f2a5ffc4a176dc1beebac0b49e4db200ee48ff89468241cf096682282dcb434d

Analysis

max time kernel
150s
max time network
169s
platform
windows10_x64
resource
win10v20210408
submitted
27-07-2021 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SlidoSetup_v0.18.4.1921.exe
Size

141.9MB
MD5

762e5772b5d81188cc417a52ab87023b
SHA1

6c92e78f79e1dbf9367f36b7dc4092d819b628d2
SHA256

f2a5ffc4a176dc1beebac0b49e4db200ee48ff89468241cf096682282dcb434d
SHA512

7fa33a5c8b5356e9140f1880dac938d915f081b2bdec2f7f59c4d5406ca2edf45cd441ef6a6da523b5030f6a0b7b667d9cf169a2ca937b5e799ae5c967931fab

Score

10^/10

discovery persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs
persistence

Registry Run Keys / Startup Folder
T1060
Blocklisted process makes network request 3 IoCs

Processes:

msiexec.exerundll32.exe

flow pid process

15 1380 msiexec.exe
17 1380 msiexec.exe
19 3728 rundll32.exe
Executes dropped EXE 4 IoCs

Processes:

SlidoSetup_v0.18.4.1921.exeSlido.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid process

3724 SlidoSetup_v0.18.4.1921.exe
1180 Slido.exe
2392 CefSharp.BrowserSubprocess.exe
640 CefSharp.BrowserSubprocess.exe

flow	pid	process
15	1380	msiexec.exe
17	1380	msiexec.exe
19	3728	rundll32.exe

Loads dropped DLL 64 IoCs

Processes:

SlidoSetup_v0.18.4.1921.exeMsiExec.exerundll32.exeSlido.exe

pid	process
3724	SlidoSetup_v0.18.4.1921.exe
1112	MsiExec.exe
1112	MsiExec.exe
1112	MsiExec.exe
3728	rundll32.exe
3728	rundll32.exe
3728	rundll32.exe
3728	rundll32.exe
3728	rundll32.exe
3728	rundll32.exe
3728	rundll32.exe
1112	MsiExec.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

SlidoSetup_v0.18.4.1921.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce	SlidoSetup_v0.18.4.1921.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\{aa71af6b-bf52-41d3-949c-5be01396456f} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{aa71af6b-bf52-41d3-949c-5be01396456f}\\SlidoSetup_v0.18.4.1921.exe\" /burn.runonce"	SlidoSetup_v0.18.4.1921.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Drops file in Windows directory 16 IoCs

Processes:

msiexec.exerundll32.exe

description	ioc	process
File created	C:\Windows\Installer\f75132b.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6E70.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f75132b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI19D2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5D6DBDB1-2DD0-4426-ACFE-409525140E32}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2898.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5FF8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI443F.tmp	msiexec.exe
File created	C:\Windows\Installer\f75132e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5FF8.tmp-\SlidoMsiActions.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI5FF8.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI5FF8.tmp-\Newtonsoft.Json.dll	rundll32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5FF8.tmp-\CustomAction.config	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

POWERPNT.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

POWERPNT.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE

Modifies registry class 64 IoCs

Processes:

msiexec.exeSlidoSetup_v0.18.4.1921.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\ = "Slido.PowerPoint.Addin"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Slido.PowerPoint.SidebarTaskPane\CLSID\ = "{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{aa71af6b-bf52-41d3-949c-5be01396456f}\ = "{aa71af6b-bf52-41d3-949c-5be01396456f}"	SlidoSetup_v0.18.4.1921.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{aa71af6b-bf52-41d3-949c-5be01396456f}\DisplayName = "Slido for Windows"	SlidoSetup_v0.18.4.1921.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Slido.PowerPoint.Addin	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Slido.PowerPoint.Addin\CLSID\ = "{E17AF012-6848-454B-9DE2-2DF44C76A3EB}"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\ProgID\ = "Slido.PowerPoint.Addin"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\ = "mscoree.dll"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\ProgID\ = "Slido.PowerPoint.Addin"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\ = "Slido.PowerPoint.SidebarTaskPane"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{aa71af6b-bf52-41d3-949c-5be01396456f}\Version = "0.18.4.1921"	SlidoSetup_v0.18.4.1921.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{5D6DBDB1-2DD0-4426-ACFE-409525140E32}	SlidoSetup_v0.18.4.1921.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{5D6DBDB1-2DD0-4426-ACFE-409525140E32}\ = "{5D6DBDB1-2DD0-4426-ACFE-409525140E32}"	SlidoSetup_v0.18.4.1921.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\Implemented Categories	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{aa71af6b-bf52-41d3-949c-5be01396456f}	SlidoSetup_v0.18.4.1921.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\ProgID	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\Assembly = "SlidoAddin, Version=0.18.4.1921, Culture=neutral, PublicKeyToken=ab1e468d0a8942ff"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32\Class = "Slido.PowerPoint.Addin"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}\	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\Class = "Slido.PowerPoint.SidebarTaskPane"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\Implemented Categories	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\ProgID\ = "Slido.PowerPoint.SidebarTaskPane"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\CodeBase = "file:///C:\\Users\\Admin\\AppData\\Local\\Slido\\Slido for Windows\\SlidoAddin.dll"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\ = "Slido.PowerPoint.SidebarTaskPane"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32\ = "mscoree.dll"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\Assembly = "SlidoAddin, Version=0.18.4.1921, Culture=neutral, PublicKeyToken=ab1e468d0a8942ff"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32\Assembly = "SlidoAddin, Version=0.18.4.1921, Culture=neutral, PublicKeyToken=ab1e468d0a8942ff"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}\	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32\Assembly = "SlidoAddin, Version=0.18.4.1921, Culture=neutral, PublicKeyToken=ab1e468d0a8942ff"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Slido.PowerPoint.SidebarTaskPane	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\Class = "Slido.PowerPoint.SidebarTaskPane"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32\Class = "Slido.PowerPoint.Addin"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{aa71af6b-bf52-41d3-949c-5be01396456f}\Dependents\{aa71af6b-bf52-41d3-949c-5be01396456f}	SlidoSetup_v0.18.4.1921.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Slido.PowerPoint.Addin\CLSID	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}\	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies	SlidoSetup_v0.18.4.1921.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\InprocServer32\CodeBase = "file:///C:\\Users\\Admin\\AppData\\Local\\Slido\\Slido for Windows\\SlidoAddin.dll"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\ProgID	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{aa71af6b-bf52-41d3-949c-5be01396456f}\Dependents	SlidoSetup_v0.18.4.1921.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\WOW6432Node\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\CodeBase = "file:///C:\\Users\\Admin\\AppData\\Local\\Slido\\Slido for Windows\\SlidoAddin.dll"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Slido.PowerPoint.Addin\ = "Slido.PowerPoint.Addin"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\ = "Slido.PowerPoint.Addin"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{E17AF012-6848-454B-9DE2-2DF44C76A3EB}\Implemented Categories	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{68ABB5C8-D4CA-4795-8385-DF1EC13A46C4}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{5D6DBDB1-2DD0-4426-ACFE-409525140E32}\Version = "0.18.4"	SlidoSetup_v0.18.4.1921.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Installer\Dependencies\{5D6DBDB1-2DD0-4426-ACFE-409525140E32}\DisplayName = "Slido for Windows 64-bit"	SlidoSetup_v0.18.4.1921.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

POWERPNT.EXE

pid process

2164 POWERPNT.EXE

pid	process
2164	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msiexec.exeMsiExec.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
1380	msiexec.exe
1380	msiexec.exe
1112	MsiExec.exe
1112	MsiExec.exe
2392	CefSharp.BrowserSubprocess.exe
2392	CefSharp.BrowserSubprocess.exe
2392	CefSharp.BrowserSubprocess.exe
2392	CefSharp.BrowserSubprocess.exe
640	CefSharp.BrowserSubprocess.exe
640	CefSharp.BrowserSubprocess.exe
640	CefSharp.BrowserSubprocess.exe
640	CefSharp.BrowserSubprocess.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

SlidoSetup_v0.18.4.1921.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeIncreaseQuotaPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeSecurityPrivilege	1380	msiexec.exe
Token: SeCreateTokenPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeAssignPrimaryTokenPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeLockMemoryPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeIncreaseQuotaPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeMachineAccountPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeTcbPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeSecurityPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeTakeOwnershipPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeLoadDriverPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeSystemProfilePrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeSystemtimePrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeProfSingleProcessPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeIncBasePriorityPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeCreatePagefilePrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeCreatePermanentPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeBackupPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeRestorePrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeShutdownPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeDebugPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeAuditPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeSystemEnvironmentPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeChangeNotifyPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeRemoteShutdownPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeUndockPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeSyncAgentPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeEnableDelegationPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeManageVolumePrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeImpersonatePrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeCreateGlobalPrivilege	3724	SlidoSetup_v0.18.4.1921.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe
Token: SeRestorePrivilege	1380	msiexec.exe
Token: SeTakeOwnershipPrivilege	1380	msiexec.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

SlidoSetup_v0.18.4.1921.exeSlido.exe

pid process

3724 SlidoSetup_v0.18.4.1921.exe
1180 Slido.exe
1180 Slido.exe
1180 Slido.exe
1180 Slido.exe
1180 Slido.exe
1180 Slido.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

Slido.exe

pid process

1180 Slido.exe
1180 Slido.exe
1180 Slido.exe
1180 Slido.exe
1180 Slido.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

POWERPNT.EXE

pid process

2164 POWERPNT.EXE
2164 POWERPNT.EXE
2164 POWERPNT.EXE
2164 POWERPNT.EXE

pid	process
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe
1180	Slido.exe

pid	process
2164	POWERPNT.EXE
2164	POWERPNT.EXE
2164	POWERPNT.EXE
2164	POWERPNT.EXE

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

SlidoSetup_v0.18.4.1921.exemsiexec.exeMsiExec.exeSlido.exePOWERPNT.EXE

description	pid	process	target process
PID 648 wrote to memory of 3724	648	SlidoSetup_v0.18.4.1921.exe	SlidoSetup_v0.18.4.1921.exe
PID 648 wrote to memory of 3724	648	SlidoSetup_v0.18.4.1921.exe	SlidoSetup_v0.18.4.1921.exe
PID 648 wrote to memory of 3724	648	SlidoSetup_v0.18.4.1921.exe	SlidoSetup_v0.18.4.1921.exe
PID 1380 wrote to memory of 1112	1380	msiexec.exe	MsiExec.exe
PID 1380 wrote to memory of 1112	1380	msiexec.exe	MsiExec.exe
PID 1380 wrote to memory of 1112	1380	msiexec.exe	MsiExec.exe
PID 1112 wrote to memory of 3728	1112	MsiExec.exe	rundll32.exe
PID 1112 wrote to memory of 3728	1112	MsiExec.exe	rundll32.exe
PID 1112 wrote to memory of 3728	1112	MsiExec.exe	rundll32.exe
PID 1180 wrote to memory of 2164	1180	Slido.exe	POWERPNT.EXE
PID 1180 wrote to memory of 2164	1180	Slido.exe	POWERPNT.EXE
PID 1180 wrote to memory of 2164	1180	Slido.exe	POWERPNT.EXE
PID 2164 wrote to memory of 2392	2164	POWERPNT.EXE	CefSharp.BrowserSubprocess.exe
PID 2164 wrote to memory of 2392	2164	POWERPNT.EXE	CefSharp.BrowserSubprocess.exe
PID 2164 wrote to memory of 640	2164	POWERPNT.EXE	CefSharp.BrowserSubprocess.exe
PID 2164 wrote to memory of 640	2164	POWERPNT.EXE	CefSharp.BrowserSubprocess.exe

C:\Users\Admin\AppData\Local\Temp\SlidoSetup_v0.18.4.1921.exe
"C:\Users\Admin\AppData\Local\Temp\SlidoSetup_v0.18.4.1921.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:648

C:\Windows\Temp\{6E22F2A1-AAA2-4A7B-8689-DE80CEA0916D}\.cr\SlidoSetup_v0.18.4.1921.exe
"C:\Windows\Temp\{6E22F2A1-AAA2-4A7B-8689-DE80CEA0916D}\.cr\SlidoSetup_v0.18.4.1921.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\SlidoSetup_v0.18.4.1921.exe" -burn.filehandle.attached=552 -burn.filehandle.self=592
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3724

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1380

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 2DE3962CFB7A8543AFD8EE3C5C154CED
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI5FF8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259350515 13 SlidoMsiActions!Slido.CustomActions.LogTelemetry
3⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in Windows directory
PID:3728

C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Slido.exe
"C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Slido.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE" /B
2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164

C:\Users\Admin\AppData\Local\Slido\Slido for Windows\x64\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Local\Slido\Slido for Windows\x64\CefSharp.BrowserSubprocess.exe" --type=gpu-process --field-trial-handle=4840,2303468960721329115,124842504983095659,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Slido\Slido for Windows\logs\chromium-addin_0727.log" --log-severity=info --user-agent="Slido for Windows/win/0.18.4.1921" --lang=en-US --cefsharpexitsub --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --log-file="C:\Users\Admin\AppData\Local\Slido\Slido for Windows\logs\chromium-addin_0727.log" --mojo-platform-channel-handle=5148 /prefetch:2 --host-process-id=2164
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2392

C:\Users\Admin\AppData\Local\Slido\Slido for Windows\x64\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Local\Slido\Slido for Windows\x64\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=4840,2303468960721329115,124842504983095659,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=none --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Slido\Slido for Windows\logs\chromium-addin_0727.log" --log-severity=info --user-agent="Slido for Windows/win/0.18.4.1921" --lang=en-US --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Local\Slido\Slido for Windows\logs\chromium-addin_0727.log" --mojo-platform-channel-handle=5648 /prefetch:8 --host-process-id=2164
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:640

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Package Cache\{5D6DBDB1-2DD0-4426-ACFE-409525140E32}v0.18.4\Cefx64.cab
MD5
788897e3d37314c31fa24f7b81c52a11

SHA1
9e9951ee84aa7d9fef37907b9e2f87a87cf2443e

SHA256
3eb428f8ecf1249ad9041be5103a71132a6564efb585cce727c4f313d77f9662

SHA512
4d4738229ab441add26ab69fdcd06c9a93c0e05fed6c85978a94a7349f4f21cc7d89d3ad0653eaaaa0f5aa1b4947c434d5087b87ce2fd61bb4cb1c74a9c5225c

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\{5D6DBDB1-2DD0-4426-ACFE-409525140E32}v0.18.4\Cefx86.cab
MD5
121fe880e2925b61dc0ac8852abcb620

SHA1
63fa376ec61e6d2b2945352158f8f4e0d1a6f12a

SHA256
f3a72892961593142803e0931d4a0ceec94a9a28e0c2fe37d6e1c419873da0cd

SHA512
9bb280ee830cd12a0b9d407b45874e8a519c5fb58a759d61f94d1d96bd70884aaf53c61e05eabdb9bbbd9061495260a85a8c278ee88e8841cd1a720302e813d2

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\{5D6DBDB1-2DD0-4426-ACFE-409525140E32}v0.18.4\Data.cab
MD5
59964b8f682c4710f580318dd0ddb2fc

SHA1
1d6daa2420ea0efd9b0848473a7db516bae53fdb

SHA256
37ee75fa28e3fa008c149dc0f649dbcb82446fb4587e801c112239a42a6feabb

SHA512
a4ab24c34f19eb3241f58b1b859d9be559a478dd186b00a0b2b32b963f2c6ab80e75f01bb12157672763bd898b7156d8a653658c86cda8b5c283222388cb8c59

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\{5D6DBDB1-2DD0-4426-ACFE-409525140E32}v0.18.4\Slido_x64.msi
MD5
900c9a60aa3cdbfdcbe067a87025e71c

SHA1
964698cb284ce903f17a6bcfe778a8461aa4c536

SHA256
00117408f4b360c08753ea426dd789f01d9f073a5b76d0985d15f43f36a27bb1

SHA512
db1082dc9bff2f565ae44528ece6e6db3f9cb93c5c2efbb16486b77393acaaffe6e9c2b52032266e871151cf4a8f1d9c2724584129eedfc1864c202ee9c307dc

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\CommandLine.dll
MD5
d788b7dedb2e07ab596569360fcd3154

SHA1
3fee00542701ea636c8a4db60e96856cfe4deb39

SHA256
26af31165dbf6af3864609df7834a06404e6cfbd8905ba202e0a0bb921326d57

SHA512
1e83c8e64a63046d1c0a620c088ccba5e7205539b249dc814b59a0360bd06dadd66d6d1e4b0b494c574d311fca1103011691453d910cf32b6092dd8f492dc8d2

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\GalaSoft.MvvmLight.Platform.dll
MD5
5b958b4229538ac23099ce9ed6f37de4

SHA1
32cd46e39c4f6334d28788d5e3afaa19d4fd1041

SHA256
2a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573

SHA512
87b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\GalaSoft.MvvmLight.dll
MD5
af04687248da9e95a7ff65ab538d0bcf

SHA1
7511184300e2b6f70bc92333392386a812b2dabf

SHA256
b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

SHA512
a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Sentry.Serilog.dll
MD5
95da4cb49c4157663aaefd96a3be9539

SHA1
879d6723259f4bc16f723d0ad4dd7152e509e92a

SHA256
4a4e1a38b3b42ad78eb39a0c4d6f3f8cf038dce4a04ac2ccd03bc60e0891dc43

SHA512
1906741fa4ea9cb9cd52fa512397dde7131fe6b3d826a1aada36f4d5d15cb662c21a29a5c964f720f0942a3210c3281d8ee3c579398e766017993a32e73af8e1

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Sentry.dll
MD5
bdda4ffb9edb01257b3d5bc0a1a4d7bd

SHA1
a94e33d138aa0c2dd54f8d4d0ea7f3e28dad9ee5

SHA256
91abd801337f08cc0a2cd4b17691f3bccba998f4bbdc6884259d30d453f50a7f

SHA512
d68d6f5c87bdc623538f3ee1fff94c07a0ad850c0a0e504c03b4a51a8ff262c27b391b311e3357641e9aa4737677c7e5b05df57980bc5034802e67e6c8bcb0f8

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.Enrichers.Thread.dll
MD5
9fae7afcf4d369419fc71fba344bebbf

SHA1
f4cdd2b2febda44ef07be542b9e6c52cdf3e5f8e

SHA256
9f85fbbe1d6cf5409c0cf489d27d6d7eaaf287318c09377a7bba7bde57113cc9

SHA512
9387fd20f67e196909bdbcf80b23dbc85c8c64759f3d977515c9179b121c4efffc5dcd2421f9ddf7fdfc6652ea4469bfa361bde6ff45cfd7b307cdae813249b0

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.Sinks.File.dll
MD5
4c2b0737d9a73da09172d3c210b0265d

SHA1
a35a98ec72154cc1d112f46bd177a7f043dbcd46

SHA256
6d8d84c9c14201674d9a309f51e952cf148ad33cdb66507d9677ebf1b1e4432b

SHA512
c605bef0a7caa12b0d7c47564c3a214ea1db40f901dfdc4c5b35bf73610a5d9030b67e495b409a79c76ad5ec6ef9962cd56c050c51883a3151d34931a8361aa8

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.Sinks.PeriodicBatching.dll
MD5
31aa4d2a3d3c644085523a624a899a1c

SHA1
30f63a962d5ba6ef40940b28079e2900cff40aed

SHA256
a6dba346014537e83f0e89e5fef607670c3417e0fcef4c9b3d5a054a051a8256

SHA512
d3cd1d80ce680e62e15a449a854db1ff5b4a3199476abbb9b40d5d9aa83d42faca014513647740cfe2a2a260debe74459925ad63bc0647b11d05efaaabf53454

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.dll
MD5
0aa45a8a1cd24cd2b589e4aad925f35d

SHA1
0dc29954c4c2ffea4c33af0e56ce84158849b81e

SHA256
7a26a473af5eb7a00196e275c86d773f36e1d4caef566f97f1df7e07e20b1670

SHA512
7a865b16633c09bdecda34fdf15c62db4f04f2fb8db0abf57563aea51de67daf9eca0c08f053f551937a0c3c7987a53de2454ecb13139a193291633df7262981

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Slido.exe
MD5
3c03a933e1757aadf653a5140ce5c2f5

SHA1
7dd00a367a089c32db5f3d5a32a8a9f4ad75a968

SHA256
ba6d81404095c445cb37c24ade9afdcd36aaa1e9f859fb0719306cd92bddfefa

SHA512
cc9efa16c5bba9a281d1eff679a71ef25b835bbe8397afebcd44955560c8bb39bb41d2a8d795a71abdb23e6b238fae286b64b0be3cf9d242768af7004f642ca4

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Slido.exe
MD5
3c03a933e1757aadf653a5140ce5c2f5

SHA1
7dd00a367a089c32db5f3d5a32a8a9f4ad75a968

SHA256
ba6d81404095c445cb37c24ade9afdcd36aaa1e9f859fb0719306cd92bddfefa

SHA512
cc9efa16c5bba9a281d1eff679a71ef25b835bbe8397afebcd44955560c8bb39bb41d2a8d795a71abdb23e6b238fae286b64b0be3cf9d242768af7004f642ca4

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\Slido.exe.config
MD5
c1444f7ada2aee43ed8e12ec352f3805

SHA1
5e87e6dce33bf41a9903d2ea011e27759c299bbc

SHA256
06b64a6a68b106a4157d30f9fa548780a3c7f703744199f99dc934f1c8db6405

SHA512
b308ad44f040ee59638d95c8c77698d802df8c14957fcf77c59a7ed1526587ec1dfdfc90ff511853f5e2448803a790fa8ebc44408d4e25c5ea5a81ff3bdcfe49

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\SlidoCore.dll
MD5
5836490b4b4eac5f39c8a7dd7f410646

SHA1
4b8b4670cf75bf7572f8cd05e58585256a63a256

SHA256
fbc2af7581db5b762757e3ffcdc5d2905ea22c4d9d3c3b7331077a020d832a0e

SHA512
390c35a7903582621e279e9da475eae8caca2d86a82ca8115f947696535737e0ca762bcab45327c9e5ab6a8e94b2cc581fbb8e41783b07923bf47d090416cfb2

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\System.Collections.dll
MD5
1d8aafeca1ea565b257384d3f64864b0

SHA1
4d923b100142afa2e0a8b7acdb3a6de6feb91148

SHA256
c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707

SHA512
99e4a226e1fabb348e7ef7c6fa56ad0ce4e4cf5d8569ce21881703dca8d83a1c113fd5f440a4fc9e9b99a04ae8cf4490e17d62ffc09cfac5a45678a4419efdbb

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\System.ObjectModel.dll
MD5
55d9528d161567a19dbb71244b3ae3ce

SHA1
8a2fb74cf11719708774fc378d8b5bfcc541c986

SHA256
870ee1141cb61abfce44507e39bfdd734f2335e34d89ecfffb13838195a6b936

SHA512
5338b067297b8cb157c5389d79d0440a6492841c85794ea15b805b5f71cfed445efa9099c95e5bdef8cf3902a6b10f032bfc356b0598dde4f89fa5b349737907

Download Submit
C:\Users\Admin\AppData\Local\Slido\Slido for Windows\System.Runtime.dll
MD5
0e35085c130d2d91e5241334be7ef0da

SHA1
fd622ade5cae26353a22b6fa50a83669b72b6c41

SHA256
50ad612d4cf6113de26b2870da099c4817f59e64a2da98f05803b4a2e2304919

SHA512
2498811f4aac308cdc55c3406bea4fef5dc9e6f23559b09fb181f7447474ef586f00038282ddc39c241490b5dc2bca7f41f19bd3e1bb00890da29df6489bb151

Download Submit
C:\Users\Admin\AppData\Local\Temp\Slido_for_Windows_20210727043146_000_SlidoMsi_x64.log
MD5
b7ef711da2d6e1827455b213c8d721ed

SHA1
ce5b7b0aa0225c5d53135421a7a23489ebbdce25

SHA256
ab4010da3e86589464232b58e3f68603e43fb3420f2354498b9362613460b5ed

SHA512
4363323944b0697c6f045e6b79e1724a84c8db8a1f38d14fc18c058c89f3847be5cd9c117ddb5f7e5fbed5cd89f6ace8a446342bc43c7a10a0d5631026945aeb

Download Submit
C:\Windows\Installer\MSI19D2.tmp
MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI443F.tmp
MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI5FF8.tmp
MD5
7f4bf0f6d6dcc28410ffaf2a47836c99

SHA1
755cb4b55d9b92fe763480cd5deb6a91786ee2dc

SHA256
d8b65352c24123890a8630c1139fced32c5138f86137a957d179d3c8dc7e42f5

SHA512
60a52f35b3207782bb926ebda4155388265b51513086dea9e0332f522796943bf7017f9b0df9495ce16ab525cfe2122a5cd9e87ee90780df6a7bc688dee231e0

Download Submit
C:\Windows\Installer\MSI6E70.tmp
MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Temp\{6E22F2A1-AAA2-4A7B-8689-DE80CEA0916D}\.cr\SlidoSetup_v0.18.4.1921.exe
MD5
e43ab97eb38f0d19a2ab489b09fb6a60

SHA1
10aa8363ac4a8a7ce0766f1c5e6149c290c27345

SHA256
186dba6100f2d033ac4b425ad570a51a1e58b72d15a4aaa4d6612ff8e3264ec1

SHA512
404f37fea3a7b97e39e12b940e934a81d83d417682a1b84e3249aacf3812125edec7f0bb762e8e9015e8732e6eece6340eb55d6c94e142c35bd093dffa8c35df

Download Submit
C:\Windows\Temp\{6E22F2A1-AAA2-4A7B-8689-DE80CEA0916D}\.cr\SlidoSetup_v0.18.4.1921.exe
MD5
e43ab97eb38f0d19a2ab489b09fb6a60

SHA1
10aa8363ac4a8a7ce0766f1c5e6149c290c27345

SHA256
186dba6100f2d033ac4b425ad570a51a1e58b72d15a4aaa4d6612ff8e3264ec1

SHA512
404f37fea3a7b97e39e12b940e934a81d83d417682a1b84e3249aacf3812125edec7f0bb762e8e9015e8732e6eece6340eb55d6c94e142c35bd093dffa8c35df

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\CommandLine.dll
MD5
d788b7dedb2e07ab596569360fcd3154

SHA1
3fee00542701ea636c8a4db60e96856cfe4deb39

SHA256
26af31165dbf6af3864609df7834a06404e6cfbd8905ba202e0a0bb921326d57

SHA512
1e83c8e64a63046d1c0a620c088ccba5e7205539b249dc814b59a0360bd06dadd66d6d1e4b0b494c574d311fca1103011691453d910cf32b6092dd8f492dc8d2

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\CommandLine.dll
MD5
d788b7dedb2e07ab596569360fcd3154

SHA1
3fee00542701ea636c8a4db60e96856cfe4deb39

SHA256
26af31165dbf6af3864609df7834a06404e6cfbd8905ba202e0a0bb921326d57

SHA512
1e83c8e64a63046d1c0a620c088ccba5e7205539b249dc814b59a0360bd06dadd66d6d1e4b0b494c574d311fca1103011691453d910cf32b6092dd8f492dc8d2

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\GalaSoft.MvvmLight.Platform.dll
MD5
5b958b4229538ac23099ce9ed6f37de4

SHA1
32cd46e39c4f6334d28788d5e3afaa19d4fd1041

SHA256
2a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573

SHA512
87b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\GalaSoft.MvvmLight.Platform.dll
MD5
5b958b4229538ac23099ce9ed6f37de4

SHA1
32cd46e39c4f6334d28788d5e3afaa19d4fd1041

SHA256
2a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573

SHA512
87b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\GalaSoft.MvvmLight.dll
MD5
af04687248da9e95a7ff65ab538d0bcf

SHA1
7511184300e2b6f70bc92333392386a812b2dabf

SHA256
b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

SHA512
a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\GalaSoft.MvvmLight.dll
MD5
af04687248da9e95a7ff65ab538d0bcf

SHA1
7511184300e2b6f70bc92333392386a812b2dabf

SHA256
b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

SHA512
a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Sentry.Serilog.dll
MD5
95da4cb49c4157663aaefd96a3be9539

SHA1
879d6723259f4bc16f723d0ad4dd7152e509e92a

SHA256
4a4e1a38b3b42ad78eb39a0c4d6f3f8cf038dce4a04ac2ccd03bc60e0891dc43

SHA512
1906741fa4ea9cb9cd52fa512397dde7131fe6b3d826a1aada36f4d5d15cb662c21a29a5c964f720f0942a3210c3281d8ee3c579398e766017993a32e73af8e1

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Sentry.Serilog.dll
MD5
95da4cb49c4157663aaefd96a3be9539

SHA1
879d6723259f4bc16f723d0ad4dd7152e509e92a

SHA256
4a4e1a38b3b42ad78eb39a0c4d6f3f8cf038dce4a04ac2ccd03bc60e0891dc43

SHA512
1906741fa4ea9cb9cd52fa512397dde7131fe6b3d826a1aada36f4d5d15cb662c21a29a5c964f720f0942a3210c3281d8ee3c579398e766017993a32e73af8e1

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Sentry.dll
MD5
bdda4ffb9edb01257b3d5bc0a1a4d7bd

SHA1
a94e33d138aa0c2dd54f8d4d0ea7f3e28dad9ee5

SHA256
91abd801337f08cc0a2cd4b17691f3bccba998f4bbdc6884259d30d453f50a7f

SHA512
d68d6f5c87bdc623538f3ee1fff94c07a0ad850c0a0e504c03b4a51a8ff262c27b391b311e3357641e9aa4737677c7e5b05df57980bc5034802e67e6c8bcb0f8

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Sentry.dll
MD5
bdda4ffb9edb01257b3d5bc0a1a4d7bd

SHA1
a94e33d138aa0c2dd54f8d4d0ea7f3e28dad9ee5

SHA256
91abd801337f08cc0a2cd4b17691f3bccba998f4bbdc6884259d30d453f50a7f

SHA512
d68d6f5c87bdc623538f3ee1fff94c07a0ad850c0a0e504c03b4a51a8ff262c27b391b311e3357641e9aa4737677c7e5b05df57980bc5034802e67e6c8bcb0f8

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.Enrichers.Thread.dll
MD5
9fae7afcf4d369419fc71fba344bebbf

SHA1
f4cdd2b2febda44ef07be542b9e6c52cdf3e5f8e

SHA256
9f85fbbe1d6cf5409c0cf489d27d6d7eaaf287318c09377a7bba7bde57113cc9

SHA512
9387fd20f67e196909bdbcf80b23dbc85c8c64759f3d977515c9179b121c4efffc5dcd2421f9ddf7fdfc6652ea4469bfa361bde6ff45cfd7b307cdae813249b0

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.Enrichers.Thread.dll
MD5
9fae7afcf4d369419fc71fba344bebbf

SHA1
f4cdd2b2febda44ef07be542b9e6c52cdf3e5f8e

SHA256
9f85fbbe1d6cf5409c0cf489d27d6d7eaaf287318c09377a7bba7bde57113cc9

SHA512
9387fd20f67e196909bdbcf80b23dbc85c8c64759f3d977515c9179b121c4efffc5dcd2421f9ddf7fdfc6652ea4469bfa361bde6ff45cfd7b307cdae813249b0

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.Sinks.File.dll
MD5
4c2b0737d9a73da09172d3c210b0265d

SHA1
a35a98ec72154cc1d112f46bd177a7f043dbcd46

SHA256
6d8d84c9c14201674d9a309f51e952cf148ad33cdb66507d9677ebf1b1e4432b

SHA512
c605bef0a7caa12b0d7c47564c3a214ea1db40f901dfdc4c5b35bf73610a5d9030b67e495b409a79c76ad5ec6ef9962cd56c050c51883a3151d34931a8361aa8

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.Sinks.File.dll
MD5
4c2b0737d9a73da09172d3c210b0265d

SHA1
a35a98ec72154cc1d112f46bd177a7f043dbcd46

SHA256
6d8d84c9c14201674d9a309f51e952cf148ad33cdb66507d9677ebf1b1e4432b

SHA512
c605bef0a7caa12b0d7c47564c3a214ea1db40f901dfdc4c5b35bf73610a5d9030b67e495b409a79c76ad5ec6ef9962cd56c050c51883a3151d34931a8361aa8

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.Sinks.PeriodicBatching.dll
MD5
31aa4d2a3d3c644085523a624a899a1c

SHA1
30f63a962d5ba6ef40940b28079e2900cff40aed

SHA256
a6dba346014537e83f0e89e5fef607670c3417e0fcef4c9b3d5a054a051a8256

SHA512
d3cd1d80ce680e62e15a449a854db1ff5b4a3199476abbb9b40d5d9aa83d42faca014513647740cfe2a2a260debe74459925ad63bc0647b11d05efaaabf53454

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.dll
MD5
0aa45a8a1cd24cd2b589e4aad925f35d

SHA1
0dc29954c4c2ffea4c33af0e56ce84158849b81e

SHA256
7a26a473af5eb7a00196e275c86d773f36e1d4caef566f97f1df7e07e20b1670

SHA512
7a865b16633c09bdecda34fdf15c62db4f04f2fb8db0abf57563aea51de67daf9eca0c08f053f551937a0c3c7987a53de2454ecb13139a193291633df7262981

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\Serilog.dll
MD5
0aa45a8a1cd24cd2b589e4aad925f35d

SHA1
0dc29954c4c2ffea4c33af0e56ce84158849b81e

SHA256
7a26a473af5eb7a00196e275c86d773f36e1d4caef566f97f1df7e07e20b1670

SHA512
7a865b16633c09bdecda34fdf15c62db4f04f2fb8db0abf57563aea51de67daf9eca0c08f053f551937a0c3c7987a53de2454ecb13139a193291633df7262981

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\SlidoCore.dll
MD5
5836490b4b4eac5f39c8a7dd7f410646

SHA1
4b8b4670cf75bf7572f8cd05e58585256a63a256

SHA256
fbc2af7581db5b762757e3ffcdc5d2905ea22c4d9d3c3b7331077a020d832a0e

SHA512
390c35a7903582621e279e9da475eae8caca2d86a82ca8115f947696535737e0ca762bcab45327c9e5ab6a8e94b2cc581fbb8e41783b07923bf47d090416cfb2

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\SlidoCore.dll
MD5
5836490b4b4eac5f39c8a7dd7f410646

SHA1
4b8b4670cf75bf7572f8cd05e58585256a63a256

SHA256
fbc2af7581db5b762757e3ffcdc5d2905ea22c4d9d3c3b7331077a020d832a0e

SHA512
390c35a7903582621e279e9da475eae8caca2d86a82ca8115f947696535737e0ca762bcab45327c9e5ab6a8e94b2cc581fbb8e41783b07923bf47d090416cfb2

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\System.Collections.dll
MD5
1d8aafeca1ea565b257384d3f64864b0

SHA1
4d923b100142afa2e0a8b7acdb3a6de6feb91148

SHA256
c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707

SHA512
99e4a226e1fabb348e7ef7c6fa56ad0ce4e4cf5d8569ce21881703dca8d83a1c113fd5f440a4fc9e9b99a04ae8cf4490e17d62ffc09cfac5a45678a4419efdbb

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\System.Collections.dll
MD5
1d8aafeca1ea565b257384d3f64864b0

SHA1
4d923b100142afa2e0a8b7acdb3a6de6feb91148

SHA256
c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707

SHA512
99e4a226e1fabb348e7ef7c6fa56ad0ce4e4cf5d8569ce21881703dca8d83a1c113fd5f440a4fc9e9b99a04ae8cf4490e17d62ffc09cfac5a45678a4419efdbb

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\System.ObjectModel.dll
MD5
55d9528d161567a19dbb71244b3ae3ce

SHA1
8a2fb74cf11719708774fc378d8b5bfcc541c986

SHA256
870ee1141cb61abfce44507e39bfdd734f2335e34d89ecfffb13838195a6b936

SHA512
5338b067297b8cb157c5389d79d0440a6492841c85794ea15b805b5f71cfed445efa9099c95e5bdef8cf3902a6b10f032bfc356b0598dde4f89fa5b349737907

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\System.ObjectModel.dll
MD5
55d9528d161567a19dbb71244b3ae3ce

SHA1
8a2fb74cf11719708774fc378d8b5bfcc541c986

SHA256
870ee1141cb61abfce44507e39bfdd734f2335e34d89ecfffb13838195a6b936

SHA512
5338b067297b8cb157c5389d79d0440a6492841c85794ea15b805b5f71cfed445efa9099c95e5bdef8cf3902a6b10f032bfc356b0598dde4f89fa5b349737907

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\System.Runtime.dll
MD5
0e35085c130d2d91e5241334be7ef0da

SHA1
fd622ade5cae26353a22b6fa50a83669b72b6c41

SHA256
50ad612d4cf6113de26b2870da099c4817f59e64a2da98f05803b4a2e2304919

SHA512
2498811f4aac308cdc55c3406bea4fef5dc9e6f23559b09fb181f7447474ef586f00038282ddc39c241490b5dc2bca7f41f19bd3e1bb00890da29df6489bb151

Download Submit
\Users\Admin\AppData\Local\Slido\Slido for Windows\System.Runtime.dll
MD5
0e35085c130d2d91e5241334be7ef0da

SHA1
fd622ade5cae26353a22b6fa50a83669b72b6c41

SHA256
50ad612d4cf6113de26b2870da099c4817f59e64a2da98f05803b4a2e2304919

SHA512
2498811f4aac308cdc55c3406bea4fef5dc9e6f23559b09fb181f7447474ef586f00038282ddc39c241490b5dc2bca7f41f19bd3e1bb00890da29df6489bb151

Download Submit
\Windows\Installer\MSI19D2.tmp
MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
\Windows\Installer\MSI443F.tmp
MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
\Windows\Installer\MSI5FF8.tmp
MD5
7f4bf0f6d6dcc28410ffaf2a47836c99

SHA1
755cb4b55d9b92fe763480cd5deb6a91786ee2dc

SHA256
d8b65352c24123890a8630c1139fced32c5138f86137a957d179d3c8dc7e42f5

SHA512
60a52f35b3207782bb926ebda4155388265b51513086dea9e0332f522796943bf7017f9b0df9495ce16ab525cfe2122a5cd9e87ee90780df6a7bc688dee231e0

Download Submit
\Windows\Installer\MSI5FF8.tmp
MD5
7f4bf0f6d6dcc28410ffaf2a47836c99

SHA1
755cb4b55d9b92fe763480cd5deb6a91786ee2dc

SHA256
d8b65352c24123890a8630c1139fced32c5138f86137a957d179d3c8dc7e42f5

SHA512
60a52f35b3207782bb926ebda4155388265b51513086dea9e0332f522796943bf7017f9b0df9495ce16ab525cfe2122a5cd9e87ee90780df6a7bc688dee231e0

Download Submit
\Windows\Installer\MSI5FF8.tmp-\Microsoft.Deployment.WindowsInstaller.dll
MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Windows\Installer\MSI5FF8.tmp-\Microsoft.Deployment.WindowsInstaller.dll
MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Windows\Installer\MSI5FF8.tmp-\Newtonsoft.Json.dll
MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
\Windows\Installer\MSI5FF8.tmp-\Newtonsoft.Json.dll
MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
\Windows\Installer\MSI5FF8.tmp-\SlidoMsiActions.dll
MD5
16b4427a40f84405ec4f8d81bbe29c5e

SHA1
1df46ca64563a2888fd9e490074a79a569f93f8e

SHA256
39994e94ddfef42e9bc3f913387236f1d9cf064ad5dc07a0bd96f0c397fc8f6f

SHA512
fc4e45035086ad83f0c86bd542fb820c4e8ae8e3fdd829502f7296b57c48980bd2f004022aa76afd2091194f54cf14caf2a3eed591cf6b03257ab57f90d69904

Download Submit
\Windows\Installer\MSI5FF8.tmp-\SlidoMsiActions.dll
MD5
16b4427a40f84405ec4f8d81bbe29c5e

SHA1
1df46ca64563a2888fd9e490074a79a569f93f8e

SHA256
39994e94ddfef42e9bc3f913387236f1d9cf064ad5dc07a0bd96f0c397fc8f6f

SHA512
fc4e45035086ad83f0c86bd542fb820c4e8ae8e3fdd829502f7296b57c48980bd2f004022aa76afd2091194f54cf14caf2a3eed591cf6b03257ab57f90d69904

Download Submit
\Windows\Installer\MSI6E70.tmp
MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
\Windows\Temp\{E6DCCCD9-63D5-4804-BC0F-46F6FF193C9D}\.ba\wixstdba.dll
MD5
675a6c8cdffb7547579a99f3f9e61ec4

SHA1
bc45ebe528a89a4f9c628e6872262f897cb13082

SHA256
5a4c3aabea817d9e2f58c8f9e651a6dc42ea680806fd78731eca2a8e6c92f0e3

SHA512
42e82abae52ea9fb1fe75bf910b6299ccf9b524a14d5ce49d3224ed9da53287e641714801697edcaab50ece1d97849cf5547e6e2310334a5f12ea250e7ca8443

Download Submit
memory/640-494-0x0000000000000000-mapping.dmp

Download
memory/640-537-0x000001F87E2C0000-0x000001F87E2C2000-memory.dmp

Filesize
8KB

Download
memory/1112-122-0x0000000000000000-mapping.dmp

Download
memory/1180-208-0x0000000005690000-0x0000000005691000-memory.dmp

Filesize
4KB

Download
memory/1180-228-0x00000000066A0000-0x00000000066A1000-memory.dmp

Filesize
4KB

Download
memory/1180-191-0x00000000055C0000-0x00000000055C1000-memory.dmp

Filesize
4KB

Download
memory/1180-183-0x00000000054A0000-0x00000000054A1000-memory.dmp

Filesize
4KB

Download
memory/1180-195-0x0000000005610000-0x0000000005611000-memory.dmp

Filesize
4KB

Download
memory/1180-237-0x0000000005450000-0x000000000594E000-memory.dmp

Filesize
5.0MB

Download
memory/1180-236-0x00000000095B0000-0x00000000095B1000-memory.dmp

Filesize
4KB

Download
memory/1180-196-0x0000000005450000-0x000000000594E000-memory.dmp

Filesize
5.0MB

Download
memory/1180-235-0x0000000009450000-0x0000000009451000-memory.dmp

Filesize
4KB

Download
memory/1180-200-0x0000000005670000-0x0000000005671000-memory.dmp

Filesize
4KB

Download
memory/1180-179-0x0000000005950000-0x0000000005951000-memory.dmp

Filesize
4KB

Download
memory/1180-178-0x0000000005340000-0x0000000005341000-memory.dmp

Filesize
4KB

Download
memory/1180-234-0x0000000008F00000-0x0000000008F01000-memory.dmp

Filesize
4KB

Download
memory/1180-174-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/1180-173-0x0000000005320000-0x0000000005321000-memory.dmp

Filesize
4KB

Download
memory/1180-204-0x0000000005680000-0x0000000005681000-memory.dmp

Filesize
4KB

Download
memory/1180-233-0x00000000075E0000-0x00000000075E1000-memory.dmp

Filesize
4KB

Download
memory/1180-169-0x0000000005310000-0x0000000005311000-memory.dmp

Filesize
4KB

Download
memory/1180-232-0x0000000006CD0000-0x0000000006CD1000-memory.dmp

Filesize
4KB

Download
memory/1180-165-0x00000000053B0000-0x00000000053B1000-memory.dmp

Filesize
4KB

Download
memory/1180-164-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/1180-212-0x0000000005710000-0x0000000005711000-memory.dmp

Filesize
4KB

Download
memory/1180-229-0x0000000005450000-0x000000000594E000-memory.dmp

Filesize
5.0MB

Download
memory/1180-187-0x0000000005490000-0x0000000005491000-memory.dmp

Filesize
4KB

Download
memory/1180-160-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/1180-215-0x00000000056C0000-0x00000000056C1000-memory.dmp

Filesize
4KB

Download
memory/1180-227-0x0000000006540000-0x0000000006541000-memory.dmp

Filesize
4KB

Download
memory/1180-216-0x00000000056D0000-0x00000000056D1000-memory.dmp

Filesize
4KB

Download
memory/1180-217-0x0000000006110000-0x0000000006111000-memory.dmp

Filesize
4KB

Download
memory/1180-218-0x00000000060D0000-0x00000000060D1000-memory.dmp

Filesize
4KB

Download
memory/1180-219-0x00000000060E0000-0x00000000060E1000-memory.dmp

Filesize
4KB

Download
memory/1180-220-0x0000000006380000-0x0000000006381000-memory.dmp

Filesize
4KB

Download
memory/1180-221-0x0000000006390000-0x0000000006391000-memory.dmp

Filesize
4KB

Download
memory/1180-222-0x00000000064F0000-0x00000000064F1000-memory.dmp

Filesize
4KB

Download
memory/1180-223-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/1180-224-0x0000000006510000-0x0000000006511000-memory.dmp

Filesize
4KB

Download
memory/1180-225-0x0000000006530000-0x0000000006531000-memory.dmp

Filesize
4KB

Download
memory/1180-226-0x0000000006550000-0x0000000006551000-memory.dmp

Filesize
4KB

Download
memory/2164-346-0x00000160CE090000-0x00000160CE091000-memory.dmp

Filesize
4KB

Download
memory/2164-434-0x00000160CF440000-0x00000160CF441000-memory.dmp

Filesize
4KB

Download
memory/2164-539-0x00000160CE473000-0x00000160CE475000-memory.dmp

Filesize
8KB

Download
memory/2164-538-0x00000160CE475000-0x00000160CE476000-memory.dmp

Filesize
4KB

Download
memory/2164-447-0x00000160CE472000-0x00000160CE473000-memory.dmp

Filesize
4KB

Download
memory/2164-354-0x00000160CE180000-0x00000160CE181000-memory.dmp

Filesize
4KB

Download
memory/2164-437-0x00000160CE470000-0x00000160CE472000-memory.dmp

Filesize
8KB

Download
memory/2164-352-0x00000160CE270000-0x00000160CE271000-memory.dmp

Filesize
4KB

Download
memory/2164-436-0x00000160CE1F0000-0x00000160CE1F1000-memory.dmp

Filesize
4KB

Download
memory/2164-238-0x0000000000000000-mapping.dmp

Download
memory/2164-239-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp

Filesize
64KB

Download
memory/2164-240-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp

Filesize
64KB

Download
memory/2164-241-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp

Filesize
64KB

Download
memory/2164-242-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp

Filesize
64KB

Download
memory/2164-244-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp

Filesize
64KB

Download
memory/2164-243-0x00007FFAE5230000-0x00007FFAE6E0D000-memory.dmp

Filesize
27.9MB

Download
memory/2164-247-0x00000160AA970000-0x00000160ABA5E000-memory.dmp

Filesize
16.9MB

Download
memory/2164-248-0x00007FFADF8A0000-0x00007FFAE1795000-memory.dmp

Filesize
31.0MB

Download
memory/2164-341-0x00000160B5DD0000-0x00000160B5DD1000-memory.dmp

Filesize
4KB

Download
memory/2164-344-0x00000160CE0E0000-0x00000160CE0E1000-memory.dmp

Filesize
4KB

Download
memory/2164-433-0x00000160CE200000-0x00000160CE201000-memory.dmp

Filesize
4KB

Download
memory/2164-432-0x00000160CE080000-0x00000160CE081000-memory.dmp

Filesize
4KB

Download
memory/2164-431-0x00000160CE070000-0x00000160CE071000-memory.dmp

Filesize
4KB

Download
memory/2164-426-0x00000160B5E30000-0x00000160B5E31000-memory.dmp

Filesize
4KB

Download
memory/2164-427-0x00000160CE040000-0x00000160CE041000-memory.dmp

Filesize
4KB

Download
memory/2164-428-0x00000160CE050000-0x00000160CE051000-memory.dmp

Filesize
4KB

Download
memory/2164-429-0x00000160CE1C0000-0x00000160CE1C1000-memory.dmp

Filesize
4KB

Download
memory/2164-430-0x00000160CE060000-0x00000160CE061000-memory.dmp

Filesize
4KB

Download
memory/2392-485-0x0000000000000000-mapping.dmp

Download
memory/2392-498-0x000001B69A0C0000-0x000001B69A0C2000-memory.dmp

Filesize
8KB

Download
memory/3724-114-0x0000000000000000-mapping.dmp

Download
memory/3728-145-0x00000000045A6000-0x00000000045A7000-memory.dmp

Filesize
4KB

Download
memory/3728-141-0x00000000045A0000-0x00000000045A1000-memory.dmp

Filesize
4KB

Download
memory/3728-142-0x00000000045A1000-0x00000000045A2000-memory.dmp

Filesize
4KB

Download
memory/3728-140-0x00000000069E0000-0x00000000069E1000-memory.dmp

Filesize
4KB

Download
memory/3728-144-0x00000000045A4000-0x00000000045A6000-memory.dmp

Filesize
8KB

Download
memory/3728-153-0x0000000006C40000-0x0000000006C41000-memory.dmp

Filesize
4KB

Download
memory/3728-134-0x0000000000000000-mapping.dmp

Download
memory/3728-152-0x0000000006AD0000-0x0000000006AD1000-memory.dmp

Filesize
4KB

Download
memory/3728-148-0x0000000006A10000-0x0000000006A11000-memory.dmp

Filesize
4KB

Download
memory/3728-143-0x00000000045A3000-0x00000000045A4000-memory.dmp

Filesize
4KB

Download