Edit tour

Windows Analysis Report
ActiveBarcode-Setup6.12.0.exe

Overview

General Information

Sample Name:ActiveBarcode-Setup6.12.0.exe
Analysis ID:1331375
MD5:7791a8a48af7782006dd4ccfad1cb14d
SHA1:ce90c961462da6e025ba7c074ef1538e28e3d82c
SHA256:cdcb9279fb747d04999c0c12476bfe38e7ae413365ff8eef9310c1be21d17078
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:20%

Compliance

Score:52
Range:0 - 100

Signatures

Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Drops PE files to the application program directory (C:\ProgramData)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Creates files inside the system directory
Stores files to the Windows start menu directory
Found dropped PE file which has not been started or loaded
Modifies existing windows services
Adds / modifies Windows certificates
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Queries keyboard layouts
Checks for available system drives (often done to infect USB drives)
Creates or modifies windows services

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample searches for specific file, try point organization specific fake files to the analysis machine
  • System is w10x64_ra
  • ActiveBarcode-Setup6.12.0.exe (PID: 5544 cmdline: C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exe MD5: 7791A8A48AF7782006DD4CCFAD1CB14D)
    • ActiveBarcode-Setup6.12.0.tmp (PID: 6300 cmdline: "C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp" /SL5="$5033A,35135642,121344,C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exe" MD5: D37F2C5CAC5747F6321F90C095DCE0FD)
      • vc_redist.x64.exe (PID: 6124 cmdline: "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe" /passive /norestart MD5: 45B47F4214DDC9F4782363A38504C9D2)
        • vc_redist.x64.exe (PID: 2916 cmdline: "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe" /passive /norestart -burn.unelevated BurnPipe.{4F78198D-CCF4-4BDA-B229-9F6ECD155586} {4F97EF20-8ED2-4EE3-ADE3-D632CD31AA0A} 6124 MD5: 45B47F4214DDC9F4782363A38504C9D2)
      • vc_redist.x86.exe (PID: 4612 cmdline: "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe" /passive /norestart MD5: A3CB49DAA1347FFE34B517F1A12F40AB)
        • vc_redist.x86.exe (PID: 4284 cmdline: "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe" /passive /norestart -burn.unelevated BurnPipe.{47F62FCB-416C-4BBB-9E18-CDA7A796F212} {D21067EF-2E64-4E1B-B04F-EE78644A74D1} 4612 MD5: A3CB49DAA1347FFE34B517F1A12F40AB)
      • msiexec.exe (PID: 6812 cmdline: "msiexec.exe" /i C:\Users\user\AppData\Local\Temp\is-483BE.tmp\ActiveBarcode.x86.msi MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • msiexec.exe (PID: 3416 cmdline: "msiexec.exe" /i C:\Users\user\AppData\Local\Temp\is-483BE.tmp\ActiveBarcode.x64.msi MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe (PID: 1180 cmdline: "C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe" /SILENT MD5: D567E7D9EB838A16C601E3E3CEA0C83F)
        • ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp (PID: 3192 cmdline: "C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp" /SL5="$A02C0,481838,121344,C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe" /SILENT MD5: A37C67C02D9C55EDCA3BD37B276A4ADA)
      • ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe (PID: 420 cmdline: "C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe" /SILENT MD5: 3EC4D0F37CDF888018A109816DEB41F2)
        • ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp (PID: 6072 cmdline: "C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp" /SL5="$902D2,361899,121344,C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe" /SILENT MD5: 509F520729C3E6EFEF76ACE2CE206D45)
      • ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe (PID: 5196 cmdline: "C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe" /SILENT MD5: 22EC2A1988C8789D3F9D3E97F6E76EA8)
        • ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp (PID: 3024 cmdline: "C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp" /SL5="$A02CE,385517,121344,C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe" /SILENT MD5: 0544949ED66EFF058CB7E1311C104CDD)
  • SrTasks.exe (PID: 5976 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1 MD5: 2694D2D28C368B921686FE567BD319EB)
    • conhost.exe (PID: 6444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • msiexec.exe (PID: 6112 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • SrTasks.exe (PID: 5292 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2 MD5: 2694D2D28C368B921686FE567BD319EB)
      • conhost.exe (PID: 5552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • SrTasks.exe (PID: 5824 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3 MD5: 2694D2D28C368B921686FE567BD319EB)
      • conhost.exe (PID: 4864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\ActiveBarcode\is-ISS3T.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Program Files (x86)\ActiveBarcode\is-LA3N5.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Program Files (x86)\ActiveBarcode\is-ISS3T.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        C:\Program Files (x86)\ActiveBarcode\is-LA3N5.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          No Sigma rule has matched
          No Snort rule has matched

          Click to jump to signature section

          Show All Signature Results

          There are no malicious signatures, click here to show all signatures.

          Compliance

          barindex
          Source: ActiveBarcode-Setup6.12.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1028\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1029\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1031\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1036\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1040\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1041\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1042\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1045\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1046\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1049\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1055\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\2052\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\3082\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1028\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1029\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1031\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1036\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1040\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1041\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1042\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1045\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1046\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1049\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1055\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\2052\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\3082\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\license.rtf
          Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C1970B8-6342-436C-8E50-FC580646FF4F}
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-0L1SE.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-T9O3C.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-DGE38.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-RJ6KU.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-K1U8I.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-KJCIU.tmp
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\ActiveBarcode
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\ActiveBarcode\ActiveXControl
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocx
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2023-10-24 #001.txt
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2023-10-24 #002.txt
          Source: ActiveBarcode-Setup6.12.0.exeStatic PE information: certificate valid
          Source: ActiveBarcode-Setup6.12.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:
          Source: C:\Windows\System32\SrTasks.exeFile opened: c:
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\NULL
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL
          Source: ActiveBarcode-Setup6.12.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\602eb1.msi
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\602eae.msi
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeSection loaded: tsappcmp.dll
          Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dll
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dll
          Source: C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exeFile read: C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exe
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
          Source: unknownProcess created: C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exe C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exe
          Source: C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp "C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp" /SL5="$5033A,35135642,121344,C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe" /passive /norestart
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeProcess created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe" /passive /norestart -burn.unelevated BurnPipe.{4F78198D-CCF4-4BDA-B229-9F6ECD155586} {4F97EF20-8ED2-4EE3-ADE3-D632CD31AA0A} 6124
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe" /passive /norestart
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeProcess created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe" /passive /norestart -burn.unelevated BurnPipe.{47F62FCB-416C-4BBB-9E18-CDA7A796F212} {D21067EF-2E64-4E1B-B04F-EE78644A74D1} 4612
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeProcess created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe" /passive /norestart -burn.unelevated BurnPipe.{4F78198D-CCF4-4BDA-B229-9F6ECD155586} {4F97EF20-8ED2-4EE3-ADE3-D632CD31AA0A} 6124
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeProcess created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe" /passive /norestart -burn.unelevated BurnPipe.{47F62FCB-416C-4BBB-9E18-CDA7A796F212} {D21067EF-2E64-4E1B-B04F-EE78644A74D1} 4612
          Source: unknownProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
          Source: C:\Windows\System32\SrTasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Windows\SysWOW64\msiexec.exe "msiexec.exe" /i C:\Users\user\AppData\Local\Temp\is-483BE.tmp\ActiveBarcode.x86.msi
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
          Source: C:\Windows\System32\SrTasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Windows\SysWOW64\msiexec.exe "msiexec.exe" /i C:\Users\user\AppData\Local\Temp\is-483BE.tmp\ActiveBarcode.x64.msi
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3
          Source: C:\Windows\System32\SrTasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe "C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe" /SILENT
          Source: C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp "C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp" /SL5="$A02C0,481838,121344,C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe" /SILENT
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe "C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe" /SILENT
          Source: C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp "C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp" /SL5="$902D2,361899,121344,C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe" /SILENT
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe "C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe" /SILENT
          Source: C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp "C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp" /SL5="$A02CE,385517,121344,C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe" /SILENT
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe" /passive /norestart
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe "C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe" /passive /norestart
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Windows\SysWOW64\msiexec.exe "msiexec.exe" /i C:\Users\user\AppData\Local\Temp\is-483BE.tmp\ActiveBarcode.x86.msi
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Windows\SysWOW64\msiexec.exe "msiexec.exe" /i C:\Users\user\AppData\Local\Temp\is-483BE.tmp\ActiveBarcode.x64.msi
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3
          Source: C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp "C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp" /SL5="$A02C0,481838,121344,C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe" /SILENT
          Source: C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp "C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp" /SL5="$902D2,361899,121344,C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe" /SILENT
          Source: C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp "C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp" /SL5="$5033A,35135642,121344,C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe "C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe" /SILENT
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe "C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe" /SILENT
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess created: C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe "C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe" /SILENT
          Source: C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp "C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp" /SL5="$A02CE,385517,121344,C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe" /SILENT
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Users\user\AppData\Local\Programs
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp
          Source: classification engineClassification label: clean4.winEXE@36/148@0/0
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile read: C:\Windows\win.ini
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpKey opened: Software\Borland\Delphi\Locales
          Source: C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4864:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5552:120:WilError_03
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\ActiveBarcode
          Source: Yara matchFile source: C:\Program Files (x86)\ActiveBarcode\is-ISS3T.tmp, type: DROPPED
          Source: Yara matchFile source: C:\Program Files (x86)\ActiveBarcode\is-LA3N5.tmp, type: DROPPED
          Source: Yara matchFile source: C:\Program Files (x86)\ActiveBarcode\is-ISS3T.tmp, type: DROPPED
          Source: Yara matchFile source: C:\Program Files (x86)\ActiveBarcode\is-LA3N5.tmp, type: DROPPED
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow found: window name: TSelectLanguageForm
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLL
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.This declaration (AGB) is based on and bound to German law so it's published in German language. The declaration in German language can be found at the end of this document.English translation: This is an automatic translation of the major points of our AGB. If you have questions on this please contact us by Email.General business conditions1. validity & generalThe following business conditions apply to all orders. The buyer acknowledges these conditions with his order.Changes or supplements to these business conditions may be encountered only in written form.The exchange and the withdrawal of software and licenses is excluded!2. offer & pricesOur offers result always subject to change and non-binding.3. deliveryThe delivery results always on danger and on costs of the customer.4. paymentWe offer different payment methods that are listed in our internet-offer.5. property reservationThe delivered software will remain to our property until it's completely payed.6. license conditionsIt is illegal to pass the licenced version to any other persons. Each license allows you to use the licenced version on a specified number of PC's. If you want to use the software on other or more computers you must purchase a additional licence. Illegal distribution of registered version will be prosecuted to the full extent of the law.Changes in any files disassembling reverse engineering patching of this program its help files is documentation its components (OCX) or dynamic link libraries (DLLs) is expressly prohibited.The full license conditions can be found in the file SetupGuide.pdf. This file is readable before the installation.7. guaranteeThe exchange and the withdrawal of software and licenses is excluded!The software is sold "as is". We give no guarantee for a specific usage of the software. We also give no guarantee for the satisfaction of needs of the customer.8. compensationCompensation claims are excluded.___________________Allgemeine Geschftsbedingungen1. Geltung & AllgemeinesDie folgenden Geschftsbedingungen gelten fr alle Bestellungen. Der Kufer erkennt diese Bedingungen mit der Auftragserteilung an.nderungen Ergnzungen und/oder Nebenabrenden zu diesen Geschftsbedingungen drfen nur schriftlich getroffen werden.Fr Privatkunden:Gesetzlich vorgeschriebene Aufklrung ber Widerrufsrecht bzw. Rckgaberecht: Gem 3 FernAbsG sowie 361a BGB (neu) hat der Kufer die Mglichkeit jeden Vertragsabschlu im Fernabsatz innerhalb einer Frist von 2 Wochen zu widerrufen. Diese Frist beginnt mit dem Empfang der Lieferung. Die Kosten fr die Rcksendung trgt der Kunde sofern der Auftragswert einen Betrag von 40 EUR nicht berschreitet.Einschrnkungen zum Widerrufsrecht bzw. Rckgaberecht: Gem 3 Abs. 2.1 FernAbsG gilt dies nicht bei Fernabsatzver
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeWindow detected: Number of UI elements: 19
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeWindow detected: Number of UI elements: 19
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Options
          Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C1970B8-6342-436C-8E50-FC580646FF4F}
          Source: ActiveBarcode-Setup6.12.0.exeStatic file information: File size 35679808 > 1048576
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-0L1SE.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-T9O3C.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-DGE38.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-RJ6KU.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-K1U8I.tmp
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDirectory created: C:\Program Files\ActiveBarcode\is-KJCIU.tmp
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\ActiveBarcode
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\ActiveBarcode\ActiveXControl
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocx
          Source: ActiveBarcode-Setup6.12.0.exeStatic PE information: certificate valid
          Source: ActiveBarcode-Setup6.12.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\ProgramData\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe (copy)Jump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Program Files\ActiveBarcode\is-T9O3C.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: 602eb7.rbf (copy)Jump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\concrt140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\msvcp140.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Program Files (x86)\ActiveBarcode\is-LA3N5.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Program Files (x86)\ActiveBarcode\powerpoint\is-HS3IL.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\AddIns\ActiveBarcode Add-In for Excel\uninstall\is-AQF0S.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Word\STARTUP\ActiveBarcode Add-In for Word\uninstall\is-E0H0B.tmpJump to dropped file
          Source: C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exeFile created: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Program Files (x86)\ActiveBarcode\excel\is-VCKIU.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: 602eb8.rbf (copy)Jump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocxJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocxJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\wixstdba.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\vccorlib140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\vcomp140.dllJump to dropped file
          Source: C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exeFile created: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: 602eb5.rbf (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Program Files (x86)\ActiveBarcode\word\is-DFBD6.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Program Files\ActiveBarcode\is-KJCIU.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\ProgramData\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe (copy)Jump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: 602eb6.rbf (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.be\VC_redist.x86.exeJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\vcruntime140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Program Files (x86)\ActiveBarcode\is-ISS3T.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\concrt140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\msvcp140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\vcruntime140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\vccorlib140.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\vcomp140.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1028\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1029\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1031\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1036\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1040\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1041\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1042\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1045\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1046\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1049\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\1055\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\2052\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\3082\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1028\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1029\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1031\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1036\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1040\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1041\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1042\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1045\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1046\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1049\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\1055\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\2052\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\3082\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\license.rtf
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2023-10-24 #001.txt
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2023-10-24 #002.txt
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveBarcode
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveBarcode\ActiveBarcode Generator.lnk
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveBarcode\ActiveBarcode CLI.lnk
          Source: C:\Windows\System32\SrTasks.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\SrTasks.exe TID: 3764Thread sleep time: -130000s >= -30000s
          Source: C:\Windows\System32\SrTasks.exe TID: 5596Thread sleep time: -300000s >= -30000s
          Source: C:\Windows\System32\SrTasks.exe TID: 4988Thread sleep time: -80000s >= -30000s
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDropped PE file which has not been started: C:\Program Files\ActiveBarcode\is-T9O3C.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 602eb7.rbf (copy)Jump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDropped PE file which has not been started: C:\Program Files (x86)\ActiveBarcode\is-LA3N5.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 602eb8.rbf (copy)Jump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocxJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocxJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 602eb5.rbf (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDropped PE file which has not been started: C:\Program Files\ActiveBarcode\is-KJCIU.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeDropped PE file which has not been started: C:\ProgramData\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe (copy)Jump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 602eb6.rbf (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.be\VC_redist.x86.exeJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDropped PE file which has not been started: C:\Program Files (x86)\ActiveBarcode\is-ISS3T.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpDropped PE file which has not been started: (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
          Source: C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
          Source: C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpKey opened: System\CurrentControlSet\Control\Keyboard Layouts\08070809
          Source: C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmpKey opened: System\CurrentControlSet\Control\Keyboard Layouts\04070809
          Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile Volume queried: C:\Windows FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\NULL
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\logo.png VolumeInformation
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\logo.png VolumeInformation
          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmpQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\SrTasks.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
          Source: C:\Windows\SysWOW64\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          1
          Replication Through Removable Media
          Windows Management Instrumentation21
          Windows Service
          21
          Windows Service
          23
          Masquerading
          OS Credential Dumping1
          Virtualization/Sandbox Evasion
          1
          Replication Through Removable Media
          Data from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/Job1
          Registry Run Keys / Startup Folder
          1
          Process Injection
          1
          Virtualization/Sandbox Evasion
          LSASS Memory1
          Process Discovery
          Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)1
          DLL Side-Loading
          1
          Registry Run Keys / Startup Folder
          1
          Disable or Modify Tools
          Security Account Manager11
          Peripheral Device Discovery
          SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)1
          DLL Side-Loading
          1
          Process Injection
          NTDS2
          System Owner/User Discovery
          Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          DLL Side-Loading
          LSA Secrets2
          File and Directory Discovery
          SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          File Deletion
          Cached Domain Credentials24
          System Information Discovery
          VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          ActiveBarcode-Setup6.12.0.exe0%ReversingLabs
          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp2%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-483BE.tmp\_isetup\_setup64.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\wixstdba.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.be\VC_redist.x86.exe0%ReversingLabs
          602eb5.rbf (copy)0%ReversingLabs
          602eb6.rbf (copy)0%ReversingLabs
          602eb7.rbf (copy)0%ReversingLabs
          602eb8.rbf (copy)0%ReversingLabs
          C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\concrt140.dll0%ReversingLabs
          C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\msvcp140.dll0%ReversingLabs
          C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\vccorlib140.dll0%ReversingLabs
          C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\vcomp140.dll0%ReversingLabs
          C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF\14.0.24215\vcruntime140.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140chs.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140cht.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140deu.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140enu.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140esn.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140fra.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140ita.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140jpn.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140kor.dll0%ReversingLabs
          C:\Windows\SysWOW64\mfc140rus.dll0%ReversingLabs
          C:\Windows\SysWOW64\vcamp140.dll0%ReversingLabs
          C:\Program Files (x86)\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocx0%ReversingLabs
          (copy)0%ReversingLabs
          C:\Program Files (x86)\ActiveBarcode\excel\is-VCKIU.tmp2%ReversingLabs
          C:\Program Files (x86)\ActiveBarcode\is-ISS3T.tmp0%ReversingLabs
          C:\Program Files (x86)\ActiveBarcode\powerpoint\is-HS3IL.tmp2%ReversingLabs
          C:\Program Files (x86)\ActiveBarcode\word\is-DFBD6.tmp2%ReversingLabs
          C:\Program Files\ActiveBarcode\is-KJCIU.tmp0%ReversingLabs
          C:\Program Files\ActiveBarcode\is-T9O3C.tmp0%ReversingLabs
          C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocx0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp3%ReversingLabs
          C:\Users\user\AppData\Roaming\Microsoft\AddIns\ActiveBarcode Add-In for Excel\uninstall\is-AQF0S.tmp3%ReversingLabs
          C:\Users\user\AppData\Roaming\Microsoft\Word\STARTUP\ActiveBarcode Add-In for Word\uninstall\is-E0H0B.tmp2%ReversingLabs
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          No contacted domains info
          No contacted IP infos
          Joe Sandbox Version:38.0.0 Ammolite
          Analysis ID:1331375
          Start date and time:2023-10-24 17:35:28 +02:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:30
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample file name:ActiveBarcode-Setup6.12.0.exe
          Detection:CLEAN
          Classification:clean4.winEXE@36/148@0/0
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Exclude process from analysis (whitelisted): dllhost.exe
          • Excluded IPs from analysis (whitelisted): 13.107.21.200, 204.79.197.200
          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtCreateFile calls found.
          • Report size getting too big, too many NtFsControlFile calls found.
