC7A44A971CEC8B6F65B969C51967C55E4D8A9FCD9F8D7EE5BDC9102EFC870BAD2D240F1
        Malicious:false
        Reputation:low
        Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .9./.2.9./.2.0.2.3. . .1.9.:.1.9.:.0.2. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.j.2. .G.l.o.b.a.l. .C.l.o.u.d. .S.e.r.v.i.c.e.s.\.e.F.a.x. .M.e.s.s.e.n.g.e.r.\.p.r.e.r.e.q.u.i.s.i.t.e.s.\.V.i.s.u.a.l. .C.+.+. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .f.o.r. .V.i.s.u.a.l. .S.t.u.d.i.o. .2.0.1.5.\.v.c._.r.e.d.i.s.t...x.8.6...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.A.8.:.8.4.). .[.1.9.:.1.9.:.0.2.:.2.5.7.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.A.8.:.8.4.). .[.1.9.:.1.9.:.0.2.:.2.5.7.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.A.8.:.8.4.). .[.1.9.:.1.9.:.0.2.:.2.5.7.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.

        C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20230929191830_001_vcRuntimeAdditional_x86.log

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-16, little-endian text, with very long lines (588), with CRLF line terminators
        Category:dropped
        Size (bytes):204182
        Entropy (8bit):3.803271193787425
        Encrypted:false
        SSDEEP:
        MD5:CEEAC99EDC10817BB35F8846A8405433
        SHA1:A4F4E8CA15A39264E317BDEE881F2A6E5D198B33
        SHA-256:9C1176216013D7EE4E9741A599D9A46E49095E66F99BC30DE0B89BA225647CDD
        SHA-512:4FEEE73C91F5BFDE963858F2122E45905F0AE818AB0C18DB4F87F75B10ECA9D336D0063092567F00141855AE59CF658320F0872A2F5E778119A4A366C436A68B
        Malicious:false
        Reputation:low
        Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .9./.2.9./.2.0.2.3. . .1.9.:.1.9.:.0.4. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.j.2. .G.l.o.b.a.l. .C.l.o.u.d. .S.e.r.v.i.c.e.s.\.e.F.a.x. .M.e.s.s.e.n.g.e.r.\.p.r.e.r.e.q.u.i.s.i.t.e.s.\.V.i.s.u.a.l. .C.+.+. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .f.o.r. .V.i.s.u.a.l. .S.t.u.d.i.o. .2.0.1.5.\.v.c._.r.e.d.i.s.t...x.8.6...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.A.8.:.3.4.). .[.1.9.:.1.9.:.0.4.:.3.4.6.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.A.8.:.3.4.). .[.1.9.:.1.9.:.0.4.:.3.4.6.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.A.8.:.3.4.). .[.1.9.:.1.9.:.0.4.:.3.4.6.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.

        C:\Users\user\AppData\Local\Temp\pre6511.tmp

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):726848
        Entropy (8bit):6.4584085143991095
        Encrypted:false
        SSDEEP:
        MD5:9863AD412FA5529D5A712EF228AC6E2B
        SHA1:BDA741FD705277C29379B01100A162E922F76583
        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\shi2A0A.tmp

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
        Category:dropped
        Size (bytes):5041664
        Entropy (8bit):6.047563336382253
        Encrypted:false
        SSDEEP:
        MD5:64E201C0AA248231E4C1DED78452A7F1
        SHA1:183466F28C4BE5C41D8753C222E0BE734BE12329
        SHA-256:3FBB9C0AD9EAFCF729ADFF0363F153DD650AC4052DAAAFA007992A4E07C119D7
        SHA-512:A887AE3C8C461CEFEB86A165BA80432AB8238180F38F6E57141E941D261D77D35DF806EE8A4508B2F44111A60B4DF19589FD3327C76483695B564D9D99C0F6DD
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c.B.............zk......j.......j.......j..........7....j.......j.......j.......j.......j......Rich....................PE..d....H.?.........." .........H...............................................`M.....F.M...`A........................................p.H.L&....I......@K.H.....I.t............@M.@..../:.T................... ...(...0...................x.....H......................text....N.......P.................. ..`.wpp_sf.+....`.......T.............. ..`.rdata..(P*......R*.................@..@.data....A...PI......2I.............@....pdata..t.....I......:I.............@..@.didat..x....0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc..@....@M.. ....L.............@..B........................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1028\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):19250
        Entropy (8bit):3.864921893310236
        Encrypted:false
        SSDEEP:
        MD5:EFA0E0316DBE1D01B04DB8AE55216E89
        SHA1:99E9A3879E14465D3ABE47E03A0EB52ECB7C1FCC
        SHA-256:D5147EE2BA7826D5B68E0DC10FC2AC95079F89C38264C5648D924DEC9290D085
        SHA-512:B544D5C585981DDADF1822403FFF5A4765031C2B484AB88A821C626B88CA3286269B1914E2F39B7D25AE748B69C8BC8D5CE7141BF72ACACC09E1888F623C3E38
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset136 PMingLiU;}{\f2\fswiss\fprq2\fcharset0 Segoe UI;}{\f3\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sb120\sa120\cf1\b\f0\fs20 MICROSOFT \f1\'b3\'6e\'c5\'e9\'b1\'c2\'c5\'76\'b1\'f8\'b4\'da\f0\par..\pard\brdrb\brdrs\brdrw10\brsp20 \sb120\sa120 MICROSOFT VISUAL STUDIO 2015 \f1\'a5\'5b\'ad\'c8\'a1\'42\f0 VISUAL STUDIO SHELL \f1\'a9\'4d\f0 C++ REDISTRIBUTABLE\par..\pard\sb120\sa120\b0\f1\'a5\'bb\'b1\'c2\'c5\'76\'b1\'f8\'b4\'da\'ac\'4f\'a1\'40\'b6\'51\'a5\'ce\'a4\'e1\'bb\'50\f0 Microsoft Corporation (\f1\'a9\'ce\'a8\'e4\'c3\'f6\'ab\'59\'a5\'f8\'b7\'7e\'a1\'41\'b5\'f8\'a1\'40\'b6\'51\'a5\'ce\'a4\'e1\'a9\'d2\'a9\'7e\'a6\'ed\'aa\'ba\'a6\'61\'c2\'49\'a6\'d3\'a9\'77\f0 ) \f1\'a4\'a7\'b6\'a1\'a6\'a8\'a5\'df\'aa\'ba

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1028\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):2980
        Entropy (8bit):6.163758160900388
        Encrypted:false
        SSDEEP:
        MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
        SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
        SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
        SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1029\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):11775
        Entropy (8bit):5.279979878308355
        Encrypted:false
        SSDEEP:
        MD5:FD8353F3BC88A47B8880B59A5DAD3F03
        SHA1:22E908EF2DD80221CDE6C2BB1AE27099C5F5697D
        SHA-256:2428E8BA8FC9648422333B6B4B92FB476741FC1022DE7CB59D030EC35CC21AC7
        SHA-512:44FF2DF62CB7381EB247800CA4B9566747E1A7A2A2321A002D7F49681ECBC5E797C91B56EA80B99565D3ACFCD38DD1444C616A7E17F5F4D2923E6124E99EB7F0
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 LICEN\u268?N\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\u268?NOSTI MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 DOPL\u327?KY PRO MICROSOFT VISUAL STUDIO 2015, SOFTWARE VISUAL STUDIO SHELL A C++ REDISTRIBUTABLE\par..\pard\nowidctlpar\sb120\sa120\b0 Tyto licen\u269?n\'ed podm\'ednky p\u345?edstavuj\'ed smlouvu mezi spole\u269?nost\'ed Microsoft Corporation (nebo n\u283?kterou z\~jej\'edch afilac\'ed v\~z\'e1vislosti na tom, kde bydl\'edte) a\~v\'e1mi. Vztahuj\'ed se na v\'fd\'9ae uveden\'fd software. Podm\'ednky se rovn\u283?\'9e vztahuj\'ed na jak\'e9koli slu\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\'ed odli\'9an\'e9 podm\'ednky.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidc

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1029\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3333
        Entropy (8bit):5.370651462060085
        Encrypted:false
        SSDEEP:
        MD5:16343005D29EC431891B02F048C7F581
        SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
        SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
        SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1031\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):12146
        Entropy (8bit):5.128850756720655
        Encrypted:false
        SSDEEP:
        MD5:B4A1F60A329E18DD44C19F91E19E9A0D
        SHA1:9A27B68A23BE4AA2CBD1F0F4D4616DF52A74134F
        SHA-256:C017EDFE3B0D308E20FBF3DE8795FD4451A530475A2D0EE0824E166045EADFB7
        SHA-512:D7E571B66271F82C275FE7B83C67679352B9B37AACBC13692346F8D56D01F4C61001B46C64F118F3165DE39B5F6DD625703996E1A181743BFDF2263F50707067
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1031\b\f0\fs20 MICROSOFT-SOFTWARE-LIZENZBESTIMMUNGEN\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 ADD-ONs ZU MICROSOFT VISUAL STUDIO 2015, VISUAL STUDIO SHELLS und C++ REDISTRIBUTABLE \par..\pard\nowidctlpar\sb120\sa120\b0 Diese Lizenzbestimmungen sind ein Vertrag zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem mit Microsoft verbundenem Unternehmen). Sie gelten f\'fcr die oben genannte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b WENN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, VERF\'dc

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1031\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3379
        Entropy (8bit):5.094097800535488
        Encrypted:false
        SSDEEP:
        MD5:561F3F32DB2453647D1992D4D932E872
        SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
        SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
        SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1036\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):12019
        Entropy (8bit):5.040545489557448
        Encrypted:false
        SSDEEP:
        MD5:6F70759DF32F212DBB65464258ECEEAF
        SHA1:F8C597E00968431A66DCDD79A8DE95705976D39E
        SHA-256:C7F03DA5D9A7F689B8DCBD507FF0B3FA98DABA55616F902E5E47E9839B753E1F
        SHA-512:99309C17AF1A323AB905A3B610B46B9CE9201CF7083103D990CC4C6B509F28743D99A9BC17DFA7E89EDE4496BAC30FD86C9356ABA9F292BFBF591CE6B6B7EF3E
        Malicious:false
        Reputation:low
        Preview:{\rtf1\fbidis\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}{\f1\fswiss\fprq2\fcharset177 Tahoma;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\ltrpar\nowidctlpar\sb120\sa120\lang1036\b\f0\fs20 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \ltrpar\nowidctlpar\sb120\sa120\lang1033 COMPL\'c9MENTS MICROSOFT VISUAL STUDIO\~2015, VISUAL STUDIO SHELL et C++ REDISTRIBUTABLE\par..\pard\ltrpar\nowidctlpar\sb120\sa120\lang1036\b0 Les pr\'e9sents termes du contrat de licence constituent un contrat entre Microsoft Corporation (ou en fonction du lieu o\'f9 vous vivez, l\rquote un de ses affili\'e9s) et vous. Ils s\rquote appliquent au logiciel vis\'e9 ci-dessus. Les termes s\rquote appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\rquote autres termes n\rquote accom

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1036\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3366
        Entropy (8bit):5.0912204406356905
        Encrypted:false
        SSDEEP:
        MD5:7B46AE8698459830A0F9116BC27DE7DF
        SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
        SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
        SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1040\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):11154
        Entropy (8bit):4.973186760735321
        Encrypted:false
        SSDEEP:
        MD5:1D07E27F97CE22A58780A04227BE6465
        SHA1:2FCD519823F1664C59A959ACBEE37093EC94F62E
        SHA-256:F1214784C57AA3323426AF64D132045970717994EBA500B25283684DC1ADEBAA
        SHA-512:D66965269C9EA755266F9A76221528213648E2AA7AB2E6917BE356ECE279ACF69D0C1982FE3C4B8BD1BB79A094ABE98AE6578C6F6EC311D46CD2950390B23FCC
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1040\b\f0\fs20 CONDIZIONI DI LICENZA SOFTWARE MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 ADD-ON DI MICROSOFT VISUAL STUDIO 2015, VISUAL STUDIO SHELL e C++ REDISTRIBUTABLE\par..\pard\nowidctlpar\sb120\sa120\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario, Le presenti condizioni si applicano al software di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, a meno che questo non sia accompagnato da condizioni differenti.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b QUALORA IL LICENZI

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1040\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3319
        Entropy (8bit):5.019774955491369
        Encrypted:false
        SSDEEP:
        MD5:D90BC60FA15299925986A52861B8E5D5
        SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
        SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
        SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1041\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):32348
        Entropy (8bit):3.6789762165847035
        Encrypted:false
        SSDEEP:
        MD5:0D9DD57746D5609494B35314FA88FD93
        SHA1:8A7A57681813AE27F9579427B086685143073D13
        SHA-256:AC0D8E0EAAB1875909A6A6F106A37CD7468F87F71887A44263F5F0178F99C40B
        SHA-512:E365C8416C70581BB31629B8EC62C6581539A80C7A4C06D489C64978D84C55B37DAC72C09D1A89A2344E07F0F59BEB4F371D9C78F92D9903F431B3F0B94BBAF8
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset128 MS PGothic;}{\f1\fswiss\fprq2\fcharset0 Tahoma;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1 \f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\f1 \f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\f2\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f1 MICROSOFT VISUAL STUDIO 2015 \f0\'83\'41\'83\'68\'83\'49\'83\'93\'81\'41\f1 VISUAL STUDIO SHELL\f0\'81\'41\'82\'a8\'82\'e6\'82\'d1\f1 C++ \f0\'8d\'c4\'94\'d0\'95\'7a\'89\'c2\'94\'5c\'83\'70\'83\'62\'83\'50\'81\'5b\'83\'57\f2\par..\pard\nowidctlpar\sb120\sa120\b0\f0\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1041\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3959
        Entropy (8bit):5.955167044943003
        Encrypted:false
        SSDEEP:
        MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
        SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
        SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
        SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1042\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):29329
        Entropy (8bit):3.8105626152255763
        Encrypted:false
        SSDEEP:
        MD5:F6E7A2A05EFB4413295C156A179578A3
        SHA1:91036034CA0BBD9A30BFC0BC2045791D57E94005
        SHA-256:DCEFD9B37D78F37ED8AAEF70AC2BFCDE441DCFB97469A6AA6AF89C1FFADBF814
        SHA-512:029AA788A5B6E0194D5A52005CF0327C375196E54F7EBBCE2758A3E6684D6DDF6765519564C272ABF5EBEBEAA5A1B4B3C3F0DC9B5377DF151DCA825FEC02DBDF
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\fswiss\fprq2\fcharset129 Gulim;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f2\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f0 MICROSOFT VISUAL STUDIO 2015 \f1\'c3\'df\'b0\'a1\f0 \f1\'b1\'e2\'b4\'c9\f0 , VISUAL STUDIO SHELL \f1\'b9\'d7\f0 C++ \f1\'c0\'e7\'b9\'e8\'c6\'f7\f0 \f1\'b0\'a1\'b4\'c9\f0 \f1\'c6\'d0\'c5\'b0\'c1\'f6\f0 \f2\par..\pard\nowidctlpar\sb120\sa120\b0\f1\'ba\'bb\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1042\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3249
        Entropy (8bit):5.985100495461761
        Encrypted:false
        SSDEEP:
        MD5:B3399648C2F30930487F20B50378CEC1
        SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
        SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
        SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1045\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):13213
        Entropy (8bit):5.403831385196401
        Encrypted:false
        SSDEEP:
        MD5:A0D88589A339E57E412AB01E763D6A27
        SHA1:E4B954832036D98943F2380DCCE636473A84F9D5
        SHA-256:898D5CA01A3271D97350D06A6CCDB8803A176BB42BAF7E2C8F76C9037235CA8E
        SHA-512:504E3939E96EC78E59ECDA356B463B2E54AEB94026B97669428730ACB202D73DB510FC9C6B5060AC48DD564E0DD9896E1B65AB7E1D30C58C9F2A954CB585D704
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 POSTANOWIENIA LICENCYJNE DOTYCZ\u260?CE OPROGRAMOWANIA MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 DODATKI DO MICROSOFT VISUAL STUDIO 2015, VISUAL STUDIO SHELL oraz PAKIET REDYSTRYBUCYJNY C++ \par..\pard\nowidctlpar\sb120\sa120\b0 Niniejsze postanowienia licencyjne stanowi\u261? umow\u281? mi\u281?dzy Microsoft Corporation (lub, w zale\u380?no\u347?ci od miejsca zamieszkania Licencjobiorcy, jednym z podmiot\'f3w stowarzyszonych Microsoft Corporation) a Licencjobiorc\u261?. Postanowienia te dotycz\u261? oprogramowania okre\u347?lonego powy\u380?ej. Niniejsze postanowienia maj\u261? r\'f3wnie\u380? zastosowanie do wszelkich us\u322?ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\u26

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1045\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3212
        Entropy (8bit):5.268378763359481
        Encrypted:false
        SSDEEP:
        MD5:15172EAF5C2C2E2B008DE04A250A62A1
        SHA1:ED60F870C473EE87DF39D1584880D964796E6888
        SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
        SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1046\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):10200
        Entropy (8bit):5.026102753317644
        Encrypted:false
        SSDEEP:
        MD5:137A9579BA2E02EBB87817440FCBDCB9
        SHA1:FE033A175D4F0C766B95D67D5DA933C608323159
        SHA-256:42DC678EF9D5E4E147BF178FFE2FA3CD4BBBF9C904872B4E344D8BB22C473ED5
        SHA-512:601D98C7994EA569CF5D0C74D4357503773CCE1EC1D1701FC363FB66AA003C968900CD56A0702B3E8661DA157367755B40D473FA870800936B02980B021931C8
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1046\b\f0\fs20 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 COMPLEMENTOS DO MICROSOFT VISUAL STUDIO 2015, VISUAL STUDIO SHELLS e C++ REDISTRIBUTABLE \par..\pard\nowidctlpar\sb120\sa120\b0 Os presentes termos de licen\'e7a constituem um acordo entre a Microsoft Corporation (ou, dependendo do local no qual voc\'ea esteja domiciliado, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b SE VOC\'ca CONCORDAR COM ESTE

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1046\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3095
        Entropy (8bit):5.150868216959352
        Encrypted:false
        SSDEEP:
        MD5:BE27B98E086D2B8068B16DBF43E18D50
        SHA1:6FAF34A36C8D9DE55650D0466563852552927603
        SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
        SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1049\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):54812
        Entropy (8bit):3.5769726207436507
        Encrypted:false
        SSDEEP:
        MD5:EFF73C35DB2D6AC9F29D1B633C984A95
        SHA1:05E1A450FD077607612AA0506143140CCC8017B9
        SHA-256:F00A2A67106CA3BADB4C233951A262EC0A9BBA3151E1D8DA0362DCADA7928DCD
        SHA-512:1D89C50B2B2EA63DD464268DAB4272991D51E2D27A407440585BE855D86E06B5982F685D797E8F7917E75512F72CC1496FF5F21466B4A649ABA43458D8DBE8B8
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20\u1059?\u1057?\u1051?\u1054?\u1042?\u1048?\u1071? \u1051?\u1048?\u1062?\u1045?\u1053?\u1047?\u1048?\u1054?\u1053?\u1053?\u1054?\u1043?\u1054? \u1057?\u1054?\u1043?\u1051?\u1040?\u1064?\u1045?\u1053?\u1048?\u1071? \u1053?\u1040? \u1048?\u1057?\u1055?\u1054?\u1051?\u1068?\u1047?\u1054?\u1042?\u1040?\u1053?\u1048?\u1045? \u1055?\u1056?\u1054?\u1043?\u1056?\u1040?\u1052?\u1052?\u1053?\u1054?\u1043?\u1054? \u1054?\u1041?\u1045?\u1057?\u1055?\u1045?\u1063?\u1045?\u1053?\u1048?\u1071? MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\u1044?\u1054?\u1055?\u1054?\u1051?\u1053?\u1048?\u1058?\u1045?\u1051?\u1068?\u1053?\u1067?\u1045? \u1050?\u1054?\u1052?\u1055?\u1054?\u1053?\u1045?\u1053?\u1058?\u1067? MICROSOFT VI

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1049\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):4150
        Entropy (8bit):5.444436038992627
        Encrypted:false
        SSDEEP:
        MD5:17C652452E5EE930A7F1E5E312C17324
        SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
        SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
        SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1055\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):12669
        Entropy (8bit):5.215620365946286
        Encrypted:false
        SSDEEP:
        MD5:362F60F539B629BF59021003F426583C
        SHA1:C9DBA340889AAFD07996A8BFCAB7C14F404E07A6
        SHA-256:1E602773F3071636E0F9C6B27037B7B4094DC26F7C2FABCDF3287BC9BCAA8652
        SHA-512:10F475BB075EBC597CFE1D2333F9B4B26109FEC974E4517E9F77BC30D609ED47619F4347124274F85E9277B14EF52D7863D311BDC4176E7AE7FCB009420B15C1
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT YAZILIM L\u304?SANSI KO\u350?ULLARI\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL STUDIO 2015 EKLENT\u304?LER\u304?, VISUAL STUDIO SHELLS ve C++ YEN\u304?DEN DA\u286?ITILAB\u304?L\u304?R \par..\pard\nowidctlpar\sb120\sa120\b0 Bu lisans ko\u351?ullar\u305?, Microsoft Corporation (veya ya\u351?ad\u305?\u287?\u305?n\u305?z yere g\'f6re bir ba\u287?l\u305? \u351?irketi) ile sizin aran\u305?zda yap\u305?lan s\'f6zle\u351?meyi olu\u351?turur. Bu ko\u351?ullar, yukar\u305?da ad\u305? ge\'e7en yaz\u305?l\u305?m i\'e7in ge\'e7erlidir. Ko\u351?ullar, yaz\u305?l\u305?m i\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\u351?tirmeleri i\'e7in, beraberlerinde farkl\u305? ko\u351?ullar bulunmad\

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\1055\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3221
        Entropy (8bit):5.280530692056262
        Encrypted:false
        SSDEEP:
        MD5:DEFBEA001DC4EB66553630AC7CE47CCA
        SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
        SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
        SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\2052\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):19329
        Entropy (8bit):3.8703778033292844
        Encrypted:false
        SSDEEP:
        MD5:31AFEC54446E496CE2A1D1CD3B257738
        SHA1:E2B4F4CF493929AD01EDB33D9034F9129A15742E
        SHA-256:63F463F0ACE41FA088ACFB70F501DB47E3B83600DB31538D8DABA010E6B83D42
        SHA-512:8F2BC3343109CE6C0E3EF9E81CFFE96A70A56D5C5C28EE3ED2F933189818269C06A9DCF3B8783CC1AE0B379AA53A899CD6AAA59BE7A9E0F9E0D51E587A533829
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fprq2\fcharset134 SimSun;}{\f1\froman\fprq2\fcharset0 Times New Roman;}{\f2\fswiss\fprq2\fcharset0 Tahoma;}{\f3\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20\'ce\'a2\'c8\'ed\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f1\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f2 MICROSOFT VISUAL STUDIO 2015 ADD-ON\f0\'a1\'a2\f2 VISUAL STUDIO SHELLS \f0\'ba\'cd\f2 C++ REDISTRIBUTABLE\par..\pard\nowidctlpar\sb120\sa120\b0\f0\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\'ce\'a2\'c8\'ed\'b9\'ab\'cb\'be\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\'ce\'a2\'c8\'ed\'b9\'ab\'cb\'be\'b5\'c4\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\2052\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):2978
        Entropy (8bit):6.135205733555905
        Encrypted:false
        SSDEEP:
        MD5:3D1E15DEEACE801322E222969A574F17
        SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
        SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
        SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\3082\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):10616
        Entropy (8bit):5.050611165428319
        Encrypted:false
        SSDEEP:
        MD5:64F1444D27E3F3489F057E7280E9C973
        SHA1:3DDC843D2021F62994C6ED35EBC8A193C4045994
        SHA-256:55929413B6A530F8C4ACBB1E7EEE81FB9ED0BD64AF5CD26D6F5637CEDFAF0A2D
        SHA-512:8D9AC8300C5A6815D2AFA02A54F23CB3A8B28192FA504C26F747FA3D4E70DEB55F8C19CA4ABF6E93856BCD1F1D9636A95E4E8F134D8D1E4ECC4081579F5B27CB
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang3082\b\f0\fs20 T\'c9RMINOS DE LICENCIA DEL SOFTWARE DE MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 COMPLEMENTOS DE MICROSOFT\~VISUAL\~STUDIO\~2015, SHELLS DE VISUAL\~STUDIO Y C++\~REDISTRIBUTABLE\par..\pard\nowidctlpar\sb120\sa120\b0 Los presentes t\'e9rminos de licencia constituyen un contrato entre Microsoft Corporation (o, en funci\'f3n de donde resida, una de sus filiales) y usted. Se aplican al software antes mencionado. Los t\'e9rminos tambi\'e9n se aplican a cualquier servicio o actualizaci\'f3n de Microsoft para el software, excepto en la medida que tengan t\'e9rminos diferentes.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b SI CUMPLE CON ESTOS T\'c9RMINOS DE LICENCIA, DISPONDR

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\3082\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:dropped
        Size (bytes):3265
        Entropy (8bit):5.0491645049584655
        Encrypted:false
        SSDEEP:
        MD5:47F9F8D342C9C22D0C9636BC7362FA8F
        SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
        SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
        SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\BootstrapperApplicationData.xml

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (560), with CRLF line terminators
        Category:dropped
        Size (bytes):12416
        Entropy (8bit):3.722658035927368
        Encrypted:false
        SSDEEP:
        MD5:D09EA7C6853EB312D755857D721BFAB5
        SHA1:925EEFEA246686823C4158BE84FFFA387381C187
        SHA-256:C0AA87E265D55D306A51E16FD57E32B59776F007B463886515C7BA93110CC317
        SHA-512:A320D9E81E9115FE15B71A9E2BEFFDF53EAA455D3D18BAB3B5FA350B5D98F69161990D2D256295E99FC250F317EDA23C8866EBEEDA18C42957DB29FD5A212302
        Malicious:false
        Reputation:low
        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.U.x.B.l.o.c.k.e.r. .S.h.o.r.t.N.a.m.e.=.".M.i.n.i.m.u.m.O.S.L.e.v.e.l.". .T.y.p.e.=.".S.t.o.p.". .C.o.n.d.i.t.i.o.n.=.".N.O.T.(.(.V.e.r.s.i.o.n.N.T. .&.g.t.;. .v.6...1.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.6...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).).". .D.i.s.p.l.a.y.T.e.x.t.=.".#.l.o.c...M.i.n.i.m.u.m.O.S.L.e.v.e.l.". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.5...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .2.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\license.rtf

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
        Category:dropped
        Size (bytes):8863
        Entropy (8bit):5.133375715016848
        Encrypted:false
        SSDEEP:
        MD5:EBA5FAA2129CAFEC630B82ADAE942AA9
        SHA1:52BA1E75ACCBEF329F64EA75111666F643D8987C
        SHA-256:4D7B2ABAAB1C0D46260E5D48AD4CE4BBC3EC02C660838A9A578F1BEAD68D6B35
        SHA-512:2BC372D51FF28BE5A7D8A957E3D98093D5CD8F88EFA5DAD914D6D5313CABBFBD1E93FFF7BA46FF1ED90F9074F4D03CF8A244B9D22BCEF88C562FF577921CBA8B
        Malicious:false
        Reputation:low
        Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;\red0\green32\blue96;\red0\green0\blue0;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT SOFTWARE LICENSE TERMS\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL STUDIO 2015 ADD-ONs, VISUAL STUDIO SHELLS and C++ REDISTRIBUTABLE \par..\pard\nowidctlpar\sb120\sa120\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par..\pard\nowidctlpar\fi-357\li357\sb120\sa120\tx360 1.\tab INSTALLATION AND USE RIGHTS. \b

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
        Category:dropped
        Size (bytes):1861
        Entropy (8bit):6.868587546770907
        Encrypted:false
        SSDEEP:
        MD5:D6BD210F227442B3362493D046CEA233
        SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
        SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
        SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\thm.wxl

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):2952
        Entropy (8bit):5.052095286906672
        Encrypted:false
        SSDEEP:
        MD5:FBFCBC4DACC566A3C426F43CE10907B6
        SHA1:63C45F9A771161740E100FAF710F30EED017D723
        SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
        SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\thm.xml

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):5881
        Entropy (8bit):5.175177119212422
        Encrypted:false
        SSDEEP:
        MD5:0056F10A42638EA8B4BEFC614741DDD6
        SHA1:61D488CFBEA063E028A947CB1610EE372D873C9F
        SHA-256:6B1BA0DEA830E556A58C883290FAA5D49C064E546CBFCD0451596A10CC693F87
        SHA-512:5764EC92F65ACC4EBE4DE1E2B58B8817E81E0A6BC2F6E451317347E28D66E1E6A3773D7F18BE067BBB2CB52EF1FA267754AD2BF2529286CF53730A03409D398E
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="64" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader)</T

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\wixstdba.dll

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):120832
        Entropy (8bit):6.2760527819182705
        Encrypted:false
        SSDEEP:
        MD5:4D20A950A3571D11236482754B4A8E76
        SHA1:E68BD784AC143E206D52ECAF54A7E3B8D4D75C9C
        SHA-256:A9295AD4E909F979E2B6CB2B2495C3D35C8517E689CD64A918C690E17B49078B
        SHA-512:8B9243D1F9EDBCBD6BDAF6874DC69C806BB29E909BD733781FDE8AC80CA3FFF574D786CA903871D1E856E73FD58403BEBB58C9F23083EA7CD749BA3E890AF3D2
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................x=....x...... .....0.....n..x.....x8....x9....x>...Rich..........................PE..L....NjT...........!.....4...................P...............................0......h.....@.............................................l....................... ...0S.................................@............P...............................text....2.......4.................. ..`.rdata...d...P...f...8..............@..@.data..../..........................@....rsrc...l...........................@..@.reloc..J ......."..................@..B................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.be\VC_redist.x86.exe

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):530416
        Entropy (8bit):7.134793585501652
        Encrypted:false
        SSDEEP:
        MD5:02CE786C2214475AF0AF55857762D07E
        SHA1:63CA60153FF1EB393F6C6ED5B43C91E516A00746
        SHA-256:29CF2F79B42D4C6743025F1532943D3E09C9CC84887CCF6DAA7927D70CFE249C
        SHA-512:33BDB90401A2C86D5CF891E9DE93E4F7B6E6121C27DC61A5A45B7ED36406B4211144785F2A66607D38A9774C425DA6066B90BDE0D451D0D2A626E79BC3ACD44C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-.}}~.}}~.}}~...~.}}~...~.}}~...~.}}~...~.}}~.}|~.|}~...~.}}~...~.}}~.}.~.}}~...~.}}~Rich.}}~........PE..L....S.T.....................6....................@..........................P............@..................................6..@........9..........8....>......03.. .......................H/......./..@............................................text............................... ..`.rdata.............................@..@.data....0...`.......:..............@....wixburn8............J..............@..@.tls.................L..............@....rsrc....9.......:...N..............@..@.reloc...D.......F..................@..B................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\cab54A5CABBE7274D8A22EB58060AAB7623

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Microsoft Cabinet archive data, many, 1250384 bytes, 47 files, at 0x44 +A "api_ms_win_core_console_l1_1_0.dll" +A "api_ms_win_core_datetime_l1_1_0.dll", flags 0x4, number 1, extra bytes 20 in head, 104 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):1266512
        Entropy (8bit):7.997295377631341
        Encrypted:true
        SSDEEP:
        MD5:EF539E516A6EAE566EC601C0292262A1
        SHA1:2B8EDA4CAB9C651572AE7424C565AFC37F36F384
        SHA-256:C8029A6CE811E707A4E06D05935CEB2F96C858C82AE25FEC602DF7BEA5FA8996
        SHA-512:A2DD3A50C444AEA327C72196812FC65ABCEFF795ABFA600851C5A6EC6345DF4BC27D29DBA57867CEE8CB9E2649081B3CE01684235C5BCB8D53A21D7BBD05CBAC
        Malicious:false
        Reputation:low
        Preview:MSCF....P.......D.........../...............P....?..............h....M.........FN. .api_ms_win_core_console_l1_1_0.dll..K...M.....FN. .api_ms_win_core_datetime_l1_1_0.dll..K..8......FN. .api_ms_win_core_debug_l1_1_0.dll..K.........FN. .api_ms_win_core_errorhandling_l1_1_0.dll..Y..x0.....FN. .api_ms_win_core_file_l1_1_0.dll..K.........FN. .api_ms_win_core_file_l1_2_0.dll..K.........FN. .api_ms_win_core_file_l2_1_0.dll..K.. !.....FN. .api_ms_win_core_handle_l1_1_0.dll..M...l.....FN. .api_ms_win_core_heap_l1_1_0.dll..M..H......FN. .api_ms_win_core_interlocked_l1_1_0.dll..M.........FN. .api_ms_win_core_libraryloader_l1_1_0.dll..U...U.....FN. .api_ms_win_core_localization_l1_2_0.dll..M..P......FN. .api_ms_win_core_memory_l1_1_0.dll..K.........FN. .api_ms_win_core_namedpipe_l1_1_0.dll..O...D.....FN. .api_ms_win_core_processenvironment_l1_1_0.dll..S..P......FN. .api_ms_win_core_processthreads_l1_1_0.dll..M.........FN. .api_ms_win_core_processthreads_l1_1_1.dll..I...5.....FN. .api_ms_win_core_

        C:\Users\user\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\cabB3E1576D1FEFBB979E13B1A5379E0B16

        Download File
        Process:C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe
        File Type:Microsoft Cabinet archive data, many, 4972658 bytes, 14 files, at 0x44 +A "mfc140.dll" +A "mfc140chs.dll", flags 0x4, number 1, extra bytes 20 in head, 295 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):4988786
        Entropy (8bit):7.998834235739084
        Encrypted:true
        SSDEEP:
        MD5:618391FB37CF114D1CCF9E4B6F29ED7C
        SHA1:6CAF4DC105C8BEFFA4E03C9F3ACFECDDB496BBD7
        SHA-256:81850E835235A3B5CBB710B9726F24F6088727B1661573F1C6CEA2FDA45EDA53
        SHA-512:7469026E1E658C6525D8A6BD78A4136F2CDE1767E62D46C1D6F4A4D9CE365E2B74B07C51CBB0C546A71B178B678A55137A494E577A8DD1A2F0D3DE1FDC90E1A7
        Malicious:false
        Reputation:low
        Preview:MSCF....r.K.....D...........................r.K..?..............'.....B........FN. .mfc140.dll.......B....FN. .mfc140chs.dll.....@.C....FN. .mfc140cht.dll..&...=D....FN. .mfc140deu.dll......dE....FN. .mfc140enu.dll.."..8eF....FN. .mfc140esn.dll..&....G....FN. .mfc140fra.dll.......H....FN. .mfc140ita.dll.....0.I....FN. .mfc140jpn.dll......J....FN. .mfc140kor.dll......vK....FN. .mfc140rus.dll...C.(.L....FN. .mfc140u.dll..p...[.....FN. .mfcm140.dll..p..h.....FN. .mfcm140u.dll..Y...*..CK..XS..7.".n..q....E....@.L2i{..B.H ...V......W...+J......u...Y....VE...s...Z.....}./|.....:{......d..B.%..#d..?....g3Bl..b...{...F&.R.S..x.<.Y!ON..c...dgU...h.s.&N.nc..E.F..3..U.....*.Kg...x.]Y..T}.p.X..?DW.sid..K.+.qiD...;..z9U.....Y..."6.V.....(N.W)..q....@H.....i~.Aw.H.Z...R.J...nN.fD...E..9!"$....N.q.|Y....q.(_.O.$..+..F.i.Nd.J..N${y...H..la_.#. ).-.....a...&..^.Nh...\I.....u.t.R.}W~@.\-.....8.N...g..o@..^9.{.]..l...M..,u...u.S......!...z{.T..y.'..Y.....i.j...>b}El.

        C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger 5.4.2.1\install\eFaxMessengerSetup.5.4.2.1.msi

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {141B9747-18E5-4220-BB41-5089304395F7}, Number of Words: 2, Subject: eFax Messenger, Author: j2 Global Cloud Services, Name of Creating Application: eFax Messenger, Template: ;1033, Comments: eFax Messenger Setup program, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Sep 18 07:20:55 2023, Number of Pages: 200
        Category:dropped
        Size (bytes):7301632
        Entropy (8bit):6.623510069621163
        Encrypted:false
        SSDEEP:
        MD5:1A952865651A1F149284050F46344F05
        SHA1:C0C089BD0BFDCF8A7B9D0EE91DE2B177DE8BE9D3
        SHA-256:36CE8A037816E4CDA1D7C4E75A2811F3E9EEE9E88B8ECB2BA7B3A41AE7394852
        SHA-512:0E44D8F6ABDFC515201F10DAA7D4C39B0A32E1DD4E111DF4EFADB0FBAF8EF96E33A181AB4C9296F3630AF0D21E7FB48EC79024292FB43B9A209F05DF1440A206
        Malicious:false
        Reputation:low
        Preview:......................>...................p.......................z6..........r.......I...J...K...L...M...N...O...P...Q...R...S...T...U...............................i.......................................w...x...y...z...{...|...}...~...........................................!..."...#...$...%...&...'...(...)...*...+....................................................$...$...$...$...$...$...$...$...$...$...)...)...)...)...)...)...)...)...)...)...)...)...)...)...........1...............3..P4...........5...............0..............................J...M........................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...H...:...;...<...=...>...?...@...A...B...C...D...E...F...G.......I...K...L...N...U...j...O...P...Q...R...S...T...X...V...W...F...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...k...l....0..m...n...o...p...q....0......t...u...v...w...x...y...z...

        C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger 5.4.2.1\install\eFaxMessengerSetup.5.4.2.11.cab

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:Microsoft Cabinet archive data, many, 55691251 bytes, 88 files, at 0x44 +A "updater.exe" +A "eFaxMessenger.exe", flags 0x4, ID 1234, number 1, extra bytes 20 in head, 3715 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):55701827
        Entropy (8bit):7.998118181481103
        Encrypted:true
        SSDEEP:
        MD5:4E153C0E05753619A842EF2D0F138CA4
        SHA1:D1A27DA91506F3E9512D1E36203418ECF402059E
        SHA-256:E843F462E3DA7FD3D112E4F52E14801177BDBA098DB0BF8D9C7103A59C9AC3B9
        SHA-512:9B192749126A91ECB93061FE56187F79DC498F8DF9B064BFC04A5F4907F344E0F7DA02992F833EC122C9224AEAAFED989ECA4600B488C64080657C4DE461C372
        Malicious:false
        Reputation:low
        Preview:MSCF......Q.....D...........X.................Q.P)............................2W.. .updater.exe..3Z.......2W.. .eFaxMessenger.exe..]..0.l...2W.. .PrintDriverImport.exe.....H.m...2W.. .PrintDriverImport.exe.config.>...."m....V.. .faq.html..;..0)m....V.. .PauseApp.exe..`#.Hdm....V.. .DGlue1132.dll...,.......V.. .DGlue1164.dll...g..].....V.. .ABCpdf.dll.....XF%....V.. .ABCpdf1132.dll...D..[D....V.. .ABCpdf1164.dll......u.....V.. .ARSoft.Tools.Net.dll..0$........V.. .BouncyCastle.Crypto.dll......7.....V.. .Bugsnag.dll..pT........V.. .ChakraCore32.dll..4p.hx.....V.. .ChakraCore64.dll..r....v....V.. .GalaSoft.MvvmLight.dll..F....w....V.. .GalaSoft.MvvmLight.Extras.dll..6...ew....V.. .GalaSoft.MvvmLight.Platform.dll.......w....V.. .Hardcodet.Wpf.TaskbarNotification.dll...-..Kx....V.. .J2GSDK44.DLL...........2W.. .Messenger.eFaxWrapper.dll......;.....V.. .Messenger.EFX.dll.."...M....2W.. .Messenger.Models.dll......o....2W.. .Messenger.Utility.dll......G....2W.. .Messenger.ViewModels.dll......

        C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger 5.4.2.1\install\holder0.aiph

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:data
        Category:dropped
        Size (bytes):55701827
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:DCD4AA0FB430EC623348D3CCCADD2277
        SHA1:8E6D1683E902A1CFC4B1817606227E07B4830F7A
        SHA-256:B507909474CADEF9292C2BE4B4147DA07B6B5D263BA8D3F99FB4FFDA1B8EFD38
        SHA-512:D3AC9B3C22598F45090267C27351675565F5038E812699EA9691C824795E20245E1D643998BD7CEED0FD4F34EA73003A527BEE25E3DD21F949A9689624ED13A9
        Malicious:false
        Reputation:low
        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\prerequisites\Visual C++ Redistributable for Visual Studio 2015\vc_redist.x86.exe

        Download File
        Process:C:\Users\user\Desktop\efaxmessengersetup-5-4-2-1.exe
        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):13767776
        Entropy (8bit):7.996211583211273
        Encrypted:true
        SSDEEP:
        MD5:1A15E6606BAC9647E7AD3CAA543377CF
        SHA1:BFB74E498C44D3A103CA3AA2831763FB417134D1
        SHA-256:FDD1E1F0DCAE2D0AA0720895EFF33B927D13076E64464BB7C7E5843B7667CD14
        SHA-512:E8CB67FC8E0312DA3CC98364B96DFA1A63150AB9DE60069C4AF60C1CF77D440B7DFFE630B4784BA07EA9BF146BDBF6AD5282A900FFD6AB7D86433456A752B2FD
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-.}}~.}}~.}}~...~.}}~...~.}}~...~.}}~...~.}}~.}|~.|}~...~.}}~...~.}}~.}.~.}}~...~.}}~Rich.}}~........PE..L....S.T.....................6....................@..........................P......K/....@..................................6..@........9...............>......03.. .......................H/......./..@............................................text............................... ..`.rdata.............................@..@.data....0...`.......:..............@....wixburn8............J..............@..@.tls.................L..............@....rsrc....9.......:...N..............@..@.reloc...D.......F..................@..B................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Roaming\j2 Global Cloud Services\eFax Messenger\updates\MessengerUpdate.aiu.part

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\updater.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):430
        Entropy (8bit):5.2903616887024345
        Encrypted:false
        SSDEEP:
        MD5:4D7E7AA81EEC27219B50D797A3C41D44
        SHA1:6589435E93836E1E4BA4CEBD02440C5F96850517
        SHA-256:2D88EB5A19F7372896BCBD9302F82FECFFE036BEB5A4E07551D878B8B3A8B1EC
        SHA-512:D89734D98E9A98464CF25EAFF3C4A28A3C4DEADF06F670AE9D047FBAA11CAA1B5C8567AFFECF5AC0910E71966E524821BAD3A8729E4AF49A80D74F805F675A75
        Malicious:false
        Reputation:low
        Preview:;aiu;....[MessengerUpdate]..Name = eFax Messenger..ProductVersion = 5.4.2.1..URL = https://www.efax.com/wp-content/themes/j2-child-theme/assets/files/efaxmessenger/efaxmessengersetup-5-4-2-1.exe..Size = 80255048..MD5 = bef9a29984282fb5c7134e44fb07327a..ServerFileName = eFaxMessengerSetup-5-4-2-1.exe..RegistryKey = HKUD\Software\j2 Global Cloud Services\eFax Messenger\Version..Version = 5.4.2.1..Description = Updated API URL...

        C:\Users\user\Documents\eFax Messenger\Config\eFaxSettings.json.aes

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:data
        Category:dropped
        Size (bytes):3696
        Entropy (8bit):7.950876204705003
        Encrypted:false
        SSDEEP:
        MD5:0AEA98C41AD522D1D7680882A3940012
        SHA1:3C353F0D0D1394A267FBF5ACB2214A6985DDE1CF
        SHA-256:2535F93F166CD5D568F6C187E69AB0E317D9A5E29C97FDCB686E296C5B4E1293
        SHA-512:2D8A16F324F2C0582E7C89B77CFC49A7E8AC35659C7FD15D634042639778F4BBB033AEBC2483B3958560A0D1002A235F43F42B6ADB0AE602FA33CF47CF716A5C
        Malicious:false
        Reputation:low
        Preview:.4..ma.c...6........O..Nn&.co;>d...j....~..y....).+@...fr.k*...".K.....B..:......7o#._.M..D.....o....U..m..PyH(7..C] ..q...+.k.h...Y..YM...0M&...?.....,U......[....@..1w..!.>hM.....g.or....."NfU.;..T.|..Wv..t7v?o..CmM.?.0.TD..h..<..S2Cd.|..j.....G:8...../0m..."q.Dos..f.g.*j.C.om............+...d?.6N.7...uVK.....?....:L5.8f..q..v...b.t.....03..."..w...3.}..^..b.U.A...q/Q.2..U.:.*..v..f.L.t....5..h^p...%y.C>.`.C.Q.Kb.S....{.;sd.V...).|H.$E.L:G0.............|].&.".B...!.y......*.!]..{(...L|m.x N.2..>}...{S.xF..1..m..XP..[.E..C....(....Nh.%.j..@.,..&.C.:8;j..8..O.....r.D....R&b...L.I#....0...U[......D.x...8.J.a{,..|b...%.....$*....*.#P?.'..V...CV..v...|.K..C'...)H.c..0.tS...@.O...G..k.<...d.m`.$.r&.J|~..&...L.v.(.}..(A^...R>*.._...x..Z..y.|..P.....kC"...........G......q.H.u....Q..S....y.....!.....n5x..|.:.-}.O..I).ea.0.{. .P}.Q;`.....b....ERW..&Y.j.Y...ZE=j.$!......o].].H.5...!XN.8r.g...&...N1q4.].m..U..F.I.y..Q...U..^.....$}........n...(^E.

        C:\Users\user\Documents\eFax Messenger\CoverpageCache\Announcement.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 2551 x 3301, 8-bit/color RGB, non-interlaced
        Category:dropped
        Size (bytes):94629
        Entropy (8bit):7.003953154763669
        Encrypted:false
        SSDEEP:
        MD5:2E277F6E8B6615EA3FFB40F05E635715
        SHA1:E5416A59A9EAD066BBE82E6BCFBDB409B739193E
        SHA-256:E34252D5EB8F1461E05B7B080ACA49FE996199944318A5C498B2C4112B8780B9
        SHA-512:B203C39BCB2FBCE20AC67B1334C11866997A8AE816D2FC9365A2E31527EA9261C103A9E0AD61C37D92DBA7DEF94D0DB9DE1D903B0ED5DC1C9668688E784109FB
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR................e....sRGB.........gAMA......a.....pHYs..."..."........IDATx^.......?...G@....".-...g4.&B..^ v.*....FcI...D@.`...$..jT.Q.[..A..F.A...=.oT`f..n...;.......yvv?..STUU.........".$.?.......1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........1..........D..........)/......@L.........

        C:\Users\user\Documents\eFax Messenger\CoverpageCache\Announcement.txt

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):16
        Entropy (8bit):3.077819531114783
        Encrypted:false
        SSDEEP:
        MD5:2F84C40A698E4F7625DAB09E91A298CD
        SHA1:99C904E5D9A825B4138EFD196DB475CB205BCA48
        SHA-256:3BD775D97646CD43AB0480B153663633F7561F79C3F621CF5877F6A785B4411B
        SHA-512:1E0C85EB514C63A4E6654D206E1827709A1983D368B68E3D0BFC8EE44CDA2CF2C1DEE4D07E3593D68A5E5C16DED428FCBD570F54B0814ECB5BE60F01A816584B
        Malicious:false
        Reputation:low
        Preview:Announcement.txt

        C:\Users\user\Documents\eFax Messenger\CoverpageCache\Clean.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 1728 x 2149, 8-bit/color RGB, non-interlaced
        Category:dropped
        Size (bytes):31162
        Entropy (8bit):6.41087445418229
        Encrypted:false
        SSDEEP:
        MD5:337DB123E7B10E619E34687CB3B04CE9
        SHA1:60597A91986C9D9BDE82DD555752349FBBD529D7
        SHA-256:3FCAE23EDED4A3ADF45E54A2A8B9682B1E05A1F8EE8BC9AB9340FB783BCC44D0
        SHA-512:5E942333621482BD52DF510EB62A2055D8A769B55D28FB72B871A09DB9949BE06463F65BDDB6B1C6CC82E497B284C0CFB859AD5B500D47139F162E4F6CEC24B5
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR.......e.....O5.)....sRGB.........gAMA......a.....pHYs..........o.d..yOIDATx^...h.........[...m.E..3.8.K....3g..jH0)........a..#.0..."...?Td....p05]Uf1.2.i..JC....7....q.........K.....hd?..x_.4#.>.E...?.g.<x.......F...?......................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@.....B.".....................D.... $ .....!.............@H@..

        C:\Users\user\Documents\eFax Messenger\CoverpageCache\Clean.txt

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):9
        Entropy (8bit):2.9477027792200903
        Encrypted:false
        SSDEEP:
        MD5:0748A063C4D0A3BA3C6BA1895D54A4B9
        SHA1:31AB67E03FC9141B6A5D4115C0BD72DF1248F728
        SHA-256:0636154A7C0E65A3D93DB053C106D5479A8F1B97680675454DA0B8AE96361116
        SHA-512:7A8FF72557DF672EF72570A9A95447703CA1B9F0AFE411154BEB82AC017FEE643ED6BB3444A5FB232D8036572E51DC03EC85DDDF0C9227EE5CF013B511008157
        Malicious:false
        Reputation:low
        Preview:Clean.txt

        C:\Users\user\Documents\eFax Messenger\CoverpageCache\Confidential.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 2551 x 3301, 8-bit/color RGB, non-interlaced
        Category:dropped
        Size (bytes):85705
        Entropy (8bit):6.858437966984887
        Encrypted:false
        SSDEEP:
        MD5:769B5506B3491E75B217D4F1D00482D9
        SHA1:725ACF6D42F869FC191768325496C7BFE19F8B62
        SHA-256:763ABEBBC0838B59B51D17772FF2B70E8DE7533C30F12A4F5BAC9EC6CD16B20F
        SHA-512:41E4E0B10A3749BA3769E0D9B67FC41A8285D5A7A6F1BB87AC0C151E9626B87C170A9E2B2540CDA7983DD0FEB46AA41D05B480637A6FB39800553185F2A65A3A
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR................e....sRGB.........gAMA......a.....pHYs..."..."........IDATx^...|T..7`'.KHD.......n..j.P.Z.Z....Z1.Zk..K7..B....U....V......[A..*.U...U..aMH.C..M..I&.......}fI...I..<'...........1Q......... ..........q"..........)/......@.Hy........D.........'R^.......8.................. N.........q"..........)/......@.Hy........D.........'R^.......8.................. N.........q"..........)/......@.Hy........D.........'R^.......8.................. N.........q"..........)/......@.Hy........D.........'R^.......8.................. N.........q"..........)/......@.Hy........D.........'R^.......8.................. N.........q"..........)/......@.Hy........D.........'R^.......8.................. N.........q"..........)/......@.Hy........D.........'R^.......8.................. N.........q"..........)/......@.Hy........D.........'R^.......8.................. N.........q"..........)/......@.Hy........D.........'R^.......8.................. N.........q"..........)/..

        C:\Users\user\Documents\eFax Messenger\CoverpageCache\Confidential.txt

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):16
        Entropy (8bit):3.452819531114783
        Encrypted:false
        SSDEEP:
        MD5:66AD178C5B4F9FFE1B0C96F2DABE1F51
        SHA1:6EE079EA6687A19F4A41B0A5D376279BB3A1C4FC
        SHA-256:D08AE7B2272704F97ECCC40D9C74D8F9849E158D2EF2DEA9E63124C5D1487883
        SHA-512:0C43AAB402F8BD76EAD54E62205B9392D83E8303FC75434866461E93AF4AADCB27E6258C4C895642EC36E1A185DC599C327554219089FE93BA8670A2D312BFAE
        Malicious:false
        Reputation:low
        Preview:Confidential.txt

        C:\Users\user\Documents\eFax Messenger\Coverpages\Announcement.efax.aes

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:data
        Category:dropped
        Size (bytes):106112
        Entropy (8bit):7.998335211338889
        Encrypted:true
        SSDEEP:
        MD5:1838E6665E490D5939105A29F93FF83D
        SHA1:025DD7B1812ACA8902BFE9A332D266204F00002B
        SHA-256:40C12CDB8423BE4F28C35B039C65A7B9FA0CFE93FD806273431A69D9DF9B101F
        SHA-512:D4E62720D641D6C05BEAF57DFEFD7584AAB3884D7CEDEF70D5C6973B14B08CADDF74DA176D0D56BB0997479AAF3A1147A7332AC6457AEC8EFE8589A6295A9BE4
        Malicious:false
        Reputation:low
        Preview:&~..2.T......ozh.6..x.&...".h......;w1OM.....9$f.e.;.=.J...rE.C$....F..w....d...r.^G6.=Q.=u..E^..~..]=...Q?.x..2tX.B1J......Y..E..A....9.. ...9.t`.]....<..S|..0.'.k....}......7...p.-......D..Q[E.x...S`....n.Z....8...%..H....?9K$.........P...F../qs.I.......H..2....."...y.E....F...hg...pt#5..>).5.....[..%.R.....Kv2}.....M....G..&I.....I....I..G....;....f..s<.....0...!..s.w.F......:.....V......&...z.N..Qn..T8;7..n...2e:..?E2v}...$s....g-/* .....l.....M..}..O....4.....R.q0..k..:.s..|...5<][..*:.B.a.e.2.......).U.)o....n..T...C..w.^_.tT......_A..d..n?M,.8.t4.t;\..?...F%...d...H2.{I(..A.8.....ao.K..4...ts7F...&j...6....!..>9..F.....8G.)....nBV".5..qoc..eE...).b.....(....Ip.+7.......4.U....K.*...v.q{SQ.3.G.....p.#.....Ke(bc.]..o.~7v..c_.F.w.^'.:.+.|..........j...re..0.p..:w..e.O!..3...l....F.....x.&..*+......Ce#.(`yg|.V/...3z{D...N@-.1......:...>.u>W.|........$,.u....]~.L...wSc......a.7@..1s...<.*.E6K.5.Lor....:H...J.?h......St..?.... J..fj.1...5

        C:\Users\user\Documents\eFax Messenger\Coverpages\Announcement.efax.des

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:Zip archive data, at least v2.0 to extract, compression method=store
        Category:dropped
        Size (bytes):106067
        Entropy (8bit):7.990744800395344
        Encrypted:true
        SSDEEP:
        MD5:D7678980EC3307CA6083FB6E4740B5E2
        SHA1:BE33ED6C43BDFD0A8DB86D1713888EB67E913F82
        SHA-256:976480529E1FA38F99712E31CB8C1FA499F6FDB185564FFB4A34CF25C7B406A6
        SHA-512:9D67FD711C7BC2F9D63641F99F837EBD3A7FA9CFDCC03EB4B0FD93A7D533B0ED06108D8EE3D1452F2B5C2BCE25AA89FF074338DB0CD93224B9D9566FB1CE41DA
        Malicious:false
        Reputation:low
        Preview:PK.........}.Q................Annotations\PK.........}.Q.2..............document.json..n.6.@...M......;i]d...A[.A..c..]...&....J.D...@..Cb..8.....A.5[Y...Z."..Hm..5./.w..b.....H..x..\N.L!S....i......VM.A...."..2.A..}.o...Uor.$.UX.u..P......th....+k..I2.fE..-...Yc%K..[)2.r*..g....]P..ye.".k."U.v..F.&..E.-..tD..s....{...2.;..Q.L).;I.r.#T.... ........m..fGt.&.#%..........X..)$P..X..Q...hJ).U.....m(....6:.]....h.^.y.8../...y....L.@V.Y..QZmD.X.+{txD......Lhw_.+.........W.*.k...5...y!..\?$..B.....d.....Z...6.1.&...U...Z?..l1.< {.n......+.KY.....X.g|}.....\.@..-."~.0....xBC,.{..k..Y.T...).7..Z)a#..UoM=...7.../_.E...U....hV........m...u.....-n.....?%>"..P..U.ID.%.l.6^J.........;...SS.&...,N...\X.....:...R...0.E.K.....V...V..s...m..2....%...e.4.6.=.i......f...z&...p.(1.......p.8/.c.....;..v.>...5...w.8.:.m.%!.B.ut.9...q...|....8..#..!..2O....s)v.R.....^.b.I.t..........b..n..n....bF.1....$OwQ.|.sO}...4..._..G.y.5.../...o.m.;....-........~.l....

        C:\Users\user\Documents\eFax Messenger\Coverpages\Clean.efax.aes

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:data
        Category:dropped
        Size (bytes):30736
        Entropy (8bit):7.994187346275844
        Encrypted:true
        SSDEEP:
        MD5:07FBED034C5195F83BB58ECD61BA7065
        SHA1:EFEEFA07438952D928AB2B28E4775F592147DAC9
        SHA-256:7F9EF40AD34753525C62A9C6C39CC23E026C8D5CE5FC08742E2AFB5CC0609899
        SHA-512:C9DD13A90BA637F8D867BA04B87C594CBCD412BB8F4FD5552836064642286C16CF385C061BD362DD505D13FAE6A52FA561A1B067BE2E386B84FA5DACC9E1CFC9
        Malicious:false
        Reputation:low
        Preview:...gh&...;.K......n\..z./^.5ZA.C.......5..Z8...KOk{....O.FO.Z....c...l-.i.T.Wg+EQ..((.S........>-.-[i..gQ...v.N...Q.!..r...XP...s.I7...b....\.._\.R-;...p.+..CF.pk".wK^Y?_...H..L4....g<....}`@..........!..3..p...[......k.....d......xQ.WxI...6..y.S.|..F$.x+,..cZJ].../.v.(*M..Va.O..&...G.go.q6.D"...y..[3..w..[.3..G.YR.E.D....*.....Z..Vp....BM$l..@.L.Q`..\..!x...55..8U.$....M....-..l.L.t4...>...j..W..o`j]2../:.s.=...%..9..]Tl.<\.<.9.|..z... ....xuNA..u...p..].....A.....h..Y...:.. ../..G.pcZ....$..Pj..&......0.H...=..\.m...s^...R..D.}..D.c.0..W.x.@.E...d.vF..m.z.)".............J...J..~R^1.96.@|f.. %..1.D.;...l.....i...k5z|jU....{ .<..Q..<...a...6..l..],j...K....,.I....;j0.0Y..4.......P[....I..../...g.....L7.\...}..7|yS._...........i.y.bEYo..u*eE..uR.#%....j...:...O.A....h,.....F./.U..V...Ar...@.e."._\.#.Y.UPA6..$...Mq....l..m..[x.......V.oy..pZ.......-..V.}.0.M......~Q...'......S...p.9...>..E.qX.6..M:..[..,..(..D.........U...kfz.....u..k.Q\.A

        C:\Users\user\Documents\eFax Messenger\Coverpages\Clean.efax.des

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:Zip archive data, at least v2.0 to extract, compression method=store
        Category:dropped
        Size (bytes):30690
        Entropy (8bit):7.96213356879432
        Encrypted:false
        SSDEEP:
        MD5:31D6BC6F36EB4DC6B049B76AF7C6B54B
        SHA1:CC567E3F0FAC14B5337053D7C94320A4CF5E4E34
        SHA-256:B18BC10F5A4D6F7C9E9AD3239B32F8D6E7AF67DFAC1B2CE12D35FAE4E5641B3B
        SHA-512:71696B465B2732F5597BB6044C9D1B79D08F6565C095A63F8E974AB534931601F9FFDC17538F083E2D4EB68E88ED4070B4937350C18C39A654F77CFFA44A6DA1
        Malicious:false
        Reputation:low
        Preview:PK........UGJO................Annotations\PK........UGJO.S.V....).......document.json.m..6....k..'.y..K.i.]....*o2.w..9N..j.{.N...Bw.U.."..............F..X0..T.......D..|...s.....l.YX$.Jt.........5.....1.o.. L..Q.;.\.F..<..b.....X...B(qj..u.G..:....(.`..1....d..Y.S.q\....YI*.....s*a&..1Q.&.td......q....xS.uGd....f<+"U...|h|.-.HC8.n...NW...S..B*Y........KA'4..z.J.Z.|..aoB.5...@_JC..,.4.hwj..-..i.i..Te..o.n.....j.T$. ..e..4.3..m.Z.....:..jKI....Ig....NJP..I.L......J....c..2...M...X,......Ej.=V....;...U.&~..D..oE..~...W.O..Z.....@.1.w,|I..j......,.....Um...`.{-M9.....:1..mO.....mY..l.^..7P,...a..)Em........z....v...D${..q...;s...V.T[..anH...+.......W..!/"Pl.Y..].....k.*..[..{N_+|..kO.Lo..]m...j......}i.0.K4..h:.>..c..l..&:._6m.....i.}8?B....z...o~..N.....v....q..:.,...I.^b.....W...(..$/D........^....xj....WV.....}V.+....z)..yV]b.Xu...gY....6.....v.........~!..>.....v+.....k.}|'..,Gb...k..7Y.L.9.g...yy..l..._Mk.j.Mi.R..(#=.J=..J...T.T.Z..i....

        C:\Users\user\Documents\eFax Messenger\Coverpages\Confidential.efax.aes

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:data
        Category:dropped
        Size (bytes):89936
        Entropy (8bit):7.997626090743433
        Encrypted:true
        SSDEEP:
        MD5:84C7DD6E41A8BA5353BA717BFE9D5A8A
        SHA1:89011086217E5699E1D0A32086AB5FC7DB518257
        SHA-256:C26A362C82925C581E659F3D568A00A017F3A2CB6C7455C6821F87AD5F3CB489
        SHA-512:330451F0A2EAB1251425B12E5CF3630C5E2878B8CA1375C8AF560533D86DFA1F0CF5BE11DC78C3B75E8672CE3CFFFF29F9BDBA4B7B961EC3A4E5101B4FC221ED
        Malicious:false
        Reputation:low
        Preview:=}..<.A..|.YM.Q]..'..4.."......w/4.........KQ....D?)..>......31H....._t.9...C9.i..., ...8.[@L...I..,o_.......S..w$D.',..e..........".bL7.Q..f!D1..i...I..[........b...:.O...."..-..X..v../...wl..=.....r9.L.*.?UI...DF`.h'.>|.).x...um.....?Im.mE|......K......w.*......N......:.N...`.....E@.....F...........KE#.....S.1_mpw.....M....5."L4.T,.5.]a..`aK..U3&...u....6k..I........z.m.z.\..b..,..~...fp..v.:...TL.S..}...f....HF.R.Y.{/.......n/.:c..z3...`jx...T..p...^.......4.....f~!;.......rowh.<.S..t..F..'.9....=|;.}9...z.B....O.z....o&f\0{.$..O!..y.S....j....{...q...H:T......RW.D.!9?......}...FD1.t...)%......O......*.........d.]K....OW..o.%..u.9..!.M.....}.._.....I~|.C....j..(... .A.y<..C.o&..`.M......T.).&..8..f$,..P ..x.i..;....oEd.N..e.......R.e..H...6...'....y.H.w.....z....C.5..y].J.......?D`#....>..w...s.B.B5...b.t......7+...L.g.....L.$et%bBi....$...7*.XHW..:.)..!.E...D..."P...1..d.xs...eo..=.s.7...C.A{...5....M...t.{.Yz..[.1.1..=.....

        C:\Users\user\Documents\eFax Messenger\Coverpages\Confidential.efax.des

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:Zip archive data, at least v2.0 to extract, compression method=store
        Category:dropped
        Size (bytes):89893
        Entropy (8bit):7.9827375359337935
        Encrypted:false
        SSDEEP:
        MD5:EAA250EE19DD578631F92DBD7AE32E2E
        SHA1:F6DC77DBCF3AB0CE904C0CC3E5E11AB4593B85A6
        SHA-256:65DD509596BD863FA40979BD434313D4FB43279D24346D286AA1D860970B879C
        SHA-512:220A06F684185C1B07BF4134C2CD18C57402389B59EFA5FD1686D0DCAA676D5E7B29B41B21847445479B441D6C1327D0CFD40F80C5A0969A336063B75C8E7ADC
        Malicious:false
        Reputation:low
        Preview:PK........2~/Q................Annotations\PK........2~/Q...7r...........document.json.mO.6.....6r....Np.n{.{..)$../.S9..C|..;i..:U..i.TY.9~...w,.gk.Y..3..X....Z.k:Y..T ...{R0.......j5+.....W....T...rM..A..T.Y..X..?..6..G....U..&R..X..O.&dd-...Jk..<.Y.J.y.c.f....V0.A..C........B.j..j.&.k!.Y.l..%.....-J(..x..K.O.7.}...tL..!(w..u....... ...7.K..[.....u.&....P.....a.,.|.9..[.K.T[%.[.B...-....PW.,0L%:.^..>..........?....i.:pU.T.. tu^.zR.l..k.G-.K.e.tu.......Xm.....4j.9/....d.j....b..n.......e4.....}.K.........&......m.....F.0....,O.../D]m....KR&.p.m...-.J..x...c&.....B,.{....P...*..`g.Z.r....&....4..Ej.....f=T..z....i^.%..../..]+.z.B.L.....l;.?.}....K..Y..w|../...X.<.$./..m8...E...<...T>,Ya.n.Y.8.,Z...Q..j.'O-.=.........J..Z~..B...Eg....}.g....F^.4.K.<;.C.@;=...m.P?.4x.m7.=......xv.y..y.9.f.....t...f.s.xO:..5N.8.=J|.F.........;.98..J..k...T..r.b'..+...(..?8...H.=.1|......~0...v.C.?C.v....+...>vu.<..KT;...w...G3qLv...:..qm...}p...&.\/@-.,v..z...}2..m.

        C:\Users\user\Documents\eFax Messenger\Coverpages\Default.efax.des

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:Zip archive data, at least v2.0 to extract, compression method=store
        Category:dropped
        Size (bytes):91182
        Entropy (8bit):7.991019554761882
        Encrypted:true
        SSDEEP:
        MD5:DE3E72CAB46458A70EA1BAD05A34894D
        SHA1:B9C678B4DFDC33ADF0B28B5E44E9E6BC37C6BA0B
        SHA-256:1932C7E26E99A6F75651D62AAB54C1EB661FE9928A905F03C2BDEDFB510601E3
        SHA-512:815AD8A6248FA6563771BEDF40882BE1E58EF598405DC9F325CE01569C18735878E20BFA1F652A207B81B5E58765B4872FF5981951B9DBD515518957B8A89C48
        Malicious:false
        Reputation:low
        Preview:PK........`;1Q................Annotations\PK........`;1Q..A.............document.json.Yo.6.....g[..o......`.-.Pd..F....&...;.d.>...l.b. .!5.!....7g.p...wne".#.v..h8.?.B....h#..'Y*.....Y\lD.aH.F/.O".E.2C..o...J..X,."....|].8..7/2.3\FI.J.T.#.!.;....3L.$.;.....f.3..F|.d...+...6S.Vhf.uE.".j.#].r..#-FJ@..;..4@...3....2........{GIV,....|.K.D....J.(^..V.'.8.2Ka..3.}.92...|,.a....(_..`6B...w...~..E....i...... .E+.....a..f..^..:n:...P.;.~....Z.....=2.......D.w.....u.`.Jk..4....&c6)..v.~...@.w.E...-.....p@B..y......ora......>...,.j.'.Q.QI..h.r{|.]r..|....m.K..G..q...PGD....S....x.C..|..[....DU..'%{w.P3..J.7..NsM..,0.~...R6P...gw.%.H.|.A...<.`.!..M..8..a.....).........D.kw....ke\m...|..u..U......4N..0.0....|.....k.Q.'<..6.^+.w...W..V.....p..?.T(.'J..._.LO...n.m........<.=...a.2......m.a.c....h1..,.<..>....0.F.....b..y..C.G.k.)..0...0k...dm..>+.43....h..i.U..d#=.b~.b.9....9.C.U....=...Q..V...)Fn;2......b.......Ja....C..L:.r.D..<.)w.....R.".EFI...v.C

        C:\Users\user\Documents\eFax Messenger\Database\messenger.db

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:data
        Category:dropped
        Size (bytes):81920
        Entropy (8bit):7.965281061546525
        Encrypted:false
        SSDEEP:
        MD5:0AD22B82C9764429C246E9B6BBE2653E
        SHA1:D00133AD5F5D5975FAE59E3E8C4C27D84EE3015B
        SHA-256:99E952A9678F41AB642BBA330F76AD41A0E9BE44FD896E03C3B03D02C90A18CD
        SHA-512:E47F142FD50CFB3508D815EC1F66D8570188816E3F2EE1F9A472E35A0E0343FA93CB355C2B0856D40FBFDA0D5D82BC93C6E77BC78757890BE53F0E99AE6F61D8
        Malicious:false
        Reputation:low
        Preview:.HA..Fx...s.v.......#.........1E.3.|...v#A.^.....4Y..Z....5.+..T..G.........aO9.-.1.! %.K..#.-7.fx.O....K.V..r....hb.LW. e(.#. .DHX;z..8h2.{K!..U..{=..;.vF_....36mT.@Z6..${....'...B.r.O.....n.....o..2Q.O..=.u.wj.C...+a..<...)4 e....4o.*#i.p.m...oa.r..o.Md.+..qM.....xaQ..i..o..U...d..M.....".y....t.-?...b.m.'.A.<Z....I.0t.N.[.cW7./..~...y.........."......x..K...y.<9...".iDM.A...7.MN......j..Gq..q.u..S.{...a.?$...{...:..:...1.S...kb...\.^..Q..pz...Y.<......7v|*..!.).....M..x....6.=...5..I.C....P..... .....A...P(P...T...}.|..%).H;.f....LYy.u ....4.e.%....;......A.X.........9.......J.....3..RH. ..Y..9>H.........9..A.q.P..T.}.a...%.S...U..L.nx,.y..`...^j8%..5...%.M.8.*..4.D..%f^...T.^...l....i..nH.n6."P..b....!q.....J,.......:.`.x(9....H{.,D.K..NI,ZmH..~.-....b.b..........V..<.B.dk,X...*7....H....q....\ ..b../.<"j.........1...z......H..#.v{....+..9./..}./$a.Wn<...Y..j........E.9...pK.S3..7...`NF5..mzDv.. .6......c}h...78....

        C:\Users\user\Documents\eFax Messenger\Database\messenger.db-journal

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):12824
        Entropy (8bit):7.889172708057477
        Encrypted:false
        SSDEEP:
        MD5:C0540304D41AB7A7BB953141E093E856
        SHA1:467E466DABC0FEBE8ED5752712CB455E621D375A
        SHA-256:948AF948F1FD56A1AFF99221B8E7D1CDCE19EF544D2AFDDF37BCF0110517A4AD
        SHA-512:1098AC7E346F7EF600D28A0881A18717967FB5A98E89D6E7EABAB38446198F01E78E027A399FBA893DF3968A0A8947DED9DE2844AA7BDB9BFECB357F19AC35D6
        Malicious:false
        Reputation:low
        Preview:.... .c.....F.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..~. ...L.`{v...5.T.....,.B.K...m:/........*...'._...%^y.2....3.-..=Qt.Y.m....."..aO9.-.1.._..K. ..-7.fh.O....E0X..4.C...8h2E..|b..~%.,OE.X.zN.8h2.{K!..U..{=..;.vF_....36mT.@Z6..${....'...B.r.O.....n.....o..2Q.G..=...fm.l5.y*...Y.{.ZUG.....\..DW$.........}.....9v..n.Z4m.[..#,4.x..}...4{.........D..k.-SG..T..vN..;*&.~...h..K....u:.b..(..0R.K,.;...8....h...O..U...>(k.?....h|..5.l&TJ.Z..VBt,,.....b...".....6.G.Y>/...-............6.^...Wt.....9+.M......q..$5..S..qY.

        C:\Users\user\Documents\eFax Messenger\Log\eFax_Log_2023_09_29.txt

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\InstallHelper.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):6534
        Entropy (8bit):3.580453429708143
        Encrypted:false
        SSDEEP:
        MD5:FDAD3CBB28CEA42E526B2FB2A71D8497
        SHA1:42471E5E9092D0FA17B9B1701A8FA15A98CFE140
        SHA-256:DFAC5A8D188A2292157DC954D97B6DC36A338B5A4102A41B1E39A45ED518D1FA
        SHA-512:C1023AE4D54029BB8531504DC410022E2D2A1D426842EC3D9D30721116905146F1E04E7A523A77A8FA4DF3C1791C38C8CB1D49CB493DB0527ECB63886E191F37
        Malicious:false
        Reputation:low
        Preview:..N.a.t.i.v.e. .l.i.b.r.a.r.y. .p.r.e.-.l.o.a.d.e.r. .i.s. .t.r.y.i.n.g. .t.o. .l.o.a.d. .n.a.t.i.v.e. .S.Q.L.i.t.e. .l.i.b.r.a.r.y. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.e.F.a.x. .M.e.s.s.e.n.g.e.r.\.L.i.b.r.a.r.y.\.x.8.6.\.S.Q.L.i.t.e...I.n.t.e.r.o.p...d.l.l."...........S.Q.L.i.t.e. .e.r.r.o.r. .(.1.).:. .n.o. .s.u.c.h. .t.a.b.l.e.:. .D.b.V.e.r.s.i.o.n. .i.n. .".S.E.L.E.C.T. .V.e.r.s.i.o.n.N.u.m.b.e.r. .F.R.O.M. .D.b.V.e.r.s.i.o.n. .O.R.D.E.R. .B.Y. .V.e.r.s.i.o.n.N.u.m.b.e.r. .D.E.S.C.".....I.n.s.t.a.l.l.H.e.l.p.e.r...e.x.e. .E.r.r.o.r.:. .0. .:. .S.e.v.e.r.i.t.y.:. .M.a.j.o.r. .[.7.:.2.0.:.0.3. .P.M.]. .E.r.r.o.r. .=.=.=.=. .M.e.s.s.a.g.e. .=.>. .S.Q.L. .l.o.g.i.c. .e.r.r.o.r.....n.o. .s.u.c.h. .t.a.b.l.e.:. .D.b.V.e.r.s.i.o.n.....S.t.a.c.k.T.r.a.c.e. .=.>. . . . .a.t. .S.y.s.t.e.m...D.a.t.a...S.Q.L.i.t.e...S.Q.L.i.t.e.3...P.r.e.p.a.r.e.(.S.Q.L.i.t.e.C.o.n.n.e.c.t.i.o.n. .c.n.n.,. .S.t.r.i.n.g. .s.t.r.S.q.l.,. .S.Q.L.i.t.e.S.t.a.t.e.m.e.n.t. .p.r.e.v.i.o.u.s.,. .U.I.n.t.

        C:\Users\user\Documents\eFax Messenger\Stamps\Approved_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):5106
        Entropy (8bit):7.910497273456584
        Encrypted:false
        SSDEEP:
        MD5:68ECDD768B770A889349BF69A053E623
        SHA1:0CF657983C578EAF22726BDF55483D631A50A204
        SHA-256:DF0ADAE2307D88F2F7FA566DB1C2DC29614D06D54781E67C0CC4CCD168A2C9FD
        SHA-512:BE850D5FBCD1044A50FDE0A3DCB539E580088FB18782BB64F5D62685B243720DB59FB77FD6F8EC9041314843762069D847A24D07FE3C26D32A57A50434FB4A46
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~.....IDATx^.{p\W}.#.*B.%YR......CR.1....C......>.Gh.a....D.N..Z.........8m2u....%6.........X2.I.elK...[..+.....]...w.w......3....=......=..2.k...t.^.7..c....y..@.......D...Oq.k.cB.Y..@.64..Fq#..D.h[#..-%....,..17B.....#..'...B...G.q...w_.';v.Y+G.!.F.~.#.8.....,.8B..P..!.B.#.8.....,.8B..P..!.B.#.8.....,.8B..P..!.B.#.8.....,.8B..P..!.B.#.8.....,.8B..P..!.B.#.8.....,.8B..P..!.B.#....76-].tEgg..K.,.....^..E?&d.u.f....[....Q+....?.p(..G.F...~.:..jkk.......&...".......|....#..2.........x..mHw....w.|P...9|.....-D.5::.c.u...&|.......9..h....&.}.F......f.{b*.@p^..8qb\.._o9w..`*....r.....Q"...B...pA^.Q3.lk!r...@.G?.J..2...#.......C..../I......B,6.q..{..O.EB.........=....,.~...{........A.6j......\......U*.Y....?y..).V.zK.A...M.x.P.........&.......Z.s...K...?D.Z_8\3.._X.s.(..!.......q....@.Z.....].. ...97i4..k..Z..X..........A..g(../_T8\....b.....KJ....7......z..$...!..2V..@..

        C:\Users\user\Documents\eFax Messenger\Stamps\Approved_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):1618
        Entropy (8bit):7.811634480854561
        Encrypted:false
        SSDEEP:
        MD5:184AF1DF1E65C65C2D3F542351668DB7
        SHA1:FC657ECF2918EC6EA22A8A5E38EEEE2D2465DCBB
        SHA-256:97C2EABAAB987BA844B59115F6B33C1C7B73048259C8A0D223114A0A7E0CD41C
        SHA-512:ED805B8C475B767631EE6F64A3A924B4CF531E9B7FA12F52CED8A2ADB51D6AF8E95B68B34FA36E69BD97FB467B2534BA0BBF52FD848D117FE723A7CEB33A6EB3
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d....IDAThC.ih]E...^...?..c.....b...e........JA.E.EA... h.((E...B......*j#j@..1..I^.4.K..{.8....@..8.L.93s.9...Itttd.<.NR.g...x<.....x<..;.......d2y......+...'.,...~=.HT..2B.=>>.30M..{...l6;......Poo.....[=77.................n.}....#.;i.....I..@.^.2. >^.zQMM.{.._.K.>o.r..L...e...R?.x!.N.,yy.....x`..=......+....G.....}.........UVV.! .kv,."AjPS.t..?.f...2..sj....^B..h...x.w>.v,..b....f............7K%....X.DUo.. t.S.~w..z.{..MMM.9A..I."....%...UC.Q.T\...".........Z...l.#.NM....@.....Z...`f.m.tVTTT...j..7.....,o..vV...t.c8M.....-.jU...~U]^".....q3y....r._.m.D.M.W.*t........).Q/j&..hnn.P...###....e.>]U.....!..C.....4....m.wu....p&....Yv...4..T..n.tS........@.[j.4G........15e.]..|..4.BJT.w..j.>F.<.%........0a".<./`_.NM.u..I......_.fU.en.e.Z.G..._...V...8.......2sU......9./.9..TZ.x.u7...9.%%%.T.....D.[.=...z.6.....?>....h>"3.......pR.l.6..M*.........|....Arg.....+....

        C:\Users\user\Documents\eFax Messenger\Stamps\Cancel_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):3246
        Entropy (8bit):7.824403397917457
        Encrypted:false
        SSDEEP:
        MD5:CD34B0D243D17DA442270A0FF0E1B9D6
        SHA1:5564EC877FF2EBEAFD159EDBDE9AC2E3EC205F96
        SHA-256:ED2500DF2E55A08EB024AAB28574EAECC745C825A1E31BCC126F25FDC1FFD9FF
        SHA-512:E498FEE03751EC3AC2DC73C0A9DA3E2C98619BD2204E4CB5E0204534D3CF6F5302623390DFFACB7C92830F0965F5E0B877F49C91D21AC531DC0FC8EE7434C557
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR.............=..2....sRGB.........gAMA......a.....pHYs...........~....CIDATx^.g.mU...J.#.P..1...Y...F......J..E@..+.J....R.Q.X..[bb4..%.,?.%*.......Y...9g....'y2p...k.......1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..y...l/w./.;....t...nrW......4s..l..$.3.rOy?i..}.n.YN.....b.........X.[.$...8UF...)....S.c.'.....?X.. ...Q.O...NiV@.....Q..P......t..{d9j.e..qr.0...a.n...e...z..x.\k....H.!.,.a>_.w_PS.*G.!$.j.Y.GK.z.....z.\d_.2....h.......z.4G..~]..[...GIF.C.+......a....s..o........I.=Q..e.2..&$...A.B|.a..(]~Lg+y....I.5g...!..0#..I2.*}...BF.......?g...s.P."..{!.W.......zJ.....+_..C...`.G.......[...].H}..sM...>.\..~....I.3...g.1.~02_#.>....meu.UF....F.m.u2.>}.l.6w.N.?3A=....<t.".....O_..8m...t2r.<Wrba..f....o..e.gU<C2...9}.D.bI}94.Oo.Q.3...hY.....Q.$..!..3.^F.. }.Y.jaRr........&..9..\.U}_s...2j`..u..Ej./.mY....,...Lk...x...~.....A...K.w..Z5...Vr.G..-.,......a..R.: ..G...!._.Q.2H..8l.a..jj..f".9.....|..|....%..3......l<T~MF.

        C:\Users\user\Documents\eFax Messenger\Stamps\Cancel_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):492
        Entropy (8bit):7.287457726061327
        Encrypted:false
        SSDEEP:
        MD5:8D4666835A5A94EAA63BA04A0585BA5D
        SHA1:6527CA390A9E32F858DFCA9BB71C9FFBABE28B29
        SHA-256:F6A6BFA62CB0288A872D3B631202A20A9AEA6706765D0B0450EB1C13A1915A4D
        SHA-512:811FD1661FD7AAFBAF2BB581FC3C91444EA386BB7796469ACB84E06511135609B8A9B541051318C4C257C46A33AFD33A6B5A9A340901A65E96AF4C03C9E38723
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d....IDAThC..n. ......q..G.%.\.\.3.;.UT...'.(.$I.$I..l.so........D2JV.T......`}.F-Y\...-...Y..L.&~.......lg.["{...Z}l..=. "3Z.....#.......Z..>.`F.^.p'.$".N.joI...@.Q..dJ.p.EDv..d.*.@.?#[.s.........].{..U.Pm=_.%.so. ..JgD..va%..aMt.A...w...,z...U...N..E.=+..57.#"Y.#.....V=*...G..a....|2..e.V{VTD.}.q...4...}[......'....-.SG..m..Kp....}...q.[.!...U5..Z%...]+.^c..&I.$I.......C%........IEND.B`.

        C:\Users\user\Documents\eFax Messenger\Stamps\Checkmark_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):2426
        Entropy (8bit):7.7697813477769575
        Encrypted:false
        SSDEEP:
        MD5:37C0B33785DD4327EDCFFA8850F1C244
        SHA1:841FAC37DFD59C5123BF4E7D62D864E283B61DAF
        SHA-256:245D2EEA37DD3B22C5ED69EE0471686A05BEDF99072D3299B26314584F1E206F
        SHA-512:E7BC5E780A6246CCDB631C041A887E8AE3BD852ECB7BF8D1BDFCEC10C0F2176FD85F32D1029FA01F8146A5059A57ED75E90DE4A011C70F14993A2FBADAF240AD
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR.............=..2....sRGB.........gAMA......a.....pHYs...........~.....IDATx^.k..U..GS+...p...C9....).&QT.-%..>(Q...@?.x.BQ...,/D_....u..S,M%.#o.Xy...9:n.3g.....y......af.>.~.~......................................?..b...<A.!../K....H.).^.?.ar=..+..5.y....?..z....9..3.%o..K..l).,.@...... %^7/.Q...*.u...?..PFA;.^k_ ?$.Rp..._....&.K...(W.(H..I.H.4...n.....<Q...../.QP.....H..06..Q...^..t.k3^.Q...9y....'O..Q.u....9T..u....k..v.f..02.$Oj..\ .F..X... ....}%.:..?.E.......M....j......W.]...j.;`H..P.#....Tk/.....u.Q0....%@...e.L.u.........|C~I......2...z-...P...'].[...(bg.(.Z.....(...{d.L.....J.".n.TF..Z...%...\...k......klWK..$O....2...<t..P.F.72.....p.P..g..f..s$.f(.`I..&.w..CF....%..(.c..Q0..;-{I.".'ON....+.&O..<.B1........@.~.zLF..ZW.}R......o..<....yb.....X.`j.........D..Z..=.....[f..e.<...(...L...v.<......(.Z.]L..b2'O\.G...q...2.....P.P..?.Q0..ky.6.b..5yr...6(f'.yl.G$@........O.el...usW.........d.H....(.u.Y.v.+....|T>!.`j.J..

        C:\Users\user\Documents\eFax Messenger\Stamps\Checkmark_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):478
        Entropy (8bit):7.175943719138904
        Encrypted:false
        SSDEEP:
        MD5:19D2B084B03F0769F2B8145DB03488CE
        SHA1:D3960C60F3C3CBC495AA96158A4B414832CA9224
        SHA-256:5F51044F45CADD78B41A51FDC8E22EB9858378E63A9657ECDD29D0524C7AEEA7
        SHA-512:8FD7FD804634BE4F1CBF8FBF7159162FC4C3DE66BFEAAB007C239B5FAB7F5791FE0242F2613C01190678AFF4DEEADE3600A8E59D7D9C1537CAEF9F6702ACEB80
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d...sIDAThC..=J.P....WX.`!("..`..l--...;+Wb?X..7a-..-..AP..=.$.>....r.xIFbs.8f*........Z...A,!.9t.d.~..#.)zClh....\#6.O.."6.o.I.9....$b..^.$z@l\.$:ElX."..6 ..w.$...w..0..KdCN....7..Ks..'.f.\._...~{(|OW[H.O..ZG}...+$.=.aC...z.=L.....B.....k}...)6R....#v...wP..Fl.v..I...I.5.F...I......9...y.{}....r...~...4.Fs.H.Cg...%..v+`..^Pqr...].|.....1.I.@..#....F..OEDD.PU...o..........IEND.B`.

        C:\Users\user\Documents\eFax Messenger\Stamps\Confidential_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):4068
        Entropy (8bit):7.871263024440128
        Encrypted:false
        SSDEEP:
        MD5:330BAE75C7484054E20DA5180EEFE35E
        SHA1:4F477F77E57D57D542390F7C6DD673440BF736E3
        SHA-256:AACE6F555BA3D41528987092350E6C9CD0C396DF708A59409A0BF57121557134
        SHA-512:AA99781307436A9DA588B151F2EB55CAAF81B55D309B80D2B982DAB98D4BD1CC638B0AB007B81F5B833E541726FA5CF78D1CD0B1818A2B4B1B5A64BF70675574
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~....yIDATx^.ml.G....9v[.....&q.CQ.pI(ii).iQ...../....Tb........"..Q .../B.hKZT0-)....B!M..\...wN.$w..?w.-..;.{.......h....g..3...U.....h4z?....d.!..!'.........x....,l.&...g."......b..m...-%....,..17B.....#..+...B...G...............#..R.K..#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.XKU__.....T........833s..j,jA.UUU.B<..F$.y........E:..m..w.&..1....."4"$.F.............2#...W..J]].....iMf.qc.._...ls...i2....K".xS..+V\z....B.&&&.P..:.t.jkk..o.>.k.....8.Y...w..1=66v,......*.J.i.....###.5...:.e1..."p./o.....D.n$=..N<...d2.Lv.....e.x|....\....'.....}.MH...:t.&]A^.b?........d...".....M../.twwG....iT.m...L.;...r.......A..'qL.Fx............S.c.;..544... ..w]._i....ID+.)w..8\...x..'.....G.E.K.B.655.7.N...|.IOq....O.b.=.!.. .k..;..T....7..kB.....?...|..J.....-r....

        C:\Users\user\Documents\eFax Messenger\Stamps\Confidential_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):1427
        Entropy (8bit):7.790149679397547
        Encrypted:false
        SSDEEP:
        MD5:3EB6AEE3B2F1AEC037CB3142F953AAD8
        SHA1:C6C3267B84EE0617F8D75D64F725FB9CA2504729
        SHA-256:C7284DD15C191BCFDB474BE62115925DBE900DD3DEF4F94F3B53DD3BE1876BD1
        SHA-512:4AC640F5C8E61F19A1F5ADEC8C5895ADC7FE4D44526E3B5A589DF283BA540E6503E44B615F0E5C9C03893AB721B4B3E1F4E4B161A09885222CDE463D70B7F587
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d...(IDAThC.Mh\U...|...cB..0%.+UD..P.nDA....V.EQ...se.\D.(..A.....t...jZ....63.d.4..|...{.....$.du.p.{...w..z.&211.t,='*..cl.-...b.X,...b..".......E=......-S.344t.D..l.......}...r..:.|..............:A...GFFj...U.*.|B..&.-.-.[.y........*.u%k.+....j..../...M..u.[.+....8.e..>.,,,.....C..)..h4z.........)/.....-...nB..WB.AyC..~..#..k.r.0.u.......4`.e2.....3b{..%...Y.....j3.v__..B...>88XD?3..q...O...29.N.wSA...E.*.i4.'Em..xE....:.xD..!:00p..[.....Q...z..A.Ut..a<.+.&..9.'.....c.zW...n#D..}..N.`.82...4|N../...a>1.....>&.{Vg.=<../.H|.-..A...,..\..@.f..R.$K.F.........2.Z.....(.^.`6.....$1w..;"*.O..:}.)..~.fB.W..`.:J....bj...1Q...B.6>..G....t..D$eQ..)".E.D.;D.N#q..Y....7..'M.s.f.'-.&..m.O.3..k.n....%|U0..UFM...k......'.F.u....h.3J..;..k......t..e.~J..=.pyd..X.q .\Y...53....E.t..D....E*p.)......_.\.L.l.|.J.IJ..B6.....6..U...Fz;...c46M........dZ.4.....v<..th?..=&.9....>...YG.....$O.Yw#..

        C:\Users\user\Documents\eFax Messenger\Stamps\Copy_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):3756
        Entropy (8bit):7.894344659426354
        Encrypted:false
        SSDEEP:
        MD5:159ECF8ED61729C9545A4742B966FCB0
        SHA1:E8F7D553FEF409BE4B7B47E50AB17C93B75A8EC5
        SHA-256:2E87F9A602D379E91205484F97FF6C4FFA3119ED023886CC920BBEAD0EBE1A73
        SHA-512:DFEFB3E817945ABFEC93F7E4DEE506F3CCFFC7CFE9111D5F1DF294DD450A01FE58F74AB685C1914718988C4E8DEF77C595F7ED89EEBADFAE7FE0E4FBAEA906D9
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~....AIDATx^..yl.W...zwm.vv}.q.6@...%.....2P+.rC$(.(.@. .]uA..*@J[.. @.......6-.K.....jI...q...^4.......y.^3o.......F........Qs...sc(.....,..:"...Q,#.t..h4:V#...V.e.&":.M!..d..p#"...l...vK..L........6..#"2......#"c.....K......rDD..).8.#"c1...X.8"2......#"c1...X.8"2......#"c1...X.8"2......#"c1...X.8"2......#"c1...X.8"2......#"c1...X.8"2......;Ml.iU{{......577...Qo..._..swww.].v=.;....mmm..qc.<LT.xg.*.B.E/.......g.(v..555.b.;.H..V/..O....KQ^..-.@..w......../...b....."...x~.4.b...inn.x8.>8>>>!.KB8.`{.......=....i.q...Lf:.J."M.S~1........vk.;.p.`..b0.MViS........+d.+.[.....QYe...o..Y..A...~.................wI...o[2.|T.y..m..8.Ak.=....^..&y.)...ZE0h.G....%...A..!.....A.W ._j.)x..<........@..P.t...G0..V._oo..Q.Y--j.[..K....M...@.TA..*.@.*..7P..46......5.t......mX".j9T....I......@...+eU.........R.A.e.......&U.........;......^..fI..m.m.........s}Y.....P.m..Zc.........R

        C:\Users\user\Documents\eFax Messenger\Stamps\Copy_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):1107
        Entropy (8bit):7.6660265601564
        Encrypted:false
        SSDEEP:
        MD5:FC7E1081B5B93AD3E6F2B7FA0BA7084F
        SHA1:88C171C0436544EC6C9E1F2C4A0B9B547574B589
        SHA-256:10E06FCB684D82A4BB54795E7AFC7066C1A9A19645B4A9AA47E72D11D621DE61
        SHA-512:E28773CEAA2EB2D1B65F0E8BB2ADC58BA360A31280A3C8F82BAAB607ED7F9C0B81D6286DA8C41008F004B080944A58BF79863CB584E54272FA9BECDEFA1291A6
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d....IDAThC.Kh.Q...I.P.M.]...Z....R7]...H]..A.....M...|.+.n.hAE...Fj.w%"....:...sf:.4.En.x?.=.9s..9..;..H$...t<l..Q.V(...B.P(....7[.....U..hA.q.&...H.P...'...b.A......|..L.6.D4..E.,....v.......L.....u..m.......B].wC..>......m).........9v.@R..'..a@J..^.<F"v.@..+...6....@..;+p.s.w.`t....A...`.R...@......0e....*+N.'~..:&..............!...6"..b...'..@J..v.T..V...@%n`W..w..Cl......+.g/...x ....q. .G...Mv...aM..kr....&:...X.Pao....O"...4.!-..d29'....:.w...t...C&...i.6\A?.9...x....&.T*mf)@%M....Py..v.i.$.1..'..`0.'..n....4...k)HM4Nz%K..*...mf.......M&4?7.........`./.R.".X...li..d)....IFY...fY.......y..r..|.+*..b......e.`vv..Ki.hGb../.:.X........`.~....;.R*R....c...Y.'.rI[{.P.Ta>.4...I.!..S....b...........DO.4..E@s.."..?R....b....q$....,.> ..o...^,p.m.+....Z...d{zz."..$....6...zr\rHM4..*...A.......(p.^fi...7.%Y7..!...?.rI!;.......~G..R.T.;..y.........`.....Fz....0....9T..+

        C:\Users\user\Documents\eFax Messenger\Stamps\Denied_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):2217
        Entropy (8bit):7.75121840674992
        Encrypted:false
        SSDEEP:
        MD5:7872AD194DC1A439AA13CDC198C5B632
        SHA1:33BB71B4A9E875FFAFE4AFC3236A64BB7F919C4A
        SHA-256:2A27AFD9EBE6716E7DBE5F0FE8F753E99B3461B1DFBC6CA5587E97C07C0A5389
        SHA-512:015A6F8AC93EAA69A761BD5A05E50D46EE33885330D329610A370721EF08B8365CC94965F4384C121A092C732B7B42D1E768F55C333BFEBDDC39E5525129E7D6
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~....>IDATx^..o.#w..q....l6{.wkq....{p.J).T.,R....B.'.H.......\K| }R(.......(.Z..^A...@h.UW..8.nIf..{.d...gq{..L..%.._.c~..&.....L2..> 'O.\...yZ...;.y....jg....Z..(.p{]3.vo...+.........8.....`.J.p.....;.....8.f.p..*..........s..`.../....E..0...`....,...Y.....8.f.p.."...E..0...`....,...Y.....8.f.p.."...E..0...`....,...Y.....8.f.p.."..../..c~~.....}n.Z...*...J..v.}icc.).Q..$*........o.Z....z....}i9]i6.?w.]sss_.......e.....d..1.z.A.E..C..=M..X.K....sZ..z.....p.....^.r%..v.}N.....h....c=../{......c|..w)..R`|....}...!7...rK u.......#j..t:ok.=.......)..V...8..d..D.MFQ.....W..9....n..X/^.p...=...u....w.Y..v._p]d.R..B.M..vy{{.)7.V.Px....%7DF../...P.~.Z...A.k..>}.3n..Y.._...PR.>....^....a.^| ..D+..j.T.[jO...Mo.%................7&*.?EQ....S........u.......w.~...y=.....D..#.k...C.O.B...y.\.Z.....7.LE.9...V.....mkkk[.!F..:=......K..^..V..\7.O.i......#.[.d.....5.M..n.

        C:\Users\user\Documents\eFax Messenger\Stamps\Denied_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):925
        Entropy (8bit):7.657573681391945
        Encrypted:false
        SSDEEP:
        MD5:BE026467BD0737A5AFBA421BEF6FC1BB
        SHA1:4A5F41CB8FCBEDA15634EB0AE2CAAC562CDE193C
        SHA-256:9305505C25357B3D4046B8D4903A4C7ADDF4DCBF2F4CC44CEE75220CEECB96A2
        SHA-512:5E52F5C09AE7B51720F929C1C50A959C9D52FF82F01FAADFCECB41FAE8059705E06C18F3A904DB33C8F91D620DAE5F157C2A68766F389040BBF4344D7A587DF2
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d...2IDAThC..k.A..I......x.EADDA...(.=...<y..?@O..H....^D..QD=.".........gf...f[...Z....}....7.....*.....:qZ!d$. .. .. ..;../2..eY......../.V....N....UW...\.7;....A.5..J...b<.?H......6.=.|..q....f_..wp|.._..8~?.#......<.=...h..<.....$....Z..._G..n...........(......8...X....t.A.A..;...8..`...{..+.!..:O..kW.....^...2...Y...4~.....@.I&.;a.g...w...)....i...eJ.t.....f.J..h.:d*..o.4n.....V.*=..K..z.o......&7..~.9.\..6.r....*.s.c..t.Rz&.....r... $.H..L.o...7.(=.J.K....f....Z......69... ._.5..<k..?.q.mD.V...M..C.j?M....[.b.-jGD`.:.*.c.....)p.o(...!.Z.~.UJ.u......4P{......1..-....X.(........}d.+8...0.W(=.J.......2..xM.(.y.H.Ha?)=.J.....Pj.......q.2JN.j.....F0.......f<..(....U.4..J../.....=...u....*......V..0.......A...e.@q...o)~.k1...3."u`p..).d......uA..A..A..A....PD...C ..H....G.9......IEND.B`.

        C:\Users\user\Documents\eFax Messenger\Stamps\Draft_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):3008
        Entropy (8bit):7.837499255797118
        Encrypted:false
        SSDEEP:
        MD5:B32A8DC73E75D7B4A274DA824D81BB78
        SHA1:268B4CDEC274BF7608B1631E06FCD8EDC77724C6
        SHA-256:D22EBE7AFAB03363E88180332BE636C718654E1F9581C0DBF1776F1E78F6CDEB
        SHA-512:0788324F4BAE696BFEB858C5858FD97D0119C3D48B399CAA7A3703D04A40D1520CAA9B2BC67437608C8100D190A1E0312C63A8DDA4E6264805D9CC8E3AECE6EE
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~....UIDATx^.....e..qo......mm.U....h...@.Q#......(...!..G...cL1G.....@.E..US4M.`..E..+...vW.ko.....l...3{sw...W.d.gnowv{....<3....c.....[U.2...@.:...Z..0<<|....1.,....:.BnS.zn.....]..Tq.R.....p.s...!.p..$..@..8......=n...o.>?W...&......... X...`.p..E...... X...`.p..E...... X...`.p..E...... X...`.p..E...... X...`.p..E...... X...`.p..E.....l.....M.........tuu.www.W...J.2a?..m05.)..=.3.ry.........=.....R.V.....I.B.e..F....[..5.D\~.p)........V*^P....;SSSO.WE[.mp.#.A.[.....-..g..o...\..A..ok.Z..a......:.../...V..Z...........Kn.B...$.....zG..>.B...v...k_fU 1...r.......Z.v.r.O.q.._..b..{x.U.S...C.......<33.g.5.l..v.3;;{.5.....jb...X.H......7.=z.k.\NW...$.-$..\.z....$B.u..._....Xs..j..-^'.......s.....0.m!.:K..e.....B...I.....L..0.m!..XWW.*....[U...I.T].~.....m...7ky.J...&.e...........-.KA..W.\..R..Sk.So......z}.z.+.....nC>.w=....u"C.xK.\..-.y..sn.f3.T.V...\.r...?..-%...=}.

        C:\Users\user\Documents\eFax Messenger\Stamps\Draft_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):941
        Entropy (8bit):7.677972956335889
        Encrypted:false
        SSDEEP:
        MD5:3FE0B102D374B0FA007DA07C2FCB6BC0
        SHA1:DF27BC3B947FB23BCD8FA1F88CF52443A8415689
        SHA-256:4254462BB838544CAAE223C37916D9108FC5286F7DD5DE2B755B1BB0FD0F9F4E
        SHA-512:279BD1BEF33691B135942C717B50750DC762D4D41C5BF1D403F29679CF3DCC505105852A88FDA1E738527FD1529C08202EC7FE7975998C9089A343AD958B3C57
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d...BIDAThC..k.Q...Z..C.U|.n........X.....PQW..(..B...D.."(.......b......t..o....4s.x~p9.9sg2s..3w.....qbB.$h...D.. .. .. ...i;B...#.&s ..O9.s.R..`8...W....t...D".\..a. .w.......Q.c9.....o.m..&:...........X.}7......yj..;.....A?.Z..#.j.k...+H.i.mc.[.:$.,.b.......8Nk.J..(..H......N..2.....d2..=...h...`..T...........q>.p..^c7.Y/...cK"...M.8bF..E...=..m57.Q.f=.q,$.(n.......7..3JG......k....%a.tTi5...I..P*R.....\..N.V{J.f.F..V......2.M....U.....i0./P.2r.R............7..`...[..I...OS......*......T*.+_....J.....,..jN.v...m...... .i${..".X.Z.._...v.V....u.#.B....Zc_s].*'..(......K....]W.....0.7<8wq...$.#.x.@90j.B...'q..1.A|..x..yn..<.]......J.S.Ht..7h[....A..F_..-x=.}...D.hL.q4..J..o..,u3..Z...]j...G.6.&.z}7e(.b.xP..,.f.k.z<G.=.5.4....R.I..v.Z.~.......g..N.V..~.T....A..A..A..AX..g!K.7.KH........%........IEND.B`.

        C:\Users\user\Documents\eFax Messenger\Stamps\Faxed_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):3453
        Entropy (8bit):7.858630039197973
        Encrypted:false
        SSDEEP:
        MD5:6F9CC0FC4D9E5229FCEC254FD2658971
        SHA1:81224EB5566FD0D017C888DC169C3242FD40D742
        SHA-256:CCB6EE1615F8BB621642AB73CDB08ED754FE6A928590F91C0AA9DA62660F1054
        SHA-512:9918701021DE9D649B9E5228B1D5DA0CBB3CBD431CDF420FE12E1954F267BE0814950A842E5D486C2D60C30D13A9140839F7FF145073BE75F648C9933F250635
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~.....IDATx^..}lUg....."p...pW(..L#..7..8#..D.4:...A]*.j......*.[.d..L...e..d bt.E...6......2[./.}......<...r.....<....}.}..Zv.l..>..nA..S.ZFD.Bg0..f.......$..aaM..DD...[^.=7....Fe[9.jXJDd...p..FD6.S.GDd%...Y..GD.*kii.$.6n.X8W...J../....Z.8".......#"k1...Z.8".......#"k1...Z.8".......#"k1...Z.8".......#"k1...Z.8".......#"k1...Z.8".......#"k1...Z|.}....._.t...^..X.....Ru....[VV.P....Tj..].g.hyy...jUTT<............K.D.........Tl.R.3....3.D"..l.#.Nw..D..b......8..c...s...G...p.Bc\ Uc......Z......).ja...:.).a...w..... ...Tl...j.. .....r..D..CT.$..7O$...2.)EWX.V5sjzX..R...Vt....w.h.......N..d29.YLAc.Y..t..}CoK.p.E..P....X-.Q....k[....TmS..l.....s.&e....g.4.{.....^)zB.~G.&.c8z.....s-...R5.z.V..X188...f.,..0..RJ.]_[[;_...z....R..;LECV.:...g.,X.S)[........U......dR..y.S..L&.....^...3<Eo.....R..B.D.V.R..p..........f4L].t..Uu85.U.g....k#..[....9s.....|..R..0.,.....#....

        C:\Users\user\Documents\eFax Messenger\Stamps\Faxed_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):1041
        Entropy (8bit):7.718665634762927
        Encrypted:false
        SSDEEP:
        MD5:43B197A47B6C63B130028C33F4B57344
        SHA1:1E9FA0CA14829651EEB1B2BB6D9BB48B6CC5CF2F
        SHA-256:7D677BC583128064DDAD7D9CF93C4639A255392E9C5CB551761E9475A382B434
        SHA-512:7F30603FF10556210666D6739541C0D73ECD6412B74F48F08B42A289A93D6C54D733B88A1C0DD7E83C75DD556F0E98404714BF3BAA6C5AC070D2D920385CBD68
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d....IDAThC.?hSQ.._.D.6m .....8..!. BWE,u.....(]...p.......:. .I.+B...:."F.$.I..}.{&y..&y)...r.s.}.N....$....i;]..6....h4..F..h4...mK....J.,.\. ....w...l....|.L&'.....Ru.k..cuuu]-.JC......b..d2...f...T*..$..q...m.-M4.....|>o...x\.,.r..c....E...../b. ..Hc....... ......>g...c.:..h...r.<J.@B.Q*...0.y...M.V2....R7M[+...9J.l6;%6... ..*h...|.4*.$..".H.P(..J..P..#.......!.n.T....;...O...WW4.t ..T,./C.eX..s9E..mM....P.....t%A.L....}.....|.....D#.;...tm...D.+..$.).sJ3&|F|.uStl........R%.4..aZ.H...YZZ.JiQ.n..&Z*...`.../.,.....Q*PU)......P...t.`jzW...r..T4n.}...2>.0=.5_.r.R. v.r..D....T.........Z...W v.r...D.C....f....++.n...r.lBR7.f.r.DA...........!...#.5......}......M.....P......z.{zzV.$.I...)....RM......!.J.R*....W...z....O...}....ya....U...B..X`.Q3....t<T...}@b_.W.X.).........v.1R......sA......G..~0^...U...[.[..7$f5..c.dI.zE.Bc..\D.......bLO!/...4Y.. .g([...,.QK...h4..F..h

        C:\Users\user\Documents\eFax Messenger\Stamps\Final_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):2212
        Entropy (8bit):7.73800696503001
        Encrypted:false
        SSDEEP:
        MD5:22DD57CC280E603D4E832B8A8841FD73
        SHA1:C9560C5B8FD6E154C1D477F38E82D2ED2EFC9A95
        SHA-256:3DD853B767C9EE749453695EDCF5B780D7AE61EF079456A1D286955013D4145F
        SHA-512:E389D2499821DEB5405B6274BF79356E25A91960A8BBEF1ABCA06A5331F08EA8BF89727BDCE6CE94C3DA19B4E6487481504213CC0AEAD2C1FBFE14D01A4EFCAC
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~....9IDATx^..Qh\Y...IJlt&...6]Q\.l.........CQ|..}....>.T.7_D.}Z. .VS... X...6u..FB..2....$.w...$mf..3...|?p..?..3).s..N.1.r....?P...T....@Kj7.....ry1g....,5.....B.L.Fn...OJQ.........(.8.....(...%...[....r.Je......i.+....S~1.......-...[.....8.n.p.."...E..p........-...[.....8.n.p.."...E..p........-...[.....8.n.p.."...E..p......l..#G........}Q(.~..........s..D..mloo.[]]...M]|.7j.....Nj_/Z.>..._Z..~./.uOX.TC.....(........N.E.e@..mm*q.....w..._......0.l.....J.^?jeS..}..}L[.....6.....?k...2.......~+.......7.l+....5...V"#..)*z..9511.o......[D...Y.C..C._.m&.n..nj.i.pC..C.4*..u3..{...........r...^.8be.z..S..{..p..C.....]...}599.^m>.W....d.:$.8..Q\&...............d.p...]OOwa.7$....|>.......u{.#.Q.G...xrq...nC.q....8q.....7`.V...j?J.....m...B....E.T*.=>ae+.4]~..-...1............F.qN......9..Z........B..q.$...4...~K,4.....(4.z...1.p.......|.X.N.p../W5.>}zL.g.5..\.^_Vw)~....

        C:\Users\user\Documents\eFax Messenger\Stamps\Final_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):730
        Entropy (8bit):7.641059847416011
        Encrypted:false
        SSDEEP:
        MD5:1D79D2FA2552C9242C6D746B0E822990
        SHA1:06EB6EE2ED230D426673EA33DECF86BD5AC303D0
        SHA-256:4D21C70794FD42EC3BC49DAC7275F9778569E84928B9B3F082370B3EEBB1B0B7
        SHA-512:71EF0116E5D1C223F947F72D996ED8A5060B68209442E05F1D40CFD6C735BF80689FE0FCC3549362ADC4BD57272ADBCC9E6EDEDE64911253CD05025096EE36F2
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d...oIDAThC..k.a...D.._.LA.E.. ....C.(tq..p.N"..NB.;)8..*.......)...u........}.|.H....../>.xy...R...{o..7...S....i..RJ)..R....|.\^g...`0x....7...u:..x.....Z.5...-...l$.7.9....9._fLMZ.>P*.... x.&.Bs.yH....U.w.A........9.....|....E.......3....ip.Y..w.q&.w.q.....[....rw....g..K.V+1.r.U|a.O.=...j.n..|..o87.^.7..'X...(N.f...Y...We4.vG..4...[.>#7..8....P...3...:c...Q.V.2f.+Zv..i.nwQ..+.".UtX.~...1.N,..y....Ks ..V....8..[..,{....y.f.nv...0...B.p....q...(.......O.D..^c4.^?......J.r..:'.M;.{`IYe....f..F....<.K.iF1...]8..`.......S..Fc....%......%.<.9.......s$a?..5...:}.Q)..RJ)...H.Y....u8M.m.........3.....IEND.B`.

        C:\Users\user\Documents\eFax Messenger\Stamps\Paid_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):2725
        Entropy (8bit):7.818861718619994
        Encrypted:false
        SSDEEP:
        MD5:578A8747D1741DCE74697CFD85D4D1AA
        SHA1:A21F2810A52E415A132ED65DAC383EF3605A4A48
        SHA-256:52EFD8A9A4F588CDA576A730AFCDAE71718CF06DAD9765BFD644F0730D977396
        SHA-512:FC4493BE9BE761842BC90AB467992795BA4A7A29AAF7A36B13A06E1190F8B5E15FF145E6E3C837C0F9638B7F86F326B2C4908EC6E122E3F67AF87AB21BF572E2
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~....:IDATx^..m.TW......#..Y..B...P...SZ...&.Tc|C...w......\....J.4M..>5b$..iL.&4.T...]..**]...3#.e.Y...?d...{..r......s......q...I.&.v..nmm}J...5n..4.3*.K......)....s.....F.r...s#....e[Z.7,...........q...Q"..D.........e.W...;3W..B.._...D....-..@..8.."..D....-..@..8.."..D....-..@..8.."..D....-..@..8.."..D....-..@..8.."..D....-..@..8.."..D.o..T6..l*..Y.z\../..........k.o.>....wZ.W).....|.}zz.b.X.c....../_...5....{......J.a......J./..P:.O.@..7jZ....z..a.G...d.....o....-.N.S...u.n..i.P(..3.._.b..)..Q.}o||.Te.B.._.Q....c..........PY.\.w.........lV.<......]]].WV...p...j.z>G.r..*o...Y.a..5k.].........V..u......@u..=.|.....Q.6L....65m....C+W.\n..0.n....b.;...F....+X.u./^..5.0.nq[:55.o........TZ...K.>L.J!.D..{..........5..r...P(D1L5-..VG...&.J..R..+j~]...ld.H.zVOX..........T.N..9.o_VyJ..j...dww.R.#@.\.*../.R,...ta.E.{..z">C...Ry.R...W...-.}..=*}.?.N......B.m....>.E.EH

        C:\Users\user\Documents\eFax Messenger\Stamps\Paid_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):862
        Entropy (8bit):7.6753143718845775
        Encrypted:false
        SSDEEP:
        MD5:7B9622E0F5C5AE798448DAFACA67D68A
        SHA1:8DD233C24A1BB67739A58EDE39FCA69645683B48
        SHA-256:E7CE42A96FE574974E3CF6F9AB0594E7918F07C9D15A0374C666CED830D668BB
        SHA-512:CF4E511A2C5EE23072638A146A69EA5439CCD9EB64A01569C2EF89C4387F52610E4D866B94B528B2A4D15548838C1E9AA08E7CAE1422171923870ED7F6CDA4FD
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d....IDAThC..SA...D.yA4j| *.......[X.V.........")...-.+.,...B.JPP....&...73...]4Y...........3..... $X'.(XF...A..A..A...3Z'.N.B.az+...z8.~^..n.....=.t.......5.~.M..XL&.w"..V...~_.....%...S3:.J.G.ozk.I....7...'a.cv..$.......-c"......]...I#.L....[GL.lj.L.@.#.......L.Wj..f4.rz..NH.j<@.r.Q...R....c....J.&#.....b.g..*...Lir......C.h...b.ql..PR.OM.Z..u./.Xe1JM...b6.........}....}......V..h..... S&c.V..T.t:.u.P*...5x......A(C.vB6..h.....M.2.R1.....h].0\a.....lx.G..5......3...~.".....D.o.z.}f...J.F_F[..].i.ar.}w......&..y\.5...D`..R..=.-^`F.p....|...wLkpPQ...6&...^..C.z.\..5x.(.23...V.U.?...E...G)5X..-f.h.].j.q..\b.+...h=..=.u+....d.v.gt....s.m...4cp.m..............+.....|.T......6&......{.+.. .. .. ...?.M.Y..n.!FO.P.7...9jX2.....IEND.B`.

        C:\Users\user\Documents\eFax Messenger\Stamps\Pending_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):3503
        Entropy (8bit):7.8867867593905885
        Encrypted:false
        SSDEEP:
        MD5:E8F6C4EA631FFBB6227B23DD79AD7DC3
        SHA1:CF814F2B858C31A33464BE7796C3BE9D58B12FCF
        SHA-256:CDB9C2E80212A2B1B0A6E9FB85593D4117B713696DD41A8B1AC7A89E56521D5A
        SHA-512:9FA2630594A1262A9D126E65B352852C5434410C977A6EB532403DBFF1CBCD86D73B5DE368AE7E6424553880859149E1D354A9730600DED62900BB9B3CB5FFCF
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~....DIDATx^...l]e..pz{...[..IS`...:c.......G.YT......1ZB...i.c...,$$:.#bF@..S..q..k.9.V....mm..G..........m.{n..y.{.O...i....y.{..9..<.}{c<...z..j..Q.....r..Z[[..$.^....?&".........nDd..*.b...R"".W..snDd..*.....#"k1...Zemmm.R/...e.Z9""...GpDd-...Y..GD.b.....pDd-...Y..GD.b.....pDd-...Y..GD.b.....pDd-...Y..GD.b.....pDd-...Y..GD.b.....pDd-...Y..GD.b.....pD..uk,.L..euuuk.,Y....4+........Zi.c..?...c.9...sR.R..........iOww..4...o...?I}.,.",....../.J=...s}.ccc.XnOyyyO....f...#Ot....N.o...S.......G.P...........?(..X..~.Huu.^/.r.....&.A/..\.a.|..{l.....>|xT.....>&mN+.UUU.}}}...o.....dVJs.,K.4O:...>.2>-....w..w#..D.t9......=....Is.)}9.......P....0.C..-..3+.....b.Y....c...F...]x?+jkk..Y...#..Z.444|..m..............4..7e..1r..:7;......s3>m;.r..(.(.(P.2_...z~.e.2.$..%>\.....Z..)..s1.s..~XfY....6.5..O.{.9.O..R...}......K.V.,#..j[.{.Q....\.E....\...pE...Z__..4#.#.k6o.<......+O

        C:\Users\user\Documents\eFax Messenger\Stamps\Pending_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):1110
        Entropy (8bit):7.725195513605831
        Encrypted:false
        SSDEEP:
        MD5:20F0269D7FD50708F42B49E3F87F294C
        SHA1:2E4DF421F17B743946DEBDE56DAC28CF67EDDE43
        SHA-256:7CC58BD464D929C2259B27E14C4C20287F34D30994BC982B41F3552DF5805968
        SHA-512:AFE9D15394F616061DE3027454878053F353D5D334D65ACF8FFAE6351380EC45D001CF16A9E40BA1199139E862E910EC6A5E8E1C18CBA45617B3F882A0169CFD
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d....IDAThC..k.A...%M..b..M.FD!T.D.. .z........j=.?@....=.(H.z.Q.....T.*.C(...BI.|`Ki.3.O..f7.........fv...wg..M&.....J...h.D".H$..D"Y.x.5iiiyKS.<.......U..:r...H$...z..%....0.md..........C.e.P($Q.Q.J....jM..P......t:...b..................{.r....k...x.....^d+.H.................t)..PC..._..{q.m.L..m....W..a...h[tT?:.....#t{.~..l6;,l...$!l...v.Z.....3.....<.F..@.>...{..)..#.m...:9.&t.n...&..P(....U.R.....w.Xx..<.%.uA;...`....K.mmm.E.....O....a.(.e.R-q......".x..2q...;..Cf.....tF.V.{?].._.i.....U..c4..Z"TK\..x<..H.Pm..d*/b.....3.....B.%n.....<>>...2.:...P......P.D7S...........H$.A...M.C...R.XW........<4...p...L.(...2..AG*.2M.&...J.u.0... mW.......`.C.(.g....Nw.VM..Zl.zp.g.......r.j...}....N...Y.-....".g.....i.FFQ*.#;...,.....b..N.UwCP6.N..N..B.c....U...i[..zHJ..Q..Q........b|I..Q.MT[,z...8.&~C...<A[.Ly.....x;|.....X....x+L[./.,..-6 4....z.Z......8n.....M....n

        C:\Users\user\Documents\eFax Messenger\Stamps\Received_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):4099
        Entropy (8bit):7.885669415817344
        Encrypted:false
        SSDEEP:
        MD5:9492F3B3DC27C5E0DF9EFE432A9ABF8A
        SHA1:79136AFED14A1F2BAE0EA84648C8B740E41289F5
        SHA-256:B09AB2A3EAE0FC0596BD24FC7668EF244A8BC91D8A8556DD2A3D687CD699AD20
        SHA-512:A8E943395F847C77D59A2C45020207181331579A0F1E62C7B2C7B43A653C683EB6D6F46ADE4CC3C7DF9DCA93D627E8AF0F6764817A9BE18B84E78687A6C5911E
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~.....IDATx^....E...=.<n7{wy.%1..Iy .."&F..R....U.."....G|&TH..((!*.)E......@CE1'D..Q.\.u.=.../..n....{..7...N..W......N.|......u...b..H.G.m..BH....dnljjj..q{...>&......[......b.uF."H.n)!...r#p..F....F..!.J(p..k...B..j..G%=.7.p..X9B.)7..-8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8B..P..!.B.#.X....b-.8.7o.)...s...{......#.8z.(..&.G.V..6m.RT.s.(Y..B...f:.~mh.....+...?mkk....#b.V.V >.q...c9.........{{{w:..."..x.J.cB..r......p......fW.7p..9.8..#..21].1..1l.....Os.(..h4..d....(4x.W...'x....U2.q..F.J.*..r..a..'O....q@.q1-48.&$/t....}....N..l.. ....c[$fA....*.._...!.].oZ.F1...{..[-.+..s..A..q.O... x..R.....K..E=.9p.p5........d{......w$'$n..y%.?..x..%..B.U...H..B.5.Eb...pS6..7|l..3.8....n$.B.v...]...t3..;HF.-E.A~...MK0.L.2..3.....1g..1...Q..Zp6..1"(.+.....1c.L..J(p...=mppP..9.@.VC.~ f.@..C...b..s_.B...:t......G.*..

        C:\Users\user\Documents\eFax Messenger\Stamps\Received_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):1348
        Entropy (8bit):7.770628048791939
        Encrypted:false
        SSDEEP:
        MD5:3B606EE64A72B5833A6A645AB319C3EC
        SHA1:7056AEE92E1E4DCC9D92EC0AB40E462F674C884D
        SHA-256:E553CB40D79DFDB50BA6FD6C10677C43DAC118D56E667A6EE9C9E6454B634789
        SHA-512:12F02A2CF1985FDFFA4E0A85C7BCF02513DCFCEFAED479E8264569906927E9D6D5F0AF2AB37965CD8CACB8176636DC63275551177EC68ED01AB927DB5DDBF38C
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d....IDAThC.M..E..g..ef........b ..6.."D.Q/...../...^D........r....".`P!.. ....&Y.l...1....W.........A.^.~[U...U...'&&....N.J.:...p8.....p8..w.*-....@<..,.........?......6....R.V.RU....:m..%...b. ~3b...|../..DWW.....*..LM......[i?x.p......g.VM..f.....8...j...]....<.D|.......@..#..V...........M.$.5}1.#.l..G...6.A..3.......?.1.s..'.g).z{{......o..-.@_....j.?.w/~..1..K..A.,..v~.xl||<.pZ"A..]...T....Nk'4...U..c.._..\(3...ZH.h....n..)..Q.T.W.....E....A! {Y...d.....&.h.....-...-.....t.9...S..CyC.[..J.[....S..:..aa.R.4Fpd..."P.t...a.m..........5b...Y...}.s...Z.k..r...~..m...[.../.M|...f.......?+u...-b...y.....V..R.A.....R.T0aeU.|O9.*y0.R..(. .3. .P.]..4p.....43..Y.[....d..Q.BVH..C..v..C.V.+....f.n.g...$..~...*}.....\....Ui`A..+.8E.6~J..6.W=.....`....R.Ke.0.r..`Q..G.......ga.U....M.t._T....SU....j@.@....c.L".?G.=.....R.a...q...<L...5[.a.mW.%aM.|$..jf,o..E.C..z...

        C:\Users\user\Documents\eFax Messenger\Stamps\Urgent_English.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 312 x 112, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):3395
        Entropy (8bit):7.86420010883269
        Encrypted:false
        SSDEEP:
        MD5:2B8A441B90CFB271F3C8A17E51805B97
        SHA1:F9D354A44B74B753EACF0BC07291CA7588657D52
        SHA-256:51EF65E83C612794604C2F6EBD270C612421BEA09C0AD581193B594653993242
        SHA-512:5372F5AAC22EA81203A30747EB269196BB2FCCA6132B6637D8D1CFA2CEAA05497E52838DAEF640DB5B5F04DEBE3960630A29C22EC27794D9499A6CAD0F290CD3
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...8...p.......l.....sRGB.........gAMA......a.....pHYs...........~.....IDATx^...l.w......B.]i).(X7....Y..F.m.4.Y&Y.. ...........;.![...!..XLL...t..AI.Da.....;\K......p.z...<....{.W....>.{..i..~...e....;........,T.44......loo.+.p;..u.....o.!..'#7.....Ne....YJDd...p..FD&Z.....H.8"2.....U...9!u[mmm...............#"c1...X.8"2......#"c1...X.8"2......#"c1...X.8"2......#"c1...X.8"2......#"c1...X.8"2......#"c1...X.8"2...<........p.y.V.....!..S.w.GG.....J3....X4.}J.ijjj..d.....l..H.:..X.G.9S....0.......yRWW.8...Cu=..>L...cS......Y.LOuu.....C.C..i.......Qi..5_.D"..z.,.F,.......A.......T.*.L..b...4.S~.z..br.......#8n.f.P(.......SEE.....i....&.V+o..~..<.NyR.y.`[q...GQ]e..d..g~....@.S.u.....app..4=.&..y...J3.....Y.....2..ai....wyt... u.8..7Q.......O....#.y2....r..6......2..Kx.'1Ri.f...s.>.m.Qqc......1....mGg.U#..VXsf....y..{d..V.4.3..f9Fc.K3'......F.y.............%..h.*i..W.>...M...0.f^a...r........a../W..1.JD".x.A...#.P.+.@@l...N..........4I...

        C:\Users\user\Documents\eFax Messenger\Stamps\Urgent_English_thumb.png

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe
        File Type:PNG image data, 90 x 40, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):1080
        Entropy (8bit):7.725430049549691
        Encrypted:false
        SSDEEP:
        MD5:1286AAB6E2B6A7D387A1D37D8155ABC4
        SHA1:ACBE854C0CDA246CDCFE1C710ED1CEC96AB8F1F4
        SHA-256:0E1F48A44CF1E20BD19B5D7CB280AD59BEB0C8ADB177AF94036FC215F7670D56
        SHA-512:9A51B5D724C8096DCBFA515F7786A3030F9B044D45960E38674EEA0B2440BB64F3E2E5ECD27BE7676BFB58F3490C9AD467924D2980732040BA36F180FC41045D
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR...Z...(.....~B......sRGB.........gAMA......a.....pHYs..........o.d....IDAThC.Mh.A..7q...$.S....)..z..D=..../.....(......zP/.QA.D.=+...G..-H.`...F.&....Ml.i.....}.fv........+....Y....Z..A..A.......3.P....w.i.r.]..h4..R........f.D".'.r.s....|.:..YE8...q.m..$.{|..P(<.....j0..8.0..G]{..=@:.s.c.....>/..............-.....%..B.VN`..v...?.K+L\..2.f....:.....)....p.5..l...I"q2.3F:..A..^.....T.fcQ.....b..7.....m).d<...9g.......F......T x...],.!dX....mE.T:...{...:p...:0.....a....vyC{.GGG.Q&....q........X.r0.WO....Jm.C.c#.:0..Nc..M..l.c.'..kR,0+XU .FH......V...y._I.U-h.4.v...36....$..r0......E..MW...lS......{....I.....Kd .....2j...."@...\.I...]ei._..%...dR.c............*...=....^6..b..Vw....`.Zq>.>......z...,.C.....Z.p.1...3.-.....7....>...."..!.s_#`)....w.l._.u.v.h...T .........aR....X..M.}.gU...:...`U..i....3?..EKK.7V=..e.a..>...l.H.I......_.....mYV...,tMLLd.!..&r.t......d.,..-.L.w.^6..=8...9.'.4..b.Z=..:..........$...v...Ym&.X.8..>.R

        C:\Windows\Fonts\JandaAsLongAsYouLoveMe.ttf

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:TrueType Font data, 13 tables, 1st "GPOS", 25 names, Macintosh, Copyright (c) 2012 by Kimberly Geswein. All rights reserved.Janda As Long As You Love MeRegularK
        Category:dropped
        Size (bytes):94748
        Entropy (8bit):5.929603883881905
        Encrypted:false
        SSDEEP:
        MD5:2AA5A7429A3C378248AF8E5CC26AA78C
        SHA1:9A43ED73992E2A93D3FA78A58903A92D39E082CD
        SHA-256:11CDA7580154B7DF447CC64400EBEAC64E5058306C80F0E04B3EFFEE3CE0FF6F
        SHA-512:A25CF819E5C221FA7B3B271491DC52027DB1925B94477B7898EED2C87B59E8938EC80A3398EDA0552270A8B32FE5FC7320618756DB577C244E1B96314657571B
        Malicious:false
        Reputation:low
        Preview:...........PGPOS......dD....OS/28......X...`VDMX^.e.........cmap.m.".......Zglyft.8....0..+.head.f........6hhea...Z.......$hmtx@8.........<kern...J..D....lloca+&u...B.....maxp.h.....8... name......W.....post/....\.............E.x._.<..........K7......KK....................................6...................O.....O.N..._.......................}.......................3................./............ .@. ........... .............. ...............W...................,.........c.....F.......F.........r.l.#...;.......).....i.....................%.........G.....A...........C...........E.p.o.....!.......J.!...........O.................t.......0...L...m...D.......".>.......|...@.,...=...k...q.#.y...B...;...4...].......................K.......t.L.................j...................................?.....C.....*...W...W...Z...D...*.......~...R...T.........(...........................,.[.A.?.J.*...........n...t.....*...................C.y.7.............................................0...0..

        C:\Windows\Fonts\sabbatical_regular.ttf

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:TrueType Font data, 15 tables, 1st "FFTM", 32 names, Macintosh
        Category:dropped
        Size (bytes):185380
        Entropy (8bit):5.479779661317934
        Encrypted:false
        SSDEEP:
        MD5:2EEAAD666F17B2AE55FE06A611FA3D8A
        SHA1:5B9DD16DB3A459A79ACEEB8DB7209836CCAF0750
        SHA-256:4312467B151E25BE9A34A76B9C6F37FD6EA0DBBD21B1D69B46FBAE1001997AF4
        SHA-512:3AB67BEF84195B7EA91329A3056C8DC6041FBE5DA10292AC781727F6C051EFB600DF95D716E3D07D86270DBE516AAFBF2B6B6495A45915D3F0DCDA2513B4A945
        Malicious:false
        Reputation:low
        Preview:...........pFFTM..dz........GDEF.[.%...P...$GPOS.X.......$xGSUB..Y....t....OS/2.*k....x...`cmap..?&...t...~gasp.......H....glyf..z........xhead...........6hhea.......4...$hmtx..(.........loca.bg.........maxp.u.....X... name...........post.v...................4?_.<.........QB.......E.L._.............................9._.....................'.....'...................@...................X...K...X...^.2..................P. J........pyrs.@. ...........: ........,..... ...........M.........2...2.;.2...2...2...2...2.W.2.......2...2...0...2...2.q...n.........2...2.^.................<.......2...2...2...2...2.V.2...2.-...y.........P...2.....?...#.....F...2...P...2.H...........6.......C.P.....{.....P.m...w...........].....2.....U.2...2.Z.2...........2...+.{...q...F.........2...K.........k.K...A...A.S.2.........%.2.c.2.i.....2...2...2.........\...8.2...2.......2.....!.2...2...2...2.......2.h.2.....Z.2...2. .2.b.2...2.x.2...........2...2...2.......2...2...2.......2...2.......2...2...2.v.2.-...-..

        C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\concrt140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):243520
        Entropy (8bit):6.704974906243745
        Encrypted:false
        SSDEEP:
        MD5:ABDEF5F24D965BEB17ACC7948B4BEBFD
        SHA1:D671E6FE9FB1B9A675F3EA50A15D5318E7AF0978
        SHA-256:4E822F847073F81C781BE433EFF6C68DB616EFAD49CEE50A5E19997FB46A9DA0
        SHA-512:FDE514A3BDA56FFCFEAAAA7DDF6A4C89130D5F52936C82E9D8C5D771CBC228E387D0845300BE98D7F40D4CA3B06C8A783411DDC0C1E258E10745A50D0FE1115E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<...].,.].,.].,B.I,.].,.%.,.].,.].,.].,z..-.].,z..-.].,z..-.].,z..-.].,z..-.].,z..-.].,z.},.].,z..-.].,Rich.].,................PE..L.....U.........."!.........p......0........ ............................................@A.............................K..0R.......p...............x..@?.......)...'..8...........................((..@............P..,............................text...L........................... ..`.data........ ...,..................@....idata..`....P.......8..............@..@.rsrc........p.......J..............@..@.reloc...).......*...N..............@..B........................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\msvcp140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):439608
        Entropy (8bit):6.652249319015373
        Encrypted:false
        SSDEEP:
        MD5:1D8C79F293CA86E8857149FB4EFE4452
        SHA1:7474E7A5CB9C79C4B99FDF9FB50EF3011BEF7E8F
        SHA-256:C09B126E7D4C1E6EFB3FFCDA2358252CE37383572C78E56CA97497A7F7C793E4
        SHA-512:83C4D842D4B07BA5CEC559B6CD1C22AB8201941A667E7B173C405D2FC8862F7E5D9703E14BD7A1BABD75165C30E1A2C95F9D1648F318340EA5E2B145D54919B1
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U.C.4...4...4..t.I..4...L...4..Lm...4...4...4..Lm...4..Lm...4..Lm...4..Lm...4..Lm...4..Lm}..4..Lm...4..Rich.4..........................PE..L.....U.........."!................ ........ ...........................................@A.........................A.......R..,....................v..8?.......:..0g..8............................)..@............P......P>..@....................text..."........................... ..`.data....'... ......................@....idata..2....P......................@..@.didat..4....p.......4..............@....rsrc................6..............@..@.reloc...:.......<...:..............@..B........................................................................................................................................................................................................................................................

        C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\vccorlib140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):266928
        Entropy (8bit):6.585967686871738
        Encrypted:false
        SSDEEP:
        MD5:8CDA4DB633BD9CCB9A4F41D435BDFA0A
        SHA1:91A66694EBB4B653994FBD70261438126492E66C
        SHA-256:0D97D8A6B16B8452F213212AFF5A837C264E438238A744BA4BA0F548C2525DF9
        SHA-512:DED97246724A9E32DF4128646E17EA8287FD7936C65C85D97675848EBF2AFD57FB76FE743C9BC0EBC0B5729C831DD2079043F6904DDD2C19CEEE2477F27B00FD
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sd.F...F...F...Oj..H...K..B...K..B...K..^...K..J......A...F...5...K..W...K..G...K..G...K..G...RichF...........................PE..L..._.U.........."!.....,...................@............................... .......B....@A.............................=...............................>......xQ...D..8...........................HE..@............................................text....*.......,.................. ..`.data....=...@...:...0..............@....idata...............j..............@..@minATL...............|..............@..@.rsrc................~..............@..@.reloc..xQ.......R..................@..B........................................................................................................................................................................................................................................................

        C:\Windows\Installer\$PatchCache$\Managed\55E3652ACEB38283D8765E8E9B8E6B57\14.0.23026\vcruntime140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):85328
        Entropy (8bit):6.8770791315221285
        Encrypted:false
        SSDEEP:
        MD5:B77EEAEAF5F8493189B89852F3A7A712
        SHA1:C40CF51C2EADB070A570B969B0525DC3FB684339
        SHA-256:B7C13F8519340257BA6AE3129AFCE961F137E394DDE3E4E41971B9F912355F5E
        SHA-512:A09A1B60C9605969A30F99D3F6215D4BF923759B4057BA0A5375559234F17D47555A84268E340FFC9AD07E03D11F40DD1F3FB5DA108D11EB7F7933B7D87F2DE3
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^$Y..E7W.E7W.E7W..W.E7W.=.W.E7W.E6W3E7W..3V.E7W..4V.E7W..2V.E7W..?V.E7W..7V.E7W...W.E7W..5V.E7WRich.E7W........................PE..L.....U.........."!......... ...............................................P......r.....@A........................`................0..................P?...@....... ..8...........................X ..@............................................text...t........................... ..`.data...............................@....idata..............................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................

        C:\Windows\Installer\60e6c3.msi

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2015 x86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026., Template: Intel;1033, Revision Number: {FAAAAE30-DAD4-41E5-AD8A-D0738EDC14A2}, Create Time/Date: Fri Jun 26 07:57:46 2015, Last Saved Time/Date: Fri Jun 26 07:57:46 2015, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.7.3517.0), Security: 2
        Category:dropped
        Size (bytes):147456
        Entropy (8bit):5.775745146815298
        Encrypted:false
        SSDEEP:
        MD5:39022D0DB5136BFFC1320B0680C117EB
        SHA1:3F508981D57F7688BBCD7FF920BEF207B2623068
        SHA-256:4412DF6F6F3E1993CB87C6CFB34892A81CFCE3CF346FE9967369422AE5C440FE
        SHA-512:A1ED2CD40F3A1A53F09AE1E2060F194F4C148BAB2C34D295A4261EF1650265A8F226E3497C937D4B3D58B5229400DD36C5A071EF3181B9337753F59213B920C2
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\60e6c7.msi

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2015 x86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026., Template: Intel;1033, Revision Number: {571F0B53-0598-4520-9A8B-9928D3FB90AF}, Create Time/Date: Fri Jun 26 07:57:36 2015, Last Saved Time/Date: Fri Jun 26 07:57:36 2015, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.7.3517.0), Security: 2
        Category:dropped
        Size (bytes):143360
        Entropy (8bit):5.771337249887424
        Encrypted:false
        SSDEEP:
        MD5:8E585047D414474872C096D344D6D4D7
        SHA1:242552FFEA6B06EAA683AFAE65D42EC8F13EBCAB
        SHA-256:9C28CDDE5BCFA415ED6D6D36B5DF10407E81A6B9881C5EE62346A29243F9B9D4
        SHA-512:0FB1162402658CFCE6A25063A43C46CEFE97580D231A931068167DCB99F3B17BA5A9B51697CA8F9520CE4B844FE010945563977583C6BC4871D2C23234C19C61
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\MSI3FB0.tmp

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):14329779
        Entropy (8bit):6.676297097024232
        Encrypted:false
        SSDEEP:
        MD5:30096A773985265CED63DB2334491F25
        SHA1:743CA7A8163ADEE080B11464F2775817E07AB397
        SHA-256:323D27CADE9FA373B767706F55AA077FBAAE86D5411BC151469A3E1694EF9D0C
        SHA-512:7293857DC4ECB3A44F7388F14EBB06D24DD8ED242D3CE5F3FA3CF47E989A7150661DE0888913D4B35A4427B9CBCD4841524189B163AFEC954093E9647A5B3131
        Malicious:false
        Reputation:low
        Preview:...@IXOS.@.....@m.=W.@.....@.....@.....@.....@.....@......&.{510EFD2F-E45F-48C2-BE1C-846692E025A0}..eFax Messenger..eFaxMessengerSetup.5.4.2.1.msi.@.....@.....@.....@......efax_icon.exe..&.{141B9747-18E5-4220-BB41-5089304395F7}.....@.....@.....@.....@.......@.....@.....@.......@......eFax Messenger......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@G....@.....@.]....&.{A6F59300-5D39-42B5-A1DC-1D876F095ED3}|.02:\Software\Caphyon\Advanced Installer\Prereqs\{510EFD2F-E45F-48C2-BE1C-846692E025A0}\5.4.2.1\D7E473DF14F3E98497864847195F2.@.......@.....@.....@......&.{AC2C73EF-6C80-4E4C-BF59-954F17824410}8.C:\Program Files (x86)\eFax Messenger\eFax Messenger.exe.@.......@.....@.....@......&.{DBB277D5-F604-470E-BD61-ED876B0100D1}8.C:\Program Files (x86)\eFax Messenger\Library\ABCpdf.dll.@.......@.....@.....@......&.{1898935B-0351-4B17-BE2B-9392D877EB4F}=.C:\Program Files (x86)\eFax Mess

        C:\Windows\Installer\MSI402E.tmp

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):752448
        Entropy (8bit):6.526403705348461
        Encrypted:false
        SSDEEP:
        MD5:FA9352B447ED433E4F6329AB32C80B0F
        SHA1:5B3DC74578BD70A7AA32574B86ADE00B338D1E7D
        SHA-256:619E1E1DB698E748004A286A94CE7371B719D91031C8EF20C2B5A61A52A2737F
        SHA-512:A589CD74E0C8E10B6508403BE22C67CAE5860BB97FB0E86817A654F5D0C4C583EC1FFC81493B89E730622A498E1A06A3BFFA883A3815877534655765A87BB4E2
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+s..o..o..o..`.b..`.....l.~...l.x...l.6..`.x..`.~..o..G..{m.;..{m.n..{m..n..o...n..{m.n..Richo..........................PE..L...V..d.........."!...$.x...........D...................................................@..........................................................>..@=......dm.....p...................@.......x...@...............\.......`....................text...Hw.......x.................. ..`.rdata..*5.......6...|..............@..@.data...p(..........................@....rsrc...............................@..@.reloc..dm.......n..................@..B................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\MSI4262.tmp

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):853312
        Entropy (8bit):6.57812896861
        Encrypted:false
        SSDEEP:
        MD5:CEED2CBA44A0C6CF1E6A71035B295B65
        SHA1:48AAB4E38D2A401812248D04BDA9CA3551F5AC07
        SHA-256:88BE02886CDD4D8B0C339594DAEF5FB7578E3E0D883F936FF67B004709081846
        SHA-512:347308B0E7285D7037D8878F1AAA49FED4FFD2606B894F6130B0821A1390FF2BBA0516853F61C96168565831C2E59BD87CF4AEBADA3153AB4B7BBBEA9CF0D83F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ln._(...(...(....}..%....}.......q..9....q..?....q..{....}..?....}..=...(.......<p..h...<p..)...<p].)...(.5.)...<p..)...Rich(...................PE..L......d.........."!...$............?...............................................l.....@.......................... .......!.......p..................@=.......z..@/..p..................../..........@............................................text............................... ..`.rdata...P.......R..................@..@.data...p-...@... ...&..............@....rsrc........p.......F..............@..@.reloc...z.......|...L..............@..B........................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\MSIEA1E.tmp

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):6241
        Entropy (8bit):5.708962614011127
        Encrypted:false
        SSDEEP:
        MD5:565770899093DC56528C9AF70F97883B
        SHA1:C0452578D2A186C9C1E44B0DFD93D55CB51E16BF
        SHA-256:A2E2EF75D488C141218B3E4430E5E428C7240E498B8B288DC79FDE65B481C28A
        SHA-512:A86F9A017635A1E556510D567E41D4B8CF705AFEA3BCA0EA3ECF8588B1D80814778709E1B7B178FB23DC70D8B7B958E17B55B4EF616B9756EAD99EFE8E8DDB55
        Malicious:false
        Reputation:low
        Preview:...@IXOS.@.....@b.=W.@.....@.....@.....@.....@.....@......&.{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}:.Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026..vc_runtimeMinimum_x86.msi.@.....@.Y...@.....@........&.{FAAAAE30-DAD4-41E5-AD8A-D0738EDC14A2}.....@.....@.....@.....@.......@.....@.....@.......@....:.Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{9C501CB1-E3C9-3DF3-9B8D-C55D81B59E6A}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x86\Version.@.......@.....@.....@......&.{42F41217-AF8B-33D4-9CB3-FF5F696BECBB}...@.......@.....@.....@......&.{E8E39D3B-4F35-36D8-B892-4B28336FE041}$.C:\Windows\SysWOW64\vcruntime140.dll.@.......@.....@.....@......&.{A2AA960C-FD3C-3A6D-BD6F-14933011AFB3} .C:\Windows\SysWOW64\msvcp140.dll.@.......@.....@.....@......&.{9FC931F8-9ED1-3263-A0F1-8ADE33

        C:\Windows\Installer\MSIF099.tmp

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):9203
        Entropy (8bit):5.66429280716433
        Encrypted:false
        SSDEEP:
        MD5:9FD924913040A1539281364CBB04EA65
        SHA1:DB4BF5D501C22DEFE3B5FAD45292672257857E08
        SHA-256:D86DB9F95CDC484B91068EBD3A56DD7A9CBD5CA771EEAAB57C571BBBDECB1468
        SHA-512:D9BDF797267DE7CD4AC2E6F985B468A11A7631C963720B2C624C5CB05078227BBBF11148497762D3937F0A57590F7E197B420BFE36C02C4A27826C4C055DFC4E
        Malicious:false
        Reputation:low
        Preview:...@IXOS.@.....@c.=W.@.....@.....@.....@.....@.....@......&.{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}=.Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026..vc_runtimeAdditional_x86.msi.@.....@.Y...@.....@........&.{571F0B53-0598-4520-9A8B-9928D3FB90AF}.....@.....@.....@.....@.......@.....@.....@.......@....=.Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{2FBCCF06-0D7B-3E2D-A6AF-5DA2828EBEE9}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x86\Version.@.......@.....@.....@......&.{4FD4AB8C-C57F-3782-9230-9CCA22153AD3}..C:\Windows\SysWOW64\mfc140.dll.@.......@.....@.....@......&.{46A1EA6B-3D81-3399-8991-127F7F7AE76A}..C:\Windows\SysWOW64\mfc140u.dll.@.......@.....@.....@......&.{C94DDE19-CC70-3B9A-A6AF-5CA7340B9B9A}..C:\Windows\SysWOW64\mfcm140.dll.@.......@.....@.....@......

        C:\Windows\Installer\SourceHash{510EFD2F-E45F-48C2-BE1C-846692E025A0}

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):49152
        Entropy (8bit):0.796273536369888
        Encrypted:false
        SSDEEP:
        MD5:3657AC7530501A57AA6597025420D5CE
        SHA1:C6E5590ED603AF3DE162748F43BEA98736B484CD
        SHA-256:2DFE92022123F25AB1746192C6A47D382E7CE615A88344D9719978BD70681C3E
        SHA-512:BB3A8DA8717D07740CD8D90F3D99EC6AC984EEF5ED14127AAA7928CFF4A7E0B8F61A5B48854A2E78B7BCA70EE3CE80F605ACCFA3DD6FA9C512C1918710C9B76A
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\SourceHash{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):20480
        Entropy (8bit):1.2073244216117387
        Encrypted:false
        SSDEEP:
        MD5:C06A50AA655A7BC6425262F23A58B63E
        SHA1:7B813FA88CA6FB1A66193CA82789D679795620D1
        SHA-256:A703932FA78E8E4B85D9469DF87D0E73D8F1D6CBA171D7C8D0AFE9E04D30A5F7
        SHA-512:C761987616D760B39F2D33BFF50BC236DD32662059C41C8DEB603FF40FCE34C1311E0333B99416A7816CA6C7D9ACB7EF1EF579BF52AE5C25F652E991F11905C2
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\SourceHash{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):20480
        Entropy (8bit):1.2078225404425416
        Encrypted:false
        SSDEEP:
        MD5:8F20441C42A56D654C18DC33FD222E20
        SHA1:47A9E5A6BFAB79F8223B09B9DAB461E8F1CA4F90
        SHA-256:52EB37E47B0F5A7EBD29D185D5851FFE19670A3320D561056E6C2BB0572ACF9B
        SHA-512:DE7269B36018A9819097EF95343C7901ED156C1675B6E73B889D17BA263E0B13E44490100C2A8A978CEEE904F0249A6AB5152BF6E95A249E344CB80AF659314A
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\inprogressinstallinfo.ipi

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):20480
        Entropy (8bit):1.5945127184578292
        Encrypted:false
        SSDEEP:
        MD5:97268203A461A043BCE38A19E7B1F260
        SHA1:5D80D3108C29DB1617B472BDBED3E0DDCD059435
        SHA-256:358FD978D25686F09537E47B020A7EC217D25442F4389A9613CC587B98A0269B
        SHA-512:062A95503DA0DDEB417D2449A8EE318FB4ED49678465DDB4079A293BCDCEBA01081B30C13A68857CF194E7CF60C6FFD74E187491B0A0C0F97D48A8DA4615595A
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\{510EFD2F-E45F-48C2-BE1C-846692E025A0}\efax_icon.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
        Category:dropped
        Size (bytes):24318
        Entropy (8bit):2.9139432556721077
        Encrypted:false
        SSDEEP:
        MD5:C745688C0BE9C622F3BB40DDC9A7EC67
        SHA1:CB790CC8F71A19C1FB7BAA0B791BD0913B88D1B3
        SHA-256:7227032628BE68671347FF7F90D398C0FB2967D07E45684E74E2BF00CC824586
        SHA-512:79F5353DB23F3297912471959E11BC536C497D89714C4749F365F98B5F50991D83A4A1BD096EFC45914123C4BA287C590427C2D39DB1545B714B8775450C9139
        Malicious:false
        Reputation:low
        Preview:............ .h...V......... ......... .... .....F...00.... ..%......((.... .h....D..(....... ..... .................................................................................................................................................................3-..3-..3/..2/..3/..*/..O-..................................1...1...1-.v0-.0-.0-.0-.V1...01..1-..........................0-..1-.m0-..0-.0-.0..0-.0..0..U2...2.......................0-..0-.0-..0..n0-..0-..0-.0..1-.1-.1...0-..................0-..1..O0-..1-.0-..1..q1-.1..1-.0..1-.1...1...E3..........1/..1/..0-.0-.0..1..0-..1..1..1..0-.1-.2...2-..........3...0...1..*0-.1-.0..1..1..0-..1..1..1-.1..f/(..11..........86..-)..1..30-.0-.0-.0-..0-..1..p0-..1..0-..1...0...............0/..2-..1.."1..0-.0..0..0-.0-..1..r0-..0-.K0-......................2...2/..1..=1-.0-.0-.1..|1..j0-..1-.Z1-..............................22..-$..1..J1-.0-.0-..0-..1..%0...............................79..0-..1/..1.

        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):323399
        Entropy (8bit):5.392650660789948
        Encrypted:false
        SSDEEP:
        MD5:5BEEF3EDB2F19F9D37F7F6E2476A32CF
        SHA1:44011831BD6CA4058E5A5D75B51AFD9BE0099624
        SHA-256:DE5E1D60FA8B2983F7B94B9BF7FB3DA562A4E60629E0731E01CA72F642DDB9DD
        SHA-512:5F24E64F987455F340B4FE68A9CC251FFB84ADFA4D7EDC13B5CE066EBD40997C0E559079C9D4B0202DA0ACC75C35EE18AA5CD662FA467A3C955776C1F33911EE
        Malicious:false
        Reputation:low
        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..03/19/2019 06:29:48.034 [4768]: Command line: D:\wd\compilerTemp\BMT.thr2gc0c.r44\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..03/19/2019 06:29:48.065 [4768]: Executing command from offline queue: install "System.IdentityModel.Selectors, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:3..03/19/2019 06:29:48.065 [4768]: Exclusion list entry found for System.IdentityModel.Selectors, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil; it will not be installed..03/19/2019 06:29:48.065 [4768]: Executing command from offline queue: install "System.AddIn.Contract, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:3..03/19/2019 06:29:48.065 [4768]: Exclusion

        C:\Windows\SysWOW64\mfc140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):4378776
        Entropy (8bit):7.092491965018765
        Encrypted:false
        SSDEEP:
        MD5:7A0CEC41CACCEF925F5D34A84B9F2E45
        SHA1:0448A668257A6E1FF7864BC63538486ED18F2FEA
        SHA-256:F0E7FEF767B56653F275206511753F7F569AEA27B8FB8E2B26D895F340C9F189
        SHA-512:9593DB951B5648562004609124C8738AE54163EDF50E15FA0442E3EF3114450522202368BCE52826D17BF874BF11B75DEC8601EFD6D9A4FF398652F7E3A475C0
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......!.9.e.W.e.W.e.W.O..d.W.O..d.W.O..g.W.O..p.W.l...q.W..V.g.W..T.o.W..R.v.W..S.i.W..R.f.W.O..v.W.e.V.m.W..^...W..W.d.W...d.W..U.d.W.Riche.W.........PE..L.....U.........."!......(...........$.......).............................. C.....}.B...@.........................P.(.......*......p*...............B..>....@.`...p'..8....................'......h...@.............*.......(......................text...C.(.......(................. ..`.data.........).......(.............@....idata...U....*..V....).............@..@.tls.........`*.......).............@....rsrc........p*.......).............@..@.reloc..`.....@.......?.............@..B................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140chs.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):46760
        Entropy (8bit):6.103940075620936
        Encrypted:false
        SSDEEP:
        MD5:729261B98A8E908E46DF8547373529FB
        SHA1:F9C069292EB65C912058678BA4B49692E7AF8C90
        SHA-256:5925689C1E9F0E373686B9A6555432BF82733F0C595B2084DD53F170BBDFE9A4
        SHA-512:BB8F9BF454BCB8021A61873DFBA0FBD0235446AB3087BA3584A68CD9FC7FD2DC05E19C23A956DC9DDB4393D792E3642A28E1FCCEC668D3EE2F8F9A216C3D390F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...u.U.........."!.........v.......................................................D....@.......................................... ..@s...........x...>..............8............................................................................text...............................@..@.rsrc...@s... ...t..................@..@............u.U........&...T...T.......u.U........T.......................................RSDS.`kA5".J............MFC140CHS.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1...a...rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140cht.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):46760
        Entropy (8bit):6.147668385954288
        Encrypted:false
        SSDEEP:
        MD5:F44B1F74B788A99EA6F753D11A776456
        SHA1:50D26A8B05F7975FBDE3BF080ED996F73DD71755
        SHA-256:6106B50AE395D273EBE699F39A243D4DFC12A529F2769F98D6BC71A91920EFFF
        SHA-512:FF8DB5C193007FF511D4D72526041E0913D86048C99F38A507DC8B579F527C3B5444CA9BDDFE4FD2A0F6E01F1D69101CB6FE32EE386EA0585E44F2BD95B8A46E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...u.U.........."!.........v............................................................@.......................................... ..hs...........x...>..............8............................................................................text...............................@..@.rsrc...hs... ...t..................@..@............u.U........&...T...T.......u.U........T.......................................RSDS.~.<..HO..L7..j.....MFC140CHT.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1...a...rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140deu.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):75432
        Entropy (8bit):4.744022592660618
        Encrypted:false
        SSDEEP:
        MD5:1012BB5F0D0DDD1FE2D65178D1EB7E5E
        SHA1:4FDF84BC6BDB81B292D86BA9918DD0E6A15E33FD
        SHA-256:397FBABF18DC4A21DD1F24882B4E82A00E8C0A308F4DC7E817021CC5301C7C81
        SHA-512:5E414AD192CD6A4DDCC015584F848BC60A7BD588E1CF49A48EE30D8CD56095FE5FA7989499C6001B211AA45952F71E9F25D9A5385F0904895367E77C1D3D81F2
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...v.U.........."!......................................................................@.......................................... ..`................>..............8............................................................................text...............................@..@.rsrc...`.... ......................@..@............v.U........&...T...T.......v.U........T.......................................RSDS.t.<w.@..N..a*8....MFC140DEU.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1.......rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140enu.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):65704
        Entropy (8bit):4.883442934224856
        Encrypted:false
        SSDEEP:
        MD5:60254EED96B42D33D4E8278B70808BEB
        SHA1:5BDA824108D09607827808875AFDDE332790675E
        SHA-256:56BECC55F9D715B6CFAD9AB7BBD91F505CA054FEECBA83D62AA6B5DE70CF70F0
        SHA-512:D01840CBBC2B259D6662642387455F370BF95F5B4A6FCCBE18BE7431F7E4B68DC5F73B5711DCB4B9664271AD84DAFF8E698CAC0FDB65C85E25C585DA74D4C158
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...v.U.........."!................................................................~G....@.......................................... ..................>..............8............................................................................text...............................@..@.rsrc....... ......................@..@............v.U........&...T...T.......v.U........T.......................................RSDS#...l.I..u..HG-....MFC140ENU.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1..`....rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140esn.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):74408
        Entropy (8bit):4.717567705682328
        Encrypted:false
        SSDEEP:
        MD5:A0F8019A5389CD7F568A19797C53F067
        SHA1:131FBAA66E2F906F95C1B3CB1D0EFF3B5CDF7449
        SHA-256:A939C0B9A2A3E644BD001020BB8BF32655421C99FCE6D3296D3F87F5B68A9AB5
        SHA-512:AF15D98893347C596A2A3B4B6710B4567E4ECAD0C6E05AB69D9B294B811FDAA3CCBEC44304D15DC62A92EC589380B136A9BAF20BD2CEE0472090F1532B525F66
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...v.U.........."!................................................................<.....@.......................................... ...................>..............8............................................................................text...............................@..@.rsrc........ ......................@..@............v.U........&...T...T.......v.U........T.......................................RSDS......I..tq.@......MFC140ESN.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1.......rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140fra.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):75432
        Entropy (8bit):4.726526347596046
        Encrypted:false
        SSDEEP:
        MD5:8BB5CC03B360F768BB084877CB42B548
        SHA1:D5BBD804AE24E71634B0E25594D62ABDEEF61E3C
        SHA-256:FF7C4BDC44796364985859943AA9473CEABD8B37779770ED6C2B729B6E307BC4
        SHA-512:D253E314ED56508438024477CC8BB284BE3D98F1865CD387FD98BC8D76C881EEAD0F0614C3371803254A226C426645264600563EFC3A1792F954C91386C10A8D
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...w.U.........."!.................................................................i....@.......................................... ...................>..............8............................................................................text...............................@..@.rsrc........ ......................@..@............w.U........&...T...T.......w.U........T.......................................RSDSK.V..W.K...M.3.....MFC140FRA.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1..8....rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140ita.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):73384
        Entropy (8bit):4.722346536999328
        Encrypted:false
        SSDEEP:
        MD5:BEB5EC2A66451FF07F58B70D163A2E6C
        SHA1:16413615AC45A4D5E1E5BADBC403EB00887B0F57
        SHA-256:59F89D9F1B082DE6399F3D66CF43C0977987474229685C06072ACD4CD16373FA
        SHA-512:FF18CAB5B1195A704153D49C0ADD0853E874D25174E22A633B53F6B24655F85FCFD7D817F20F8D6917106764465F38473D0472ABFB75A24BC7F4EED3CF4F4773
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...w.U.........."!................................................................g.....@.......................................... ...................>..............8............................................................................text...............................@..@.rsrc........ ......................@..@............w.U........&...T...T.......w.U........T.......................................RSDS.. ..H...[.......MFC140ITA.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1.......rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140jpn.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):54952
        Entropy (8bit):5.9118463227009475
        Encrypted:false
        SSDEEP:
        MD5:5227EF5B1100D0CCB5227E94BC1CCDA8
        SHA1:E3E5A5FD387A8F78CE5C70B9CC7AD24E30A4FBD6
        SHA-256:C630F0EB2387CAD1CC8621CB4C92797F081F9FC09FF73BF4FB3E589D4ABD69BE
        SHA-512:FF7BAFAF1FE5856172179091E5EF788B6E0FBBE7115689CF143C6F2B0E8D45FE142972C9A17153E0D09BD84270E35BB5C3C929E29DA9A8E0F06E0273DF05F84D
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...w.U.........."!......................................................................@.......................................... ...................>..............8............................................................................text...............................@..@.rsrc........ ......................@..@............w.U........&...T...T.......w.U........T.......................................RSDS.dg..E7N..J...+....MFC140JPN.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1.......rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140kor.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):53928
        Entropy (8bit):6.072458516989557
        Encrypted:false
        SSDEEP:
        MD5:6B50E0E5C1E59B93EF5B0F6F6BCB0DC4
        SHA1:97905252B3E7080F4B76EF8DA3C6D4818282F94F
        SHA-256:1104D6AA24D4DDFF59623CD3C88D692FFB36E3E6A9EBAA817F22D6B2442A49CC
        SHA-512:368B6BBE5C784A07E9615A645DE84512E27172F466B99988C6CF197CDA9D1B4ACEB041498E7FB9383B829AD2ABDD56E2930F225F767167E221A42D5D80A427E9
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...w.U.........."!................................................................^.....@.......................................... ...................>..............8............................................................................text...............................@..@.rsrc........ ......................@..@............w.U........&...T...T.......w.U........T.......................................RSDS.(ec.r@.. r1;.2....MFC140KOR.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1..H~...rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140rus.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):71336
        Entropy (8bit):5.27578219914634
        Encrypted:false
        SSDEEP:
        MD5:97D5F5F711AC3A10EA86B9B73D07857B
        SHA1:77E40A4F4D3024DE0E492DA58C5543065D6F7B13
        SHA-256:7E626B10609B958D99C365519A2D16A043E25F9B4BB43050B192FB9024667B6D
        SHA-512:BEFC16E1008C49C18469D92E51AE3FCC8FB1D41141D9D2147EF79FCC370EF2BA38A0CA6E0D430B4127E85D38DEFBA1513AFA42EAC39DEF74777F29D52792F243
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R...R...R.P....R.P.P...R.Rich..R.........PE..L...x.U.........."!.................................................................{....@.......................................... ...................>..............8............................................................................text...............................@..@.rsrc........ ......................@..@............x.U........&...T...T.......x.U........T.......................................RSDS..i.9..N.......}....MFC140RUS.pdb...............................T....rdata..T........rdata$zzzdbg.... ..h....rsrc$01....p1..P....rsrc$02........................................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfc140u.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):4443808
        Entropy (8bit):7.085634465340317
        Encrypted:false
        SSDEEP:
        MD5:6A8D94346A834482957F41B9C2B6D22E
        SHA1:AA87337D304CB04D7DE18C665B1C8202C536D93F
        SHA-256:67CB9755F9F44AEF4BA52F1D25A161403D8D63F79A992862A8E4E8190BA2FF68
        SHA-512:1BC10752A2D4C6BB6AD836BED74D43C484DE74AA075E16AE15BCDB52062EACB06D45C1F91F60CE07428E93CDF2A255362FD7A9BC6AAFF84A8E3033597B4902FA
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........9...W..W..W.xO...W.xO...W.xO...W.xO...W.....W.@.V..W.@.T..W.@.R..W.@.S..W.O.R..W.xO...W..V.S.W.@.^.?.W.@.W..W.@...W.@.U..W.Rich..W.........PE..L.....U.........."!......).........9........`)...............................C......D...@..........................\..L.....*......0+...............C..>....@.....4.).T...............................@.............*.......)......................text....).......)................. ..`.data.........).......).............@....idata..zS....*..T....*.............@..@.tls......... +.......*.............@....rsrc........0+.......*.............@..@.reloc........@.......@.............@..B................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfcm140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):94368
        Entropy (8bit):6.497353624192318
        Encrypted:false
        SSDEEP:
        MD5:F1948D1E8F8FBAA3C30EEFAC68D3AC50
        SHA1:F5C7E95156F74FA9DE4CB0A6BE7594F57AF0068D
        SHA-256:A65790CAD6181292ACF3DF23690835BC3D741C4D9189D737DF1CF1A3F66CCCC6
        SHA-512:9FE9C0199844A5684896A67D92CF51133FE0CC11DCEA23F33725C8A13A22897DAD33CE77FE987193F16D2B6329ABC0776D52E8196388D452957D238E9EBF027B
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'..yIL.yIL.yILj..L.yIL.+.L.yILR HM.yILR JM.yILR MM.yIL...L.yIL].LM.yILj..L.yIL.yHL.yILR LM.yILR IM.yILR .L.yILR KM.yILRich.yIL........................PE..L...p.U.........."!.....D...........R.......`.......................................?....@.........................P0.......1.......`...............2...>...p......0f..8...................D&.......e..@............`..P...........`c..H............text...!C.......D.................. ..`.rdata..d....`.......H..............@..@.data........@......."..............@....tls.........P.......&..............@....rsrc........`.......(..............@..@.reloc.......p.......,..............@..B........................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\mfcm140u.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
        Category:dropped
        Size (bytes):94368
        Entropy (8bit):6.495248019007704
        Encrypted:false
        SSDEEP:
        MD5:7E0FD92A56763881EC4CCC14F8968314
        SHA1:3C6E92FD710088DB8D474F741A7C37392F9899F0
        SHA-256:3B3D7F5CB5D55A10EB2ACF8E7C678A9FBCDB731D5801046B0054BE82DAC8F951
        SHA-512:DB2AAF332B089D1F5C79F57167E69951219DC81F16363C06CC257C9DEEFC9E8012832312A9F30834FE79AC510EAC554477041099D06B53A2F5BEBF6FC59EBC7A
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'..yIL.yIL.yILj..L.yIL.+.L.yILR HM.yILR JM.yILR MM.yIL...L.yIL].LM.yILj..L.yIL.yHL.yILR LM.yILR IM.yILR .L.yILR KM.yILRich.yIL........................PE..L...s.U.........."!.....D...........R.......`............................................@.........................`0...... 1.......`...............2...>...p......0f..8...................\&.......e..@............`..P...........`c..H............text...!C.......D.................. ..`.rdata..t....`.......H..............@..@.data........@......."..............@....tls.........P.......&..............@....rsrc........`.......(..............@..@.reloc.......p.......,..............@..B........................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\vcamp140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):400544
        Entropy (8bit):6.4122441883226955
        Encrypted:false
        SSDEEP:
        MD5:FD3FC1A2BBE7CFCF121DC80F554137E8
        SHA1:91728C35F7E9EAF7DB573FA568992131149A8F49
        SHA-256:C2BF32F723FFD5104F9C1D5266AAE6006C7BE8FF53641787E437444E462308AF
        SHA-512:0448EFB287C045CC767DF96B1FEB98869C6DEDA0E908A6C8CCCAC1CC1BC0908667542633BBB7759DCD58BFE9D36A61AAE528F51E1C10971D130B4CB42CB1AB3E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L.nL...L1..M...L1..M...L1..M...L1..M...L..6L...L...LC..L1..M...L1..M...L1..L...L..jL...L1..M...LRich...L........................PE..L.....U.........."!.....$...........|.......@............................... ............@A............................47...r..@.......@$...............>.......H...]..8....................]......h]..@............p...............................text...$#.......$.................. ..`.data...<-...@...*...(..............@....idata..T....p.......R..............@..@.tls.................l..............@....rsrc...@$.......&...n..............@..@.reloc...H.......J..................@..B................................................................................................................................................................................................................................................

        C:\Windows\SysWOW64\vcomp140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):182432
        Entropy (8bit):6.682159407241539
        Encrypted:false
        SSDEEP:
        MD5:1CD23A0F3DAF4210F86BA8EB60B2612B
        SHA1:979AB8D98D27FC0C8810822D80A4F1361657F21D
        SHA-256:DBC67DD65EF7D68BDE9147C6244E7AAA8CB275ED6D0EF60301C7E4FBB95A5A42
        SHA-512:90941648D2CEBF4BCD65E54C503A2CED7362FE2B5AFA6772B0ECC8CA945D2E43EA14E90A17E64F3EAB8EF76ECBB0EA3CC801DBCFEAA8A90AB8B1FE2E081C17C6
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:...T...T...T.#.....T.#.....T.#.....T.).Q...T.).W...T.).P...T.. ....T...U...T.).]...T.).T...T.).....T.).V...T.Rich..T.........PE..L...p.U.........."!.....L...T......`........`............................................@A.........................M......T...<........................>...........a..8............................a..@...............P............................text....J.......L.................. ..`.data....%...`.......P..............@....idata...............\..............@..@.rsrc................f..............@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\MessengerInstallerPackage.log

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):580572
        Entropy (8bit):3.8399653089889325
        Encrypted:false
        SSDEEP:
        MD5:19A6A6AE703674E52E7C7383970D69F9
        SHA1:C24EDB5DB59365D4693984AAB081D3CC5459EDBA
        SHA-256:37F0A84BCFBDFB21847D72B83DA67FD3E40509D8EEEE16A6B04F53A552DA4852
        SHA-512:6741D09F549C51823C77B67E1E8203A636600F7DF2075B65817E08B6372E2A1FF4F552AC9DF0173A47E916C07AB27ED74923DF78D86A6B546B8CEF453B91CA4C
        Malicious:false
        Reputation:low
        Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .9./.2.9./.2.0.2.3. . .1.9.:.1.8.:.1.2. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.D.e.s.k.t.o.p.\.e.f.a.x.m.e.s.s.e.n.g.e.r.s.e.t.u.p.-.5.-.4.-.2.-.1...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.E.C.:.9.4.). .[.1.9.:.1.8.:.1.2.:.5.8.7.].:. .S.O.F.T.W.A.R.E. .R.E.S.T.R.I.C.T.I.O.N. .P.O.L.I.C.Y.:. .V.e.r.i.f.y.i.n.g. .p.a.c.k.a.g.e. .-.-.>. .'.C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.j.2. .G.l.o.b.a.l. .C.l.o.u.d. .S.e.r.v.i.c.e.s.\.e.F.a.x. .M.e.s.s.e.n.g.e.r. .5...4...2...1.\.i.n.s.t.a.l.l.\.e.F.a.x.M.e.s.s.e.n.g.e.r.S.e.t.u.p...5...4...2...1...m.s.i.'. .a.g.a.i.n.s.t. .s.o.f.t.w.a.r.e. .r.e.s.t.r.i.c.t.i.o.n. .p.o.l.i.c.y.....M.S.I. .(.c.). .(.E.C.:.9.4.). .[.1.9.:.1.8.:.1.2.:.5.8.7.].:. .S.O.F.T.W.A.R.E. .R.E.S.T.R.I.C.T.I.O.N. .P.O.L.I.C.Y.:. .C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.A.p.p.D.a.t.a.\.R.o.a.

        C:\Windows\Temp\~DF07BFE2DBB20BC35D.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):32768
        Entropy (8bit):0.11204889020555435
        Encrypted:false
        SSDEEP:
        MD5:F1ABE0D766434505B6BAC9DD5038230C
        SHA1:2530743645564AAA1C0899264D69DFCDBCBC3DF3
        SHA-256:3FA932E624461D49F7D36E00F0792F9BCE1AC8E71DD259EEBC9B0AFA080BCC82
        SHA-512:039F626401C422C79BE1F7D8D2B0084FDF41EFBA9B884D6B4F8B656315596436520D962C78D558041435AF73CE9F65BED5C303411250E93E2EE0291DB49A3585
        Malicious:false
        Reputation:low
        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF3999796F53EBFB97.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):73728
        Entropy (8bit):0.14649180816808965
        Encrypted:false
        SSDEEP:
        MD5:A307F11B5A042706C5ADDB514C10B83F
        SHA1:ED5F6A403BA8C17B26CCCECA6C91350A1D4B4D08
        SHA-256:30260966B9B30B7098C8E60BAC8309BFBBE98DB76FF289387E3980990EEAF34B
        SHA-512:5DC490CD788BF99A87A57D3EA5DA6A31A6081A4CA310967D76A5CD7B1BF953E3C084C8429362BEAF1108D7594390E3A189EB2BDE4765DE4E30F33875D7048030
        Malicious:false
        Reputation:low
        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF7D18775345D22BCE.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):20480
        Entropy (8bit):1.5899865827582542
        Encrypted:false
        SSDEEP:
        MD5:6B58D55DC6BBD58368ED8868C8FA66C6
        SHA1:6BADFD408A4E765FBFCBEAFCD8E5E62BB73CF02B
        SHA-256:DD5164838BFB6E62669A27277EFB60706B3A0B9702F2A269F5A9CA8E3DCC4E7E
        SHA-512:772C9943CE0ECD764385C4DCCB08E79E7DF6A776CB7F8F704611675802B46C565D9192A584C91D0AFFC54169C8F72DAA2263CE0089712D06AFD5AAE20C7AEA6B
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF886C0B4EDCAFE2D2.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):32768
        Entropy (8bit):1.2726008887915126
        Encrypted:false
        SSDEEP:
        MD5:9AE93FCFB6C312E7276902D535DA9684
        SHA1:B5C1ED6AB1D6665DA30211286D7AB90D11A94D3C
        SHA-256:710246045D266873CDBA9275862D93415F7BE29152AA4A3687DCDD6AB585F3A3
        SHA-512:1E4394594DF84B70C8E6B25ED00DA1326F7151597190ED0FBE35831D0EA7E6440A36D0FFDB64F50F7090F68D56E176466083050C0A9938A22E3661D8A81706A5
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF8FE6C81183C3F4A8.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):32768
        Entropy (8bit):0.10215267043363707
        Encrypted:false
        SSDEEP:
        MD5:1A300E5A7FE10C325D799A1A46DC101E
        SHA1:2417E2885A8CE9541A1AB4FA7B500EA5631A1E6D
        SHA-256:0BC53DFBB8A54B150A80913B7DFEA79F12C988ADF80D3A6373217D2BBA6C1367
        SHA-512:F04BF09D94171107AB72D9324AB3698C8E968605643B479770772F23F1208C617A819D5709B898FC53309415C50B2AAF5F90246BAC16618DF73D7AA2689CF58A
        Malicious:false
        Reputation:low
        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFB5B6039D9E14C814.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):73728
        Entropy (8bit):0.14460209023577175
        Encrypted:false
        SSDEEP:
        MD5:998063B29E5C4068E505FB7FF08EA8D9
        SHA1:C676C95F58E221E8559244D8E604164D0B7A1DED
        SHA-256:E1B3820D05BE7DCEB76719644FFAF61C56427A280BB5122FDBE82C8E05EABEB0
        SHA-512:915D382FA3B3979FEA9809418E136A331C0EDE8800B896C960FD22AA3EEF006C60F5AE41104023E0CFA390606034F78F7CD3ADC3DFEBA450C339B1E3649982EE
        Malicious:false
        Reputation:low
        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFB602E97D37E8AA2A.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):49152
        Entropy (8bit):1.1929353414568449
        Encrypted:false
        SSDEEP:
        MD5:44905EB2A19B007D8F146FAC878A819C
        SHA1:078DC365F1A23B9EAF303AE33105D3FAFB9FA873
        SHA-256:57415F6276499654F20D6DE421CE2A88DF604519246A0AD533D97B60132DDD94
        SHA-512:71A66A5F5F63D721DDA9B793B5C069CA0AC4BE994B11EB515C8117D06976B54FE776502F80C626F8EE139DE52980EAD500DA7CDBAD58B9FDF565E40841E540B7
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFD5869B67619F56DF.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):32768
        Entropy (8bit):1.269349642824457
        Encrypted:false
        SSDEEP:
        MD5:A9166D4B52BFAEFF8FC02EF9E65DCE6C
        SHA1:1772651AD4B7B3FFA68197DDC1ED0BB2F37DFB8E
        SHA-256:6F9BCBED2E801049CE1BFAA4EA565DFC122B71D9D311AA9BDF362DA36D3E19C5
        SHA-512:5275E256B15B9E988275F6F4DCCB841D560CBDECD14FF809E1099B109E6B20BB2E42FB976D7AFE4F67E3523BEDFF1A3D2676860724B59C697170BDC94819945C
        Malicious:false
        Reputation:low
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFD94BCE5B0EF7CD0B.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Reputation:low
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFECA03EC5585BE2DA.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):81920
        Entropy (8bit):0.2711380171243609
        Encrypted:false
        SSDEEP:
        MD5:BD4C44D3C9637EB78EE03E68DCCD978A
        SHA1:F12A48DE718D1AE31DB535510C4AAA5822D16BAC
        SHA-256:AC59520D58958585B4505D15B7D7B3B86141D641B9D96F835FFEBF1F71501496
        SHA-512:A9DBEEE148AA46C3C9DAD9A6CEE4DD38187AC34483B654038D09FA8A64F881E7EC810CEAC24497048788ACAE54604FDF26891E686551860CE378A50911422DB2
        Malicious:false
        Reputation:low
        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFFF5B35921F197F33.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):32768
        Entropy (8bit):0.10272316321624911
        Encrypted:false
        SSDEEP:
        MD5:BB09687DFD485EA6105DE517E337BB8C
        SHA1:2485B3318F455C5BA4D2405BB0329E30669570C0
        SHA-256:2C27D79CD7B5D8CDC7D0D49778905667884821E0D07B2F9366849766BF75DF11
        SHA-512:D7CA0CA1B2C6EC5E0BFF87B613DE25608ABB9D6D4A2D8E60F018DB879AB8A8C9C774AF6D2F0D7656204B6F6F4D145C4631C8723F825D6F8FF0F74C1AE2D2E75B
        Malicious:false
        Reputation:low
        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        \Device\ConDrv

        Download File
        Process:C:\Program Files (x86)\eFax Messenger\InstallHelper.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.171453562658726
        Encrypted:false
        SSDEEP:
        MD5:4A37F98AABA873E85A32EC2F80563A7E
        SHA1:02BC28EEF0EBF300A6249E2818DD115E528C65CC
        SHA-256:8F2CCBAC77850ED8F15B09B7BBCBE0BE86E10EB5CB8C7D6FF6FECDD17FAD8DD9
        SHA-512:3BB00E8BEC163A63A61699BEC33C3D49830089BBA15F4C3852FECFF8AB1BA30C07CD0EE04FB3A912DA11ABE3A68F6930B83AFECD2B6047DAB05833E8FB8F0F7D
        Malicious:false
        Reputation:low
        Preview:InstallHelper Executing configureMessenger..

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):7.938310923317199
        TrID:
        • Win32 Executable (generic) a (10002005/4) 98.81%
        • Windows ActiveX control (116523/4) 1.15%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:efaxmessengersetup-5-4-2-1.exe
        File size:80'255'048 bytes
        MD5:bef9a29984282fb5c7134e44fb07327a
        SHA1:4e6ba6482b9de16ae09c83a4043775d135975e9c
        SHA256:dd6d2d7ce866c3f4a6179eae55e7fa67ee540a6ac76d3318fb2ba24c5abba421
        SHA512:0f24485d3f23b5d5ee4887f23dc33491e764cf34dc6ca6014657520d7ac3f5f5d88b336872c8745e65eabaa28352f4192604dbf52c999ad6918b472549ab0b19
        SSDEEP:1572864:y4G9HM1ATSakV88xObThVl1St7hVAQavSmWMSAqplWhu9ui5iof1eaOu:y4G9HMyeakV58hYt7gvTSAKWM91AaOu
        TLSH:63082221B58AC037D67A0171992CDBAB59787E720B7104DBB3EC6E6E1F744C22232E57
        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........."...L...L...L...O...L...I.g.L...J...L.x.H...L.x.O...L.x.I...L...H...L...M...L...K...L...M.5.L...E...L.......L.......L...N...L

        File Icon

        Icon Hash:185e475b25110c01

        Static PE Info

        General

        Entrypoint:0x5dd680
        Entrypoint Section:.text
        Digitally signed:true
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Time Stamp:0x649BFB69 [Wed Jun 28 09:20:41 2023 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:21314122cd4542a6b9b297f52a87acbe

        Authenticode Signature

        Signature Valid:true
        Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
        Signature Validation Error:The operation completed successfully
        Error Number:0
        Not Before, Not After
        • 8/20/2021 2:00:00 AM 8/20/2024 1:59:59 AM
        Subject Chain
        • CN="j2 Cloud Services, Inc", O="j2 Cloud Services, Inc", S=California, C=US
        Version:3
        Thumbprint MD5:48EB2CD503BFEB0EC8DB64F2120F078A
        Thumbprint SHA-1:AA95F48FADA8AFDE4D2F34C1D3F229E7B3005E76
        Thumbprint SHA-256:38FC8409648CBD155102043356FF2805CA5BA2EAE027E2C3D801531A66717E3E
        Serial:2EEC7A77E4A7E0027100817801A88E76

        Entrypoint Preview

        Instruction
        call 00007FF40C471FEFh
        jmp 00007FF40C47182Fh
        mov ecx, dword ptr [ebp-0Ch]
        mov dword ptr fs:[00000000h], ecx
        pop ecx
        pop edi
        pop edi
        pop esi
        pop ebx
        mov esp, ebp
        pop ebp
        push ecx
        ret
        mov ecx, dword ptr [ebp-10h]
        xor ecx, ebp
        call 00007FF40C470E82h
        jmp 00007FF40C471992h
        push eax
        push dword ptr fs:[00000000h]
        lea eax, dword ptr [esp+0Ch]
        sub esp, dword ptr [esp+0Ch]
        push ebx
        push esi
        push edi
        mov dword ptr [eax], ebp
        mov ebp, eax
        mov eax, dword ptr [006F8024h]
        xor eax, ebp
        push eax
        push dword ptr [ebp-04h]
        mov dword ptr [ebp-04h], FFFFFFFFh
        lea eax, dword ptr [ebp-0Ch]
        mov dword ptr fs:[00000000h], eax
        ret
        push eax
        push dword ptr fs:[00000000h]
        lea eax, dword ptr [esp+0Ch]
        sub esp, dword ptr [esp+0Ch]
        push ebx
        push esi
        push edi
        mov dword ptr [eax], ebp
        mov ebp, eax
        mov eax, dword ptr [006F8024h]
        xor eax, ebp
        push eax
        mov dword ptr [ebp-10h], eax
        push dword ptr [ebp-04h]
        mov dword ptr [ebp-04h], FFFFFFFFh
        lea eax, dword ptr [ebp-0Ch]
        mov dword ptr fs:[00000000h], eax
        ret
        push eax
        push dword ptr fs:[00000000h]
        lea eax, dword ptr [esp+0Ch]
        sub esp, dword ptr [esp+0Ch]
        push ebx
        push esi
        push edi
        mov dword ptr [eax], ebp
        mov ebp, eax
        mov eax, dword ptr [006F8024h]
        xor eax, ebp
        push eax
        mov dword ptr [ebp-10h], esp
        push dword ptr [ebp-04h]
        mov dword ptr [ebp-04h], FFFFFFFFh
        lea eax, dword ptr [ebp-0Ch]
        mov dword ptr fs:[00000000h], eax

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x2f6af40x28.rdata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3060000x2d02c.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x4c86f300x2918
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x3340000x289b4.reloc
        IMAGE_DIRECTORY_ENTRY_DEBUG0x299dd00x70.rdata
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x299e400x18.rdata
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x26ad600x40.rdata
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x2690000x2ec.rdata
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2f3e600x280.rdata
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x2671460x267200unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        .rdata0x2690000x8ebfa0x8ec00False0.3130609676007005data4.600804924708828IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .data0x2f80000xd2200x3c00False0.26588541666666665data4.791177624051412IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .rsrc0x3060000x2d02c0x2d200False0.13557717278393353data5.031657828910525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .reloc0x3340000x289b40x28a00False0.44384615384615383data6.513442265686413IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

        Resources

        NameRVASizeTypeLanguageCountryZLIB Complexity
        RT_BITMAP0x3068e00x13eDevice independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colorsEnglishUnited States0.25471698113207547
        RT_BITMAP0x306a200x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.03017241379310345
        RT_BITMAP0x3072480x48a8Device independent bitmap graphic, 290 x 16 x 32, image size 0EnglishUnited States0.11881720430107527
        RT_BITMAP0x30baf00xa6aDevice independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/mEnglishUnited States0.21680420105026257
        RT_BITMAP0x30c55c0x152Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colorsEnglishUnited States0.5295857988165681
        RT_BITMAP0x30c6b00x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.4875478927203065
        RT_ICON0x30ced80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.4148936170212766
        RT_ICON0x30d3400x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States0.32786885245901637
        RT_ICON0x30dcc80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.28377110694183866
        RT_ICON0x30ed700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.24107883817427386
        RT_ICON0x3113180x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6400EnglishUnited States0.17366863905325444
        RT_DIALOG0x312d800xacdataEnglishUnited States0.7151162790697675
        RT_DIALOG0x312e2c0xccdataEnglishUnited States0.6911764705882353
        RT_DIALOG0x312ef80x1b4dataEnglishUnited States0.5458715596330275
        RT_DIALOG0x3130ac0x136dataEnglishUnited States0.6064516129032258
        RT_DIALOG0x3131e40x4cdataEnglishUnited States0.8289473684210527
        RT_STRING0x3132300x234dataEnglishUnited States0.4645390070921986
        RT_STRING0x3134640x182dataEnglishUnited States0.5103626943005182
        RT_STRING0x3135e80x50dataEnglishUnited States0.7375
        RT_STRING0x3136380x9adataEnglishUnited States0.37662337662337664
        RT_STRING0x3136d40x2f6dataEnglishUnited States0.449868073878628
        RT_STRING0x3139cc0x5c0dataEnglishUnited States0.3498641304347826
        RT_STRING0x313f8c0x434dataEnglishUnited States0.32899628252788105
        RT_STRING0x3143c00x100dataEnglishUnited States0.5703125
        RT_STRING0x3144c00x484dataEnglishUnited States0.39186851211072665
        RT_STRING0x3149440x1eadataEnglishUnited States0.44081632653061226
        RT_STRING0x314b300x18adataEnglishUnited States0.5228426395939086
        RT_STRING0x314cbc0x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46254681647940077
        RT_STRING0x314ed40x624dataEnglishUnited States0.3575063613231552
        RT_STRING0x3154f80x660dataEnglishUnited States0.3474264705882353
        RT_STRING0x315b580x2e2dataEnglishUnited States0.4037940379403794
        RT_GROUP_ICON0x315e3c0x4cdataEnglishUnited States0.7763157894736842
        RT_VERSION0x315e880x36cdataEnglishUnited States0.430365296803653
        RT_HTML0x3161f40x3835ASCII text, with very long lines (443), with CRLF line terminatorsEnglishUnited States0.08298005420807561
        RT_HTML0x319a2c0x1316ASCII text, with CRLF line terminatorsEnglishUnited States0.18399508800654932
        RT_HTML0x31ad440x8c77HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.08081426068578103
        RT_HTML0x3239bc0x6acdHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10679931238798873
        RT_HTML0x32a48c0x6a2HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3486454652532391
        RT_HTML0x32ab300x104aHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.2170263788968825
        RT_HTML0x32bb7c0x15b1HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.17612101566720692
        RT_HTML0x32d1300x205cexported SGML document, ASCII text, with very long lines (659), with CRLF line terminatorsEnglishUnited States0.13604538870111058
        RT_HTML0x32f18c0x368dHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10834228428213391
        RT_MANIFEST0x33281c0x80fXML 1.0 document, ASCII text, with CRLF, LF line terminatorsEnglishUnited States0.40814348036839554

        Imports

        DLLImport
        KERNEL32.dllCreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, CreateEventExW, WaitForSingleObject, CreateProcessW, GetLastError, GetExitCodeProcess, SetEvent, RemoveDirectoryW, GetProcAddress, GetModuleHandleW, GetWindowsDirectoryW, CreateDirectoryW, GetTempPathW, GetTempFileNameW, MoveFileW, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, FindClose, FindFirstFileW, GetFullPathNameW, InitializeCriticalSection, lstrcpynW, CreateThread, LoadLibraryExW, GetCurrentProcess, Sleep, WideCharToMultiByte, GetDiskFreeSpaceExW, DecodePointer, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, GetFinalPathNameByHandleW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SetFileTime, SystemTimeToFileTime, MultiByteToWideChar, GetSystemInfo, WaitForMultipleObjects, GetVersionExW, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, LocalFree, LocalAlloc, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetEnvironmentStringsW, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetSystemDefaultLangID, GetUserDefaultLangID, GetLocalTime, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, CreateNamedPipeW, ConnectNamedPipe, TerminateThread, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, WaitForSingleObjectEx, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, CompareStringEx, GetCPInfo, GetSystemTimeAsFileTime, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetFileType, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, WriteConsoleW, GetProcessAffinityMask, GetModuleHandleA, GlobalMemoryStatus, ReleaseSemaphore, CreateSemaphoreW

        Possible Origin

        Language of compilation systemCountry where language is spokenMap
        EnglishUnited States