          • Report size getting too big, too many NtOpenFile calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: ActiveBarcode-Setup6.12.0.exe
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4044112
          Entropy (8bit):6.5243169651197475
          Encrypted:false
          SSDEEP:
          MD5:718AA87232EBF8E8C0C57791270BDEE7
          SHA1:78F3ED73EB8B0804D2191CC7FA59D098E4E4D815
          SHA-256:BB5F3C7F8305B8A8086A025F86E3EC3D82D8935AFC1A18CBBF75A64C89D688F2
          SHA-512:6B68FA54E7E24A557684EB619C4F80D0483AD28EB1DB256E0DC577C3766D81B25850FC2DAFA8B2A7E7E6BB194A58B9D2572F99646587406FA193E0D61910E8F7
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....1.a..................0.........T.0.......0...@..........................`>......:>..........@...................P2.......2..4....6...............=.P)....2..............................p2.....................L.2.4....@2......................text...T.0.......0................. ..`.itext...*....0..,....0............. ..`.data.........0.......0.............@....bss.....l....1..........................idata...4....2..6...|1.............@....didata......@2.......1.............@....edata.......P2.......1.............@..@.tls....T....`2..........................rdata..]....p2.......1.............@..@.reloc........2.......1.............@..B.rsrc.........6.......5.............@..@.............`>.......=.............@..@................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4705072
          Entropy (8bit):7.05735073619111
          Encrypted:false
          SSDEEP:
          MD5:9A145819FEB9B159176FB95368BCD0BE
          SHA1:3728A89D10062B3701435638B1F01F138C5DC0F2
          SHA-256:3262782C80CEF7EF2CC23FFBE5D12F312736198D2F81F70DE1AA5F346D652DEB
          SHA-512:53B3D388C4D51D7CCA4F6E3C1F319372C1D78288CDA9EEDC6DAF25CBE9B4E17E3C29DF816F4724A8B16689C0A6E0AA925D517BC6EE0450B13AE4FC12F876B78E
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......OZ;,.;U..;U..;U.....;U.....;U.....;U.....;U..C...;U.0eT~.;U.0eV~.;U.0eQ~.;U.0eP~.;U.....;U..;T..?U.0e\~.:U.0eU~.;U.0e...;U.0eW~.;U.Rich.;U.........................PE..L...q.W.........."!......-......... .).......-..............................0H.....F.H...@A........................ .-..............p/...............G.0?....E.....0~..8...................h~..........@.....................,......................text.....-.......-................. ..`.data.........-.......-.............@....idata...T.......V..................@..@.didat.......P/.....................@....tls.........`/.....................@....rsrc........p/.....................@..@.reloc........E......tD.............@..B................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4775224
          Entropy (8bit):7.037292025260288
          Encrypted:false
          SSDEEP:
          MD5:FF62AF7574CBA15E3192AD6A9D3D19B8
          SHA1:892FF33D139E9B9227AE03F2934DE5921C74364F
          SHA-256:54F6A0A169089D62B1A6DBCE899040B002C184BD54E8CA7CF02F4EBE4D8E7FD6
          SHA-512:4ABCA4BF0AB3E4F9175FD22AD506518F6E8FE4BFB4B4CB9C96AD10A9D73B3C9B41955CBE79FDC91F537EC3D0AE48A3B3BE4400744BC7AF635B4B66F19265CAE7
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........Z;-K;U~K;U~K;U~..~J;U~..~J;U~..~I;U~..~^;U~BC.~_;U~peT.I;U~peV.@;U~peQ.G;U~peP.\;U~..~X;U~K;T~.8U~pe\..:U~peU.J;U~pe.~J;U~peW.J;U~RichK;U~........................PE..L.....W.........."!.........................P................................I.....,5I...@A............................L...../......@0...............H.8?....E.....`...8...................,4......p...@............./.............................text.............................. ..`.data...$...........................@....idata..fS..../..T..../.............@..@.didat....... 0......./.............@....tls.........00......./.............@....rsrc........@0......./.............@..@.reloc........E.......E.............@..B................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):95032
          Entropy (8bit):6.488822703164812
          Encrypted:false
          SSDEEP:
          MD5:CF45BE9D7701608BC3174ABF46920EF2
          SHA1:55B61B3032520268E98652BEE1C43FDAAD66A079
          SHA-256:2DF9754E899A3EBD021BE033085354F190EE74D04A034FED95DB42480FBF34F6
          SHA-512:581DA886B1D204ABDC8AC4B83298906F56434BB935A6E3DAAFEC01C0FC48D7AA117DB87887891AA8542C0F0AAF89A2A622FAE593FEDFFD23522D1389C24BB91C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*..y..y..yz<hy..y..5y..y...x..y...x..y...x..y..5y..yz<my..y..y..y...x..y...x..y..Yy..y...x..yRich..y........PE..L.....W.........."!.....D...........R.......`............................................@..........................0......`1.......p...............4..8?..........0f..8....................&.......e..@............`..L...........Pc..H............text....C.......D.................. ..`.rdata.......`.......H..............@..@.data........@......."..............@....tls.........P.......&..............@....gfids..T....`.......(..............@..@.rsrc........p.......*..............@..@.reloc..............................@..B........................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):95544
          Entropy (8bit):6.463075333235294
          Encrypted:false
          SSDEEP:
          MD5:CB56C5C3D746328FDF4E444E2D8A38E1
          SHA1:959B741391FB0DD55E26956387FB299FE9C2C416
          SHA-256:188C6A4E84114B522012FFCCA6DE7C18FE1032C226EEA4E4D15CADB0AC524185
          SHA-512:B47FE9D3801D8A206441C3294EAE065D13441259EADC2915E656BE96E56E15B76A00756EB4B6DE7E6043F86F0A7136B2F99DB887FA1B67C88D21075B16CA7E0C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*..y..y..yz<hy..y..5y..y...x..y...x..y...x..y..5y..yz<my..y..y..y...x..y...x..y..Yy..y...x..yRich..y........PE..L.....W.........."!.....D...........R.......`............................................@..........................0.......1.......p...............6..8?..........0f..8....................&.......e..@............`..L...........Pc..H............text....C.......D.................. ..`.rdata.......`.......H..............@..@.data........@......."..............@....tls.........P.......&..............@....gfids..T....`.......(..............@..@.rsrc........p.......*..............@..@.reloc...............0..............@..B........................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):16182
          Entropy (8bit):5.514581534469848
          Encrypted:false
          SSDEEP:
          MD5:59D064E05E37B3DCBC0793E4324454B0
          SHA1:9D833EB99E59BB320377C63229A9E339C62B74C2
          SHA-256:4E84C1C0B345B23C34B11BE9E4D03EB3CC06BDA51F9CC18A8362ED351820ACA8
          SHA-512:012661CFA1CC190A89110B55B98AFE4D074956279C59EA1D1D8D3D6ABCCE232DE57713BB9D47FE334BE3BE0FF5C199D529A05791798A1C5892C8ABFCAF66A97A
          Malicious:false
          Reputation:low
          Preview:...@IXOS.@.....@..XW.@.....@.....@.....@.....@.....@......&.{BBF2AC74-720C-3CB3-8291-5E34039232FA}:.Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215..vc_runtimeMinimum_x86.msi.@.....@.^...@.....@........&.{F24C76FD-574E-40AC-A98D-E93BF1F834D0}.....@.....@.....@.....@.......@.....@.....@.......@....:.Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{9C501CB1-E3C9-3DF3-9B8D-C55D81B59E6A}&.{BBF2AC74-720C-3CB3-8291-5E34039232FA}.@......&.{42F41217-AF8B-33D4-9CB3-FF5F696BECBB}&.{BBF2AC74-720C-3CB3-8291-5E34039232FA}.@......&.{E8E39D3B-4F35-36D8-B892-4B28336FE041}&.{BBF2AC74-720C-3CB3-8291-5E34039232FA}.@......&.{A2AA960C-FD3C-3A6D-BD6F-14933011AFB3}&.{BBF2AC74-720C-3CB3-8291-5E34039232FA}.@......&.{9FC931F8-9ED1-3263-A0F1-8ADE330D0ECE}&.{BBF2AC74-720C-3CB3-8291-5E34039232FA}.@......&.{0200CF79-B9A1-3BE4-955A-29FA9D4B1A5C}&.{
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:modified
          Size (bytes):21408
          Entropy (8bit):5.357127775390931
          Encrypted:false
          SSDEEP:
          MD5:FF2F25AFCF2E42D8AC460E5120C46399
          SHA1:D5CA035949FDDCD0EF1B3CF9DC9CF6C045D12F6B
          SHA-256:C193E984043049DC7AF06F144B9789103C5E7F4F1C69D743139B330D91AFFBB7
          SHA-512:58F61B7D6F903E5829B652BC47B33B4220E789BE8A28471BE44170F9F474BF7418AA1C5FF1BFF8E45D26A65DA22365A2434553FD996E99CF486637DB2A4AF54B
          Malicious:false
          Reputation:low
          Preview:...@IXOS.@.....@..XW.@.....@.....@.....@.....@.....@......&.{69BCE4AC-9572-3271-A2FB-9423BDA36A43}=.Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215..vc_runtimeAdditional_x86.msi.@.....@.^...@.....@........&.{48171CEE-A5DE-49D9-920C-A92F816564BC}.....@.....@.....@.....@.......@.....@.....@.......@....=.Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{2FBCCF06-0D7B-3E2D-A6AF-5DA2828EBEE9}&.{69BCE4AC-9572-3271-A2FB-9423BDA36A43}.@......&.{4FD4AB8C-C57F-3782-9230-9CCA22153AD3}&.{69BCE4AC-9572-3271-A2FB-9423BDA36A43}.@......&.{46A1EA6B-3D81-3399-8991-127F7F7AE76A}&.{69BCE4AC-9572-3271-A2FB-9423BDA36A43}.@......&.{C94DDE19-CC70-3B9A-A6AF-5CA7340B9B9A}&.{69BCE4AC-9572-3271-A2FB-9423BDA36A43}.@......&.{946D6FA6-49BB-3415-AD2D-4D634C432CF0}&.{69BCE4AC-9572-3271-A2FB-9423BDA36A43}.@......&.{E533B148-A83A-3788-A763-0C6C46C
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:modified
          Size (bytes):12109
          Entropy (8bit):5.564916914230971
          Encrypted:false
          SSDEEP:
          MD5:D056598210671F38874D1681D5B031E0
          SHA1:C624BB1648FBFF67C9A0BABB3DC3F82B7A0E1121
          SHA-256:AAAC5D93ABF73767624514D4623C8C2657B5F3E38C0DF546DD1E366D909F3506
          SHA-512:B9BD9A187356C2ECBB1EE433F53AE5B162F48A745E3C40F433C09F348016309A1C93AEFCE11868195E77117F2FBF2C963D93118308164486F699831DD9E0765E
          Malicious:false
          Reputation:low
          Preview:...@IXOS.@.....@..XW.@.....@.....@.....@.....@.....@......&.{C879E73E-E447-4B9B-A9DC-28D8DC6CFB80}..ActiveBarcode Object (x86)..ActiveBarcode.x86.msi.@.....@.....@.....@........&.{8FE5CC92-C320-4ED3-B3A7-5EE8A55E836D}.....@.....@.....@.....@.......@.....@.....@.......@......ActiveBarcode Object (x86)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{4D5987BD-522D-4BFC-B072-EC615F3386B0}&.{C879E73E-E447-4B9B-A9DC-28D8DC6CFB80}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..A.C:\Program Files (x86)\Common Files\ActiveBarcode\ActiveXControl\....R.C:\Program Files (x86)\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocx....WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$...;.CLSID\{0BFA85A4-F9B8-11CF-8939-444553540000}\InprocServer32...@....(.&...R.C:\Program Files (x86)\Common Files\ActiveBarcode\ActiveXControl
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:modified
          Size (bytes):14419
          Entropy (8bit):5.407341497335763
          Encrypted:false
          SSDEEP:
          MD5:E9F00612ABACB5C4FB5F5442FD5036D0
          SHA1:269770CD1333CC3B99B52651B7E7A7B24EA7F7C8
          SHA-256:B4DD266F84BB95D7FA72B7BEAA9189734F3EA0C63A6A64DEFF59BAF5AAA6CC1C
          SHA-512:2BEF6A057DB81CCFBB117FF59BB36F6B8235D228714E84912D4C0009A196DAB99EA5C18D4C26A16F31A8A2667ACCE2040331591B8EA33DE75CBCE92C738987EF
          Malicious:false
          Reputation:low
          Preview:...@IXOS.@.....@..XW.@.....@.....@.....@.....@.....@......&.{4C1970B8-6342-436C-8E50-FC580646FF4F}..ActiveBarcode Object (x64)..ActiveBarcode.x64.msi.@.....@.....@.....@........&.{F3CDA063-0EC4-495A-800B-78C743C78297}.....@.....@.....@.....@.......@.....@.....@.......@......ActiveBarcode Object (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{4D5987BD-522D-4BFC-B072-EC615F3386B0}&.{4C1970B8-6342-436C-8E50-FC580646FF4F}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..;.C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\....L.C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocx....WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$...;.CLSID\{0BFA85A4-F9B8-11CF-8939-444553540000}\InprocServer32...@....(.&...L.C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocx
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):840
          Entropy (8bit):5.094313332542379
          Encrypted:false
          SSDEEP:
          MD5:F89590513BE5873359A186998D2F0CA0
          SHA1:1C4414EEF3D4D7817A8EEDE59541F5B00567DE34
          SHA-256:6E18BE9DC3CBFE253154425A4D07FD451EA5DEA38C592EE8F05E3449CB48EA5B
          SHA-512:FD320681C984FB462018B10711358B9AE3E2567D3D8746B70F589997D1FC509B3CBB8651E4E335A5C0BAB45F68EA40D7309D820287C79F2B967C380355C375FA
          Malicious:false
          Reputation:low
          Preview:<%..' example_calc_checksum_only.asp....' (c) 2003-19 www.activebarcode.com..' Very simpe example that shows the usage of barcode.ocx from asp ..' ..' barcode.ocx is used to calculate a checksum only....dim Barcode..Set Barcode = Server.CreateObject("ACTIVEBARCODE.BarcodeCtrl.1")....' Set the barcode properties ..Barcode.Autotype = FALSE..Barcode.TypeName ="CODE 39 Checksum"..Barcode.Text = "12ABC"....' ENG: output of barcode properties ..' GER: Ausgabe der zuvor gesetzten Barcode-Eigenschaften..Response.write "Barcode.Text: " & Barcode.Text & "<br>"..Response.write "Barcode.TypeName: " & Barcode.TypeName & "<br>"....' ENG: output of the checksum calculated by activebarcode..' GER: Ausgabe der von ActiveBarcode errechneten Pr.fsumme:..Response.write "Barcode.Checksum: "& Barcode.Checksum & "<br>"....Set Barcode = Nothing..%> ..
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:HTML document, ASCII text, with very long lines (313), with CRLF line terminators
          Category:dropped
          Size (bytes):6466
          Entropy (8bit):5.233196856774256
          Encrypted:false
          SSDEEP:
          MD5:D7CA13728AD3E58090D5EA754FC7ACB7
          SHA1:ACA4F6AC29CE0F81E132D611C372A0C4660F9BE5
          SHA-256:C4ADFA19D20E15C4F03459DF22CDB85C70F1E9988FCC2518C347D4891E5E2B33
          SHA-512:ADF00B216A414420DA3032F5C0D1E0C9EF55851C9970A874BDB609A821BA70A6B93411148BBA65B4F71903BCE9D7328D320831C40CEA76FE41902729C1052C11
          Malicious:false
          Reputation:low
          Preview:<html>..<head>..<style type="text/css">..body { FONT-SIZE:16px; font-family:Arial; line-height:24px; margin: 0px; background:linear-gradient(180deg, #eeeeee 0%, #eedfc3 100%); }...fullcontent {margin-top:10px; margin-bottom:10px; margin-left:auto; margin-right:auto; max-width: 1200px; min-width: 600px; border: 3px solid #DDDDDD; background:linear-gradient(185deg, #eedfc3 0%, #FFFFFF 127px); position: relative; overflow: hidden; padding: 5px 50px; }...toplogo{ border: 0px; margin-top:15px; margin-right:5px; display: block; text-align: right; border-radius:0px; height:50px; max-height:50px; }...titletext { font-size:25px; font-weight:bold; font-family:Arial;color:#056764; padding:0px; margin-top: 1px; margin-bottom: 0px; margin-left:0px; text-align: right; border-width:0px; border-bottom-color:#a0a0a0; border-bottom-style:none; border-left-style:none; border-right-style:none; border-top-style:none; }..h1 { color: #056764; font-weight:bold; font-size:36px;border-width:1px; line-he
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):552
          Entropy (8bit):5.025977266152311
          Encrypted:false
          SSDEEP:
          MD5:95291A389C445FBD6C0AE1125A12F4D2
          SHA1:EEDB9AE4A4AB41C767F1DFD15BA9A95A7A2D5693
          SHA-256:BC33DF4A1ADEA9A35D9C5E4A301CE71FBD33BC61C80771209150D8362343F2F8
          SHA-512:9E269E715F0042F34835A4531FBCBCE22067D32E767D810E046067DD3E4F7BCA8FAC94545480AFFD72DEA9AD428CDA159C281523B8575FC3B2C824854ABB601D
          Malicious:false
          Reputation:low
          Preview:<%..' example_show_version_only.asp....' (c) 2003-2019 www.activebarcode.com..' Very simpe example that shows the usage of barcode.ocx from asp ..' ..' barcode.ocx is used to display the read only property "Version"...' This minimal example is a good start for debugging purpose.....dim Barcode..Set Barcode = Server.CreateObject("ACTIVEBARCODE.BarcodeCtrl.1")....' ENG: output of barcode property "Version"..' GER: Ausgabe der Barcode-Eigenschaft "Version"..Response.write "Barcode.Version: " & Barcode.Version & "<br>"....Set Barcode = Nothing..%> ..
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):953
          Entropy (8bit):5.239954270293466
          Encrypted:false
          SSDEEP:
          MD5:1CB0E59F46EC8FA1E5BDE48E37337307
          SHA1:33C6C621224B2D369B7A8AB4F45A56497BF14135
          SHA-256:079EF9497364553F45A5FA97D47CB2638B46BE896A73EC7B2DAE2BCB0BC1B8B8
          SHA-512:DE4ED7D90E171E74422D1AC31918551A9E70F34B9A47887209D8E2D7DF8B791A2490638553843EC325BBE369056F0ADD276AA00FAC68D8043147C9AC5372EBE6
          Malicious:false
          Reputation:low
          Preview:<%..' example_create_current_time_as_code128.asp....' (c) 2003-19 www.activebarcode.com..' This ASP-Source Code is free. ..' You may use and modify it freely for your needs...' ..' barcodeimage.asp is used to get an dynamic image src for a html <img> tag...'....myText = "Time: " & datepart("h",now())&"."&datepart("n",now())&"."&datepart("s",now())..%> ..<html>..<head>..</head>..<body>..This is a simple expample that show the usage of <b>barcodeimage.asp</b><br />..within the an image tag for the src parameter:<br />..<br />..<img src="barcodeimage.asp?code=CODE39EXTENDED&text=<%=server.urlencode(myText)%>&showtext=1&backcolor=yellow&forecolor=blue&width=380" width="380"/><br />..<br />..This Barcode was created with the following html-img tag:<br />..<br />..<b>..&lt;img src="barcodeimage.asp?code=CODE39EXTENDED&text=<%=server.urlencode(myText)%>&showtext=1&backcolor=yellow&forecolor=blue&width=380" /&gt..</b>..</body>..</html>............
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):11028
          Entropy (8bit):5.178732433687538
          Encrypted:false
          SSDEEP:
          MD5:08DA9408BDCB349B7195D1FB9C377957
          SHA1:28D75FD05D4D806E206B8570C6A63B6914D588F2
          SHA-256:0A30966BA82E48D24ABB466D39124E328FFC6A842FCA184D7F2B09F86429A7C8
          SHA-512:66CC5E62AF532324B0A42EEE87177EFFFCB9589830120B727F0BDB23537E218CD22201B25FA2667CEABDC8E68226ECD3D0E20591DBF18A4837C7E922CD49D77C
          Malicious:false
          Reputation:low
          Preview:.<%..' barcodeimage.asp..'..' Encoding: UTF-8 with BOM..'..' (c) 2003-2019 www.activebarcode.com..' mailto: info@activebarcode.de..'..' Authors: Lars Schenk (ls) and Frank Horn (fh)..' Version 1.07 - 11.03.2019 Use new ProgID: ACTIVEBARCODE.BarcodeCtrl.1 (ls)..' Version 1.06 - 21.02.2019 Accept 0,1,2 as alignment parameter, too (ls)..' fontname, fontsize, fontbold, fontitalic, ..' fontunderline, fontstrikeout parmater added (ls)..' Version 1.05 - 17.04.2017 Removed ParseControlCodes because it's done in the control now (ls)..' Version 1.04 - 11.02.2017 Added alignment parameter (ls)..' Version 1.03 - 22.01.2017 Umsetzung fuer Steuerzeichen innerhalb <>, z.B. <CR> (fh)..' Version 1.02 - 28.02.2005 improved documentation (ls)..' Version 1.01 - 14.02.2004 expanded for ActiveBarcode Version 5.x (ls)..' Version 1.00 - 02.03.2003 (ls)..'..'This program (barcodeimage.asp) is free software; you can redistribute it and/or..'modify it under t
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1000912
          Entropy (8bit):7.902585538500265
          Encrypted:false
          SSDEEP:
          MD5:D567E7D9EB838A16C601E3E3CEA0C83F
          SHA1:4DF5B49E4C59DB21537C60E9682E4445BBD801AD
          SHA-256:B4DD13D45628345D2B46765AB57F25D9064613C5C929391C0A4748BA375484A3
          SHA-512:D7194C5ABF1BD84F4D286DA58429088CFDBD66E66CFC8B9A0CE5737E85E23DD2AC7215D4B157CDD270A718C96F002A8E11165C1AFAAA06AEA0B4DF349311485C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 2%
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[..................................... ....@.......................................@......@.......................................................)...........................................................................................text...\........................... ..`.itext.............................. ..`.data........ ......................@....bss.....V...0...........................idata..............................@....tls.................&...................rdata...............&..............@..@.rsrc................(..............@..@....................................@..@........................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32 executable (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):2351424
          Entropy (8bit):6.555051204381912
          Encrypted:false
          SSDEEP:
          MD5:EEB1ADA80BEF5BF9B26189DE1C179EC8
          SHA1:063D6EFD9AC04D0E5497C09F83B3799B4A5E80D0
          SHA-256:2250F6B554A03D4FD244BDBD6CEBCB2C4395D08B752C207D241CC1D8BA0F71BE
          SHA-512:90EC83E2AEE5C0591FDA0A0DF522ACBCE58298AD6369569BDA2B80A3B9E5A42CD0D35D8A10314C4C71A91673243A5FBDCA996E054CE1C28C038B7E0A4D191333
          Malicious:false
          Yara Hits:
          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\ActiveBarcode\is-ISS3T.tmp, Author: Joe Security
          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\ActiveBarcode\is-ISS3T.tmp, Author: Joe Security
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....EP\..........................................@...........................$......9$..........@..............................^4...0"..\............#.@)...0............................... .......................................................text...p........................... ..`.itext.............................. ..`.data....D.......F..................@....bss....@a...@...........................idata..^4.......6... ..............@....didata..............V..............@....edata...............`..............@..@.tls....D................................rdata..].... .......b..............@..@.reloc.......0.......d..............@..B.rsrc....\...0"..\...\!.............@..@..............$.......#.............@..@................
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4044112
          Entropy (8bit):6.5243169651197475
          Encrypted:false
          SSDEEP:
          MD5:718AA87232EBF8E8C0C57791270BDEE7
          SHA1:78F3ED73EB8B0804D2191CC7FA59D098E4E4D815
          SHA-256:BB5F3C7F8305B8A8086A025F86E3EC3D82D8935AFC1A18CBBF75A64C89D688F2
          SHA-512:6B68FA54E7E24A557684EB619C4F80D0483AD28EB1DB256E0DC577C3766D81B25850FC2DAFA8B2A7E7E6BB194A58B9D2572F99646587406FA193E0D61910E8F7
          Malicious:false
          Yara Hits:
          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\ActiveBarcode\is-LA3N5.tmp, Author: Joe Security
          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\ActiveBarcode\is-LA3N5.tmp, Author: Joe Security
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....1.a..................0.........T.0.......0...@..........................`>......:>..........@...................P2.......2..4....6...............=.P)....2..............................p2.....................L.2.4....@2......................text...T.0.......0................. ..`.itext...*....0..,....0............. ..`.data.........0.......0.............@....bss.....l....1..........................idata...4....2..6...|1.............@....didata......@2.......1.............@....edata.......P2.......1.............@..@.tls....T....`2..........................rdata..]....p2.......1.............@..@.reloc........2.......1.............@..B.rsrc.........6.......5.............@..@.............`>.......=.............@..@................
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):349
          Entropy (8bit):5.151467184152696
          Encrypted:false
          SSDEEP:
          MD5:5C9E03004F629661DD841D77FE3515AF
          SHA1:8F94A3FDACC2A2DBFC6D036561C5859AD1A66446
          SHA-256:741ABC2B48A14B4E314092876CFB1F660C86D18E1C34F200DC65DFFCF3F53C92
          SHA-512:140B1A5607157C5600339D711AA59FB4655E2077A7C5319D47C13273FF85DDF4F4A7CD9D0FB9B2138D4E2F77F340EAE2AC8FEA21DEBC4DDDB54B823FEF53D532
          Malicious:false
          Reputation:low
          Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <VisualElements.. BackgroundColor="#FFFFFF".. ShowNameOnSquare150x150Logo="off".. ForegroundText="dark".. Square150x150Logo="ActiveBarcodeGenerator-tile-150x150.png".. Square70x70Logo="ActiveBarcodeGenerator-tile-70x70.png"/>..</Application>
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PHP script, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):504
          Entropy (8bit):5.094104746551118
          Encrypted:false
          SSDEEP:
          MD5:9DE8486BAA26810FF2FA5CE54D2858D5
          SHA1:D69D9197C1120F2C7A0D03E08F9883550696B9CA
          SHA-256:00958CF2E68EC757D253BB301D43BDA72D6354A2B7988831ED9D072E775DA5B1
          SHA-512:40496A9DBDD5AC1F9C7BF98315D2FC03B087B711A4803F195F7B576330A2506AFBBE9AB83BFFF39BEA805B9B320404B1CCB70BB55E9BD17AC3EB40F951FB7F26
          Malicious:false
          Reputation:low
          Preview:<?php..// example_show_version_only.php..// (c) 2003-2019 www.activebarcode.com..// Very simpe example that shows the usage of ActiveBarcode.ocx from php..// ..// ActiveBarcode.ocx is used to display the read only property "Version"...// This minimal example is a good start for debugging purpose.....$Barcode = new COM("ACTIVEBARCODE.BarcodeCtrl.1") or die("Unable to instanciate ActiveBarcode. Not installed? Correct rights?");..echo "Loaded ActiveBarcode version: *{$Barcode->Version}*<br />";..?> ..
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PHP script, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):984
          Entropy (8bit):5.201439250354863
          Encrypted:false
          SSDEEP:
          MD5:EDC5FD4766D587A1008BBC514331AB84
          SHA1:055C70E27F4C159794DEAEDB3E31563F5EE6CF54
          SHA-256:B562883F9906C3481705351497A8BEABD9AC60E690D7B3BA5D3E5BE5D80CA891
          SHA-512:2F2C7961D460E1CDF3DA4C45BD945E6CD693C8FEA880BD74E05A3598E6523E4DFF0EAC4DA7EA2C9978919D34CD11DFD18D6C5989A38DB21EE027A9CC24635344
          Malicious:false
          Reputation:low
          Preview:<?php..// example_calc_checksum_only.php..//..// (c) 2003-2019 www.activebarcode.com..// Very simpe example that shows the usage of ActiveBarcode.ocx from php..// ..// ActiveBarcode.ocx is used to calculate a checksum only....$Barcode = new COM("ACTIVEBARCODE.BarcodeCtrl.1") or die("Unable to instanciate ActiveBarcode. Not installed? Correct rights?");..// DEBUG: ..// echo "Loaded ActiveBarcode version: *{$Barcode->Version}*<br />";....// Set the barcode properties ..$Barcode->Autotype = 0; // false;..$Barcode->TypeName = 'CODE 39 Checksum';..$Barcode->Text = '12ABC';....// ENG: output of barcode properties ..// GER: Ausgabe der zuvor gesetzten Barcode-Eigenschaften..echo '$Barcode->Text: ' . $Barcode->Text . '<br />';..echo '$Barcode->TypeName: ' . $Barcode->TypeName . '<br />';....// ENG: output of the checksum calculated by activebarcode..// GER: Ausgabe der von ActiveBarcode errechneten Pr.fsumme:..echo '$Barcode->Checksum: ' . $Barcode->Checksum . '<br />';..?> ..
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PHP script, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):13464
          Entropy (8bit):5.105627203754089
          Encrypted:false
          SSDEEP:
          MD5:E71B34901CB940FD46834E2F24A455EC
          SHA1:34D31829119BF66710CF0F82E87525AEA83DCBD3
          SHA-256:FDE0A4862A3631CA4E3337822D9B11F049FBF81857100A8AAF6FBF17DBEBDBEA
          SHA-512:46075F4E8947DC63D5A973A4BBCEB2B32B2D6FB8FAA1FCB4ED2480DD78654A269DF12A2847FF989A72A824C4EE0D090303726303C50BCC6BE47065CD20DA6F62
          Malicious:false
          Reputation:low
          Preview:<?php../*** ..barcodeimage.php (UTF-8, PSR-2)....Synopsis: barcodeimage.php is a wrapper for using ..activebarcode.ocx to create a png image of a desired barcode..The barcodeimage.php allows the EASY USAGE for creating dynamic barcodes with..the IMG-Tag within HTML-Pages like this:..<IMG SRC="barcodeimage.php" /> ....Parameters:....typeno= Barcode-Type as number that you want to use for encoding i.e.: 14 (=CODE128)}.. Note: If you don't know the typenumber you can use the parameter "code" alternativly... This will set the barcode property "Type". I needed to rename the parameter .. here because "Type" is a reservered PHP-word...code= Barcode-Type as a human readable name that you want to use for encoding i.e.: CODE128.. Note: It's better to set the parameter "typeno" because it's unique. .. This will set the barcode property "TypeName"..text= Text that you want to display as a barcode. This may be an
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PHP script, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):23
          Entropy (8bit):3.588354347173234
          Encrypted:false
          SSDEEP:
          MD5:6C4BB8355DF3516816E2B2596EF88572
          SHA1:F71C3E5EF1ABFE6B85BD9E3AD3E274A7A1D95131
          SHA-256:C8C3E9D0AB7482AD461CAAA0F5BA586EF59351624F3E1ABB2BE77BEFBD226B0A
          SHA-512:F3BFADCED05ACC361DDC0D0E5EF7756C4F9E7F0AC607A0EC226AF0BF13E88FC0BC76797910C75487AADF116E08E655DA1E22FB7D141ABA361BD61FFC7585AB6E
          Malicious:false
          Reputation:low
          Preview:<?php..phpinfo();..?>..
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PHP script, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):997
          Entropy (8bit):5.270843579711984
          Encrypted:false
          SSDEEP:
          MD5:CEE18BE034C1A587F453F50C0335FA32
          SHA1:8EA836B9404DE5DE42662075B51F4BF2EEFFCF84
          SHA-256:BEF8CA54B3017E6028A136902769DCD21957EE6794B8C42ECD94A34AE386595E
          SHA-512:ED6D528145CAE934446C2D01E81B6EB1DB8822A6CC8270AD18C251AB4C8462A84C34F2E32C3ECCBC87BA9F16037ECBD26160A0120FACF74F8A11ED95DC8C0E9F
          Malicious:false
          Reputation:low
          Preview:<?php..// example_create_current_time_as_code128.php..//..// (c) 2003-2019 www.activebarcode.com ..// This PHP-Source Code is free. ..// You may use and modify it freely for your needs...// ..// barcodeimage.php is used to get an dynamic image src for a html <img> tag...//....// $myText = 'Time: ' . datepart("h",now())&"."&datepart("n",now())&"."&datepart("s",now())....$myText = strftime("%H:%M:%S");..?> ..<html>..<head>..</head>..<body>..This is a simple expample that show the usage of <b>barcodeimage.php</b><br />..within the an image tag for the src parameter:<br />..<br />..<img src="barcodeimage.php?code=CODE39EXTENDED&text=<?php echo rawurlencode($myText); ?>&showtext=1&backcolor=yellow&forecolor=blue&width=380"/><br />..<br />..This Barcode was created with the following html-img tag:<br />..<br />..<b>..&lt;img src="barcodeimage.php?code=CODE39EXTENDED&text=<?php echo rawurlencode($myText); ?>&showtext=1&backcolor=yellow&forecolor=blue&width=380" /&gt..</b>..</body>..</html>
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:HTML document, ASCII text, with very long lines (313), with CRLF line terminators
          Category:dropped
          Size (bytes):6497
          Entropy (8bit):5.241762186168653
          Encrypted:false
          SSDEEP:
          MD5:34FDC4B524A8549581C0D49DAB05F237
          SHA1:19F634A7EFFD43984DEC163E05D878C709F4CE53
          SHA-256:8EB3AEAB6BAA9004F442107DC7D3E88768CCB32199C2736E2781C2262B75FD7B
          SHA-512:03E76CE211F7D96568EA1DA03F0AECA4F69269D6CF918A2437ACC9F189AF340056F98F636147ECA74559A7C7B82E6093DB49E9E13EAFFF910EF9509E9BBF072B
          Malicious:false
          Reputation:low
          Preview:<html>..<head>..<style type="text/css">..body { FONT-SIZE:16px; font-family:Arial; line-height:24px; margin: 0px; background:linear-gradient(180deg, #eeeeee 0%, #eedfc3 100%); }...fullcontent {margin-top:10px; margin-bottom:10px; margin-left:auto; margin-right:auto; max-width: 1200px; min-width: 600px; border: 3px solid #DDDDDD; background:linear-gradient(185deg, #eedfc3 0%, #FFFFFF 127px); position: relative; overflow: hidden; padding: 5px 50px; }...toplogo{ border: 0px; margin-top:15px; margin-right:5px; display: block; text-align: right; border-radius:0px; height:50px; max-height:50px; }...titletext { font-size:25px; font-weight:bold; font-family:Arial;color:#056764; padding:0px; margin-top: 1px; margin-bottom: 0px; margin-left:0px; text-align: right; border-width:0px; border-bottom-color:#a0a0a0; border-bottom-style:none; border-left-style:none; border-right-style:none; border-top-style:none; }..h1 { color: #056764; font-weight:bold; font-size:36px;border-width:1px; line-he
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):903296
          Entropy (8bit):7.884864742243692
          Encrypted:false
          SSDEEP:
          MD5:22EC2A1988C8789D3F9D3E97F6E76EA8
          SHA1:C9A8D4C6CB970C61D6038D0977F16E554544D262
          SHA-256:85A3F4C0B922EBF99B96D093052C2D1BDF7074A7E9C83A0EE37D8A89CBC88DD1
          SHA-512:77DBDE1BD7FF5F14C715B582909BA7D533A31C3F55117D7C883D2862DE8CDFE3F6AE9166FDEAF9C6177E0AF12E943185982F1E1FEFF5BCF15C0929E001780C49
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 2%
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[..................................... ....@.................................|.....@......@..................................................p....)...........................................................................................text...\........................... ..`.itext.............................. ..`.data........ ......................@....bss.....V...0...........................idata..............................@....tls.................&...................rdata...............&..............@..@.rsrc................(..............@..@....................................@..@........................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:InnoSetup Log ActiveBarcode, version 0x418, 22075 bytes, 767668\37\user\376\, C:\Program Files (x86)\ActiveBarcode\376\3
          Category:modified
          Size (bytes):22075
          Entropy (8bit):3.9140026342514167
          Encrypted:false
          SSDEEP:
          MD5:E718E492B93EF0D4F7EA5617B32BF360
          SHA1:7C75B83BD0005ECD0B5029EA157E4A5EFE1FF88A
          SHA-256:9035716CB06D443ED75BC575468477A824CA5D78661CA2B3AA389183A74E5469
          SHA-512:B0BF1DCA10D986C507212D84084F478ECFEDDB8292012D600481C930E570E94099B3FBA33A61A97F0FBBD81A022AA2289FC121EE9FFC532F700F5C1EDA385ED3
          Malicious:false
          Reputation:low
          Preview:Inno Setup Uninstall Log (b)....................................ActiveBarcode...................................................................................................................ActiveBarcode.......................................................................................................................'...;V..5................................................................................................................+#.........j..m...............7.6.7.6.6.8......c.a.l.i......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.c.t.i.v.e.B.a.r.c.o.d.e................%.$. .. ......=...n...IFPS....#...*...........................................................................................................................................................BOOLEAN..................!OPENARRAYOFCONST..................TEXECWAIT.........TMSGBOXTYPE.........TSETUPSTEP.........TUNINSTALLSTEP.................!MAIN....-1.............ENVADDPATH....-1 @17..REGQUERYSTRINGVALUE.....
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
          Category:dropped
          Size (bytes):22649
          Entropy (8bit):3.2708535527101343
          Encrypted:false
          SSDEEP:
          MD5:58DD7D7A0F37DF8E8CA43F2CB55A6BBF
          SHA1:4AB3547C98D491CCD772914959B22B83C88F7BC8
          SHA-256:ADD7BCB41AC7E9F5A75BF4BC3ED6D54940FD9A1C096C88CA13D6B8850B574586
          SHA-512:A3400C2D80779FB60C609B5F0967D5A09F40701A414BB4C031D209B17FF86C6A5E682E1EBD795A42893D2AD69F09C71FC8E3EA97A7E46EBB5E86EC0336B5103C
          Malicious:false
          Reputation:low
          Preview:Inno Setup Messages (5.5.3) (u).....................................,X.....5...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s... .A.f.
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):878400
          Entropy (8bit):7.880281841114776
          Encrypted:false
          SSDEEP:
          MD5:3EC4D0F37CDF888018A109816DEB41F2
          SHA1:286348A2D2CCB3D7FBDC62B9444170DFD649E778
          SHA-256:793763F5234295982B22F5CE7DE587678DBCB44811145005AD6D4499A783EA7F
          SHA-512:08F3A519A9BC04E217C596C631E0FC57EEB3B90EB522DFA91657013F24847FDD75F74FEF097A3F48051AE27D2906DB18A158DC79C2ECA50BA0C2529F1DE0B372
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 2%
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[..................................... ....@.......................................@......@..................................................0>...)...........................................................................................text...\........................... ..`.itext.............................. ..`.data........ ......................@....bss.....V...0...........................idata..............................@....tls.................&...................rdata...............&..............@..@.rsrc................(..............@..@....................................@..@........................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):2956616
          Entropy (8bit):6.152678182200234
          Encrypted:false
          SSDEEP:
          MD5:325C8E8F71D1B19ABC3D2DCBDE289A37
          SHA1:6B710EF891FF97D6196AA7B142AC3BFC2FD22801
          SHA-256:968D5063B87880192691290B236FCE7103B417907FF0A9E3BF1748A4DA135722
          SHA-512:AF175FD63F6583ACCE3E3CF5AC51702DFDA49A06606DE82326C960F5240A226578B9523E81E6467C3D5E99871FE6900AE0EDCA9D4469EBA0B09C80BE2D09696F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Q@...@...@...I.o.X.......:.....;.B.......B....T2.A....T7.N...{...N...{...]...{...m...@.......{...E.......A.......A.......A...@.k.A.......A...Rich@...........PE..L...mS.b...........!.....L..........:........`...............................P-......G-...@...........................$.......$.......*..\............,.H)....,..K..0.#.......................#.....P.#.@............`..L............................text....K.......L.................. ..`.rdata.......`.......P..............@..@.data...<O... %..B....%.............@....gfids.......p*......D*.............@..@.tls..........*......F*.............@..._RDATA.. .....*......H*.............@..@.rsrc....\....*..^...J*.............@..@.reloc...K....,..L....+.............@..B................................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:MS Windows 95 Internet shortcut text (URL=<https://www.activebarcode.com/>), ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):121
          Entropy (8bit):4.719027285110878
          Encrypted:false
          SSDEEP:
          MD5:B508640A726072329975A4011877F7A3
          SHA1:48C8E9C8897A3063C2A8E6497AC1821598E1C3AE
          SHA-256:2C675940B3E36A5C0DBA07C895D297EF34237A071D8C9A083C9A488ADF342B9B
          SHA-512:05D17CD7EE1C7222696FC4861009A14F9DDB70ED3312D1FA13A77A76421B78F5D5B1B7E81BEEA64C3DA2B13E91D9A9DE52F131D6FB2D7A63B43545B6922F18DF
          Malicious:false
          Reputation:low
          Preview:[InternetShortcut]..URL=https://www.activebarcode.com/..IconFile=https://www.activebarcode.com/favicon.ico..IconIndex=1..
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PNG image data, 128 x 128, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):8612
          Entropy (8bit):7.964418638112347
          Encrypted:false
          SSDEEP:
          MD5:88FB554D8D6367A7530B77A1778BCA53
          SHA1:230F85C6B4627FC87C8ECB500B80A6243E4BABC2
          SHA-256:CB2E47FBDA4D632FD5F32ECF74EC57EA2D34FE24C1803E0D6A1F3728DAE01C79
          SHA-512:F04D00D0303376BD577E884FE4CA28E7436B47470050CEF1C7E113890A7DD0F2F5AE452FE2BF7321986038E26BA913F357115324BFDFD740A5A703C54A976A8A
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR.....................gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....PLTE............HHHNNN............QQQ999666......EEE111...---........AA@.........===...........lll................)))............nnnzzz......................|}}...........$$$........jjjpppttt...rrr......ncX!!!............www......~~~.........................fff...^^^..........xxx...s......bbb```...\\\...QF:}sh......YYY:CLVVV......TTT...hhhddd...P\h........{[epy........ZZZwla.........6-%...WLB.$-......f\Q...1:D.........JR[*!.........cmv...}wp#+3]TK...#..(2>...<4+...B?;...iszALW....{n.................##)/....................................................................................................VZ^...........?:6.........KKK........'''+& .........ikl............aipdgl...PW^......WWW]^_[[[Y]a......HKN...444048642......v{~....................p....*IDATx..{{|[.].$.e.kY~.%<vd...bI....)..Z.)0u...uq.Q.....P(-..S(.........3~?....`g.f_..uHa..n...w......;|.O...k.J...}...
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32+ executable (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):3641152
          Entropy (8bit):5.889542292039324
          Encrypted:false
          SSDEEP:
          MD5:272111F2C5CB62A506CAE04B1DE7E726
          SHA1:F18D734ED94113BCF2C6EF2F66658DB253B621DF
          SHA-256:309994543A7C9FE2EAF9DCD6BFCCB9E9D49DCBEF35A8139593109D6B9F235937
          SHA-512:3BA2EF03A837E9A3719E27260280E2DC93D75769B6C08B534D42AA3CC506257E7E08F71A8EE09FC672B56BE9AF14BFA9D226D16A72D08D0FF750ED5846A8C224
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d....EP\.........."......R,.........P.+.......@...............................8.......7..............@............... ................1.......0..D...06..^....3..@...f7.@)...@1..............................01.(.....................0.(.....1.2....................text....Q,......R,................. ..`.data...hx...p,..z...V,.............@....bss........../..........................idata...D....0..F..../.............@....didata.2.....1.......0.............@....edata........1......$0.............@..@.tls....l.... 1..........................rdata..m....01......&0.............@..@.reloc.......@1......(0.............@..B.pdata...@....3..B....2.............@..@.rsrc....^...06..^....5.............@..@..............8......f7.............@..@
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PNG image data, 270 x 270, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):19686
          Entropy (8bit):7.974048599716306
          Encrypted:false
          SSDEEP:
          MD5:ACFB39776B2CA0BDE186534CB8EDE1CC
          SHA1:ED9715C28F8A142139641090BD985710B161CA82
          SHA-256:03FFAA062FD777ECBB825DACC52BF22B73389CB8A412AD912FF183DE00118CAA
          SHA-512:5735CFFC781DA651AF3B5240D4079C4C172FD57E052E574BB9BF8E397450DEE9061F68B0B37DDFFC7C4E0B6F5C9F79C1246B5DE11675F48DCAE1B58DDBEE59CB
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR.............Oo......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....PLTEuuuhhh...^^^qqq.........^I5}}}aaa...v`eee...NNNHHH......EEE...VVV......YYY..QQQn.....===......AAA...1115GZbu....***999.......................................$$$.................iU !..m..........555.......Ti............................H4!......n[J...v..J^r...................................................ooo........y.........&8L...xxx...lll.#2........3".......zzz....................*..........'...........................RKB...=4-....,<...............xrj...........'3?......snj............:+.......aQD...HLQ...18A............,$.............................................................OB7'''...............Zak...^ju.......}..wxy...MHBkkkCTg.........sss.....+++\\\KKKNIHQTWcnx.....F<2&,0...........qh]....................PX`YWS...............IlIDATx..}{\..u.....k..e..X.....&.. `...de.A........b-9.4...m.&.6.l7M.h........~?b.r.HU.O..m.$U.OIIro..w....o.6......#1.9s..~..{.
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):5784400
          Entropy (8bit):5.990436138605381
          Encrypted:false
          SSDEEP:
          MD5:7487DC5661ECDB7B748915F32BED98CC
          SHA1:6283CAA60B400A68A690A5F0C05A2BD6AA1B1547
          SHA-256:DF0785F55C89CF0914E6E6DF7278DCACBAC02D9AAB5F741C50398646E3CB1B11
          SHA-512:B27D53576EF332BCB3491927807EDF601B5FB2CB65B5BF2997F01E41B2D8951DE831B7B5AD5D5DA46F8F135594E68E7168E71CCAA060B6579C6F088588AD0743
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d...A1.a..........".......D..0......@.C.......@..............................`Y.....Z~X..............@............... ................K.......J.jE....Q.......N.......X.P)...@K..=...........................0K.(.....................J.p.....K......................text...L.D.......D................. ..`.data.........E.......D.............@....bss..........I..........................idata..jE....J..F....I.............@....didata.......K.......J.............@....edata........K.......J.............@..@.tls......... K..........................rdata..m....0K.......J.............@..@.reloc...=...@K..>....J.............@..B.pdata........N......TM.............@..@.rsrc.........Q......FP.............@..@.............`Y.......X.............@..@
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):3922248
          Entropy (8bit):6.022396370577774
          Encrypted:false
          SSDEEP:
          MD5:25235C7A41149D19A5E9BF512D7A6A4A
          SHA1:A7F0F429CAACE1F292E8680CE6F0528AC1113385
          SHA-256:BFDE41B991949A604A0BE73C58907B37491BF3BDFB4EB9E4A7DB3C6424165096
          SHA-512:A6DB93F30E9BCCD8F88E2E168BEC932C69F24104191A7C39EF4B39585A61A60774EBB73BD76F2617EE4124239C9AA7D34CFE24D24FA641CC732A383B3ED80A16
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........s..X..OX..OX..OQjtO@..O.L.N"..O.K.NZ..O..)OY..O..,OV..O. O[..OcL.N^..OcL.NE..OcL.Nu..OX..OW..OcL.N_..O.L.NY..O.L.NY..O.L.OY..OX.pOY..O.L.NY..ORichX..O................PE..d....N.b.........." .....*..........$........................................ <.......<...`..........................................42.....l52......P:..\....8.t.....;.H)....;..k...T-.T....................U-.(...PU-..............@..(............................text...X).......*.................. ..`.rdata...$...@...&..................@..@.data...x....p2......T2.............@....pdata..t.....8......<8.............@..@.gfids..4.... :.......9.............@..@.tls.........0:.......9.............@..._RDATA.. ....@:.......9.............@..@.rsrc....\...P:..^....9.............@..@.reloc...k....;..l...D;.............@..B................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
          Category:dropped
          Size (bytes):1060
          Entropy (8bit):3.2813489587502302
          Encrypted:false
          SSDEEP:
          MD5:F7E685F4447433D51157F479CF72F8CA
          SHA1:3B8A05DDA6A1137AFBB0DDC28B86B68B522211D5
          SHA-256:EB71B5BEB39DC41E8780B6D26F83D8BBA90E1C8228D15A57286E6BC784318ADF
          SHA-512:3B72144CC10AFA8AAAB7B67A7D7BD4BC612DB97CE6A720414C5DF7E7F5B15C3B45E6BE80EA378B1C7F334AF9254CB3EB9F02EC972D7A54097E16398C09F2052A
          Malicious:false
          Reputation:low
          Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........System32..B............................................S.y.s.t.e.m.3.2.....t.1...........WindowsPowerShell.T............................................W.i.n.d.o.w.s.P.o.w.e.r.S.h.e.l.l... .N.1...........v1.0..:............................................v.1...0.....l.2...........powershell.exe..N............................................p.o.w.e.r.s.h.e.l.l...e.x.e.......H.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.W.i.n.d.o.w.s.P.o.w.e.r.S.h.e.l.l.\.v.1...0.\.p.o.w.e.r.s.h.e.l.l...e.x.e...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.o.c.u.m.e.n.t.s...-.N.o.E.x.i.t. .".A.c.t.i.v.e.B.a.r.c.o.d.e.C.L.I...e.x.e.".........%...............wN....]N.D...Q..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 24 14:37:37 2023, mtime=Tue Oct 24 14:37:37 2023, atime=Sat Jul 23 17:16:32 2022, length=5784400, window=hide
          Category:dropped
          Size (bytes):976
          Entropy (8bit):4.546754172715342
          Encrypted:false
          SSDEEP:
          MD5:2584B7986494B8F0C242346967E745FF
          SHA1:185210D8379DC859FCFDFA2CECB3DCA756544312
          SHA-256:5A496BAF4F98D3F6B5008D7830CA75881B5AA8728828084999347609A40F2106
          SHA-512:4794B93517F7F15DD430BC57766F27A637AAC2FE671DABA6EB91DCBE6409106E50A8C37F47E1CD3F0B863A4A889094AA7836106B8305BA7D4C663CAA8F136FE7
          Malicious:false
          Reputation:low
          Preview:L..................F.... .../..................U....PCX..........................P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXWw|....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....d.1.....XW.|..ACTIVE~1..L......XW.|XW.|....U......................o..A.c.t.i.v.e.B.a.r.c.o.d.e.......2.PCX..T.. .ACTIVE~1.EXE..f......XW.|XW.|..............................A.c.t.i.v.e.B.a.r.c.o.d.e.G.e.n.e.r.a.t.o.r...e.x.e.......h...............-.......g...........]Xdj.....C:\Program Files\ActiveBarcode\ActiveBarcodeGenerator.exe..H.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.A.c.t.i.v.e.B.a.r.c.o.d.e.\.A.c.t.i.v.e.B.a.r.c.o.d.e.G.e.n.e.r.a.t.o.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.A.c.t.i.v.e.B.a.r.c.o.d.e.`.......X.......767668...........hT..CrF.f4... .<.0.+d...,....%..hT..CrF.f4... .<.0.+d...,....%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):821880
          Entropy (8bit):7.577649468691907
          Encrypted:false
          SSDEEP:
          MD5:24043D621E555C7030908726532654D1
          SHA1:5B5F24754FAEF7557EB57EC4D3B464C29C9DFABF
          SHA-256:78E3EAD3C50ECB908B2A9EC8C70770749D032E02F61D2BCB25EA6F7A1A7029B8
          SHA-512:1F4AF34BF16581F7DA89E7E73526278335F513E98B290975CA9515293E11252EE33192CE49EA33CE983E6258F5EF7ED98A20684133F797115C3E5F980F87C4A0
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-.}}~.}}~.}}~...~.}}~...~.}}~...~.}}~...~.}}~.}|~.|}~...~.}}~...~.}}~.}.~.}}~...~.}}~Rich.}}~........PE..L....S.T.....................6....................@..........................P......,.....@..................................6..@........9...........K...>......03.. .......................H/......./..@............................................text............................... ..`.rdata.............................@..@.data....0...`.......:..............@....wixburn8............J..............@..@.tls.................L..............@....rsrc....9.......:...N..............@..@.reloc...D.......F..................@..B................................................................................................................................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:data
          Category:dropped
          Size (bytes):904
          Entropy (8bit):2.712404780781848
          Encrypted:false
          SSDEEP:
          MD5:03C133153A6A0FD09F434D17FD486BE6
          SHA1:9C27542E36779CB44E60572A499F97B4E78D8D77
          SHA-256:22ADE996248CA15FECD97769D62B4673558935F52DD3552789291C4C96D83C96
          SHA-512:C8663889DABD7ACF8AEBD7317FB7FC55F054EB2C325CCD999A094E9642B162579E60CD1129FD5C2C8E548771BA997BFE1EFEC11FDFCA11127C9F1833729472C0
          Malicious:false
          Reputation:low
          Preview:E...................................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.............................W.i.x.B.u.n.d.l.e.N.a.m.e.....<...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.8.6.). .-. .1.4...0...2.4.2.1.5.........W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....?...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.i.s.-.4.8.3.B.E...t.m.p.\.v.c._.r.e.d.i.s.t...x.8.6...e.x.e.........W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r.........C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.i.s.-.4.8.3.B.E...t.m.p.\.....................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):4840
          Entropy (8bit):3.7343387041533216
          Encrypted:false
          SSDEEP:
          MD5:A0544BCB9B237656F17F1FF37B5D6E8D
          SHA1:225C74306970B10850F2C2A3F1202AFB12E459B4
          SHA-256:6A04051B8D7536F6C1471A2CB50A475951A0D9BB5ED94DB99F3454233012EF76
          SHA-512:0F2F9153CB7ADC7330AB86A8FA459119C313FE702A1D241AAC8747F13C1D8A1B019CA39876FE65FE96CD70A79C317CFBA7A1B943E09D90EEFCC9A9928CB50BD4
          Malicious:false
          Reputation:low
          Preview:...j.Y.G..<.&.+...........................\WQ.C.W.....V........Cw...............U..L...8................................$.......8.......t...%.......%...I.n.s.t.a.l.l.e.d. .A.c.t.i.v.e.B.a.r.c.o.d.e. .O.b.j.e.c.t. .(.x.6.4.).................C.:.\.W.i.n.d.o.w.s.\...............7.6.7.6.6.8.................W.O.R.K.G.R.O.U.P.........e.c..J..e0........................DMIO:ID:..K...YM...?............ ...2.......2...\.\.?.\.V.o.l.u.m.e.{.1.a.4.b.1.3.8.2.-.e.e.b.5.-.4.d.5.9.-.b.0.f.a.-.b.9.3.f.8.3.a.5.1.8.e.1.}.\...............C.:.\...........N).A.j..j...............(...0.......,...2.......2...\.\.?.\.V.o.l.u.m.e.{.1.a.4.b.1.3.8.2.-.e.e.b.5.-.4.d.5.9.-.b.0.f.a.-.b.9.3.f.8.3.a.5.1.8.e.1.}.\.......4...............(.C.:.).........<...@...D...H...L...P...T...X...\...`...d...h...l...p...............7.-.Z.i.p. .2.3...0.1. .(.x.6.4.). .2.3...0.1...$.......$...A.c.t.i.v.e.B.a.r.c.o.d.e. .O.b.j.e.c.t. .(.x.8.6.). .6...1.2...0...0...$.......$...A.d.o.b.e. .A.c.r.o.b.a.t. .(.6.4.-.b.i.t.). .2.3...0.0.
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):4752
          Entropy (8bit):3.7397171699670193
          Encrypted:false
          SSDEEP:
          MD5:FAE798937C01CCD887EA7DDF48F65C49
          SHA1:08CB5E6AE4448F12AE2A9BBE1341EF1A2293FFA1
          SHA-256:4D5FB4998446DAE14072ED61692DA3E4F16CCCD03007D11AD460EB6F9B11B17F
          SHA-512:39222BA0DE995DC89A20343A73A9F45746EA9163BB0E69E0CB1894F4F6EB5FB1FCD250C0AF3073D1C243DC018E85AA3D46C95CB60776175F0BFD69D38D188CB5
          Malicious:false
          Reputation:low
          Preview:...j.Y.G..<.&.+.................h.......R...$.E..2..............................U..L...8................................$.......8.......p...%.......%...I.n.s.t.a.l.l.e.d. .A.c.t.i.v.e.B.a.r.c.o.d.e. .O.b.j.e.c.t. .(.x.8.6.).................C.:.\.W.i.n.d.o.w.s.\...............7.6.7.6.6.8.................W.O.R.K.G.R.O.U.P.........2.4R.L..>.........................DMIO:ID:..K...YM...?............ ...2.......2...\.\.?.\.V.o.l.u.m.e.{.1.a.4.b.1.3.8.2.-.e.e.b.5.-.4.d.5.9.-.b.0.f.a.-.b.9.3.f.8.3.a.5.1.8.e.1.}.\...............C.:.\...........N).A.j..j...............(...0.......,...2.......2...\.\.?.\.V.o.l.u.m.e.{.1.a.4.b.1.3.8.2.-.e.e.b.5.-.4.d.5.9.-.b.0.f.a.-.b.9.3.f.8.3.a.5.1.8.e.1.}.\.......4...............(.C.:.).........<...@...D...H...L...P...T...X...\...`...d...h...l...............7.-.Z.i.p. .2.3...0.1. .(.x.6.4.). .2.3...0.1...$.......$...A.d.o.b.e. .A.c.r.o.b.a.t. .(.6.4.-.b.i.t.). .2.3...0.0.6...2.0.3.2.0...............G.o.o.g.l.e. .C.h.r.o.m.e. .1.1.7...0...5.9.3.8...1.3.2.....
          Process:C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):6664
          Entropy (8bit):5.2304022166063024
          Encrypted:false
          SSDEEP:
          MD5:54433551DF53E2CB107702C7AB6D21B1
          SHA1:EBE6E60BB6BE746A86569120C218760A3112D24F
          SHA-256:314C2B312238A67004E82EA8FA76D8669D87680FA1D5C04187137CB884407424
          SHA-512:F65373AB1231B3970B6458A15A88347100FB18E79C64A28BAE67FFD9EBFF54040AD3A5DDBED491106E86E049F13823524C737D0BE9FC991EA8E2EB841D8CA6FD
          Malicious:false
          Reputation:low
          Preview:.2023-10-24 17:37:39.097 Log opened. (Time zone: UTC+02:00)..2023-10-24 17:37:39.097 Setup version: Inno Setup version 5.6.1 (u)..2023-10-24 17:37:39.097 Original Setup EXE: C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe..2023-10-24 17:37:39.097 Setup command line: /SL5="$A02C0,481838,121344,C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe" /SILENT..2023-10-24 17:37:39.097 Windows version: 10.0.19045 (NT platform: Yes)..2023-10-24 17:37:39.097 64-bit Windows: Yes..2023-10-24 17:37:39.097 Processor architecture: x64..2023-10-24 17:37:39.097 User privileges: Administrative..2023-10-24 17:37:39.607 64-bit install mode: Yes..2023-10-24 17:37:39.623 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-5RSRK.tmp..2023-10-24 17:37:39.639 -- DLL function import --..2023-10-24 17:37:39.639 Function name: GetProcessId..2023-10-24 17:37:39.639 DLL name: setup:kernel32.dll..
          Process:C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):5971
          Entropy (8bit):5.225393169053579
          Encrypted:false
          SSDEEP:
          MD5:355D6FAE156BD306C2F09387BF0ED5F7
          SHA1:09C2E3EBA30DBFB2BA4217E896951FE05B9EF06F
          SHA-256:E802E8D2EF3AB455B4255FB73E4ED1E36820F0FBA1DC28B189B6CC813CF9C743
          SHA-512:668300A02B40F673582968C13E99E6C70852B99CD2E41CEDDC60793C275FDD908C5AC9F6F9737372AD5949988B71D083CF034B8241233B8A4D6D64DC96EA675D
          Malicious:false
          Reputation:low
          Preview:.2023-10-24 17:37:44.983 Log opened. (Time zone: UTC+02:00)..2023-10-24 17:37:44.983 Setup version: Inno Setup version 5.6.1 (u)..2023-10-24 17:37:44.983 Original Setup EXE: C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe..2023-10-24 17:37:44.983 Setup command line: /SL5="$902D2,361899,121344,C:\Program Files (x86)\ActiveBarcode\word\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.exe" /SILENT..2023-10-24 17:37:44.983 Windows version: 10.0.19045 (NT platform: Yes)..2023-10-24 17:37:44.983 64-bit Windows: Yes..2023-10-24 17:37:44.983 Processor architecture: x64..2023-10-24 17:37:44.983 User privileges: Administrative..2023-10-24 17:37:45.367 64-bit install mode: Yes..2023-10-24 17:37:45.383 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-AFE7B.tmp..2023-10-24 17:37:45.414 -- DLL function import --..2023-10-24 17:37:45.414 Function name: GetProcessId..2023-10-24 17:37:45.414 DLL name: setup:kernel32.dll..2023
          Process:C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:modified
          Size (bytes):7101
          Entropy (8bit):5.244841948411075
          Encrypted:false
          SSDEEP:
          MD5:995887A1F84DB7A980E6E9519757B684
          SHA1:8B3475C7A482430AF8E7E16F030F670CF4DD1069
          SHA-256:D62A6591B4C37D4D5CD2EE5664C9F40C77105927D440B0E7D8D15C7463C5364B
          SHA-512:80F84C871B84C3BC239AAF4FBA43D1AB1FFC2A881A35644067375905F87757477150C899C1E51218E11C43739220BDC8844C4043BC9034B9A870CA7C55AA04D9
          Malicious:false
          Reputation:low
          Preview:.2023-10-24 17:37:51.416 Log opened. (Time zone: UTC+02:00)..2023-10-24 17:37:51.416 Setup version: Inno Setup version 5.6.1 (u)..2023-10-24 17:37:51.416 Original Setup EXE: C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe..2023-10-24 17:37:51.416 Setup command line: /SL5="$A02CE,385517,121344,C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe" /SILENT..2023-10-24 17:37:51.416 Windows version: 10.0.19045 (NT platform: Yes)..2023-10-24 17:37:51.416 64-bit Windows: Yes..2023-10-24 17:37:51.416 Processor architecture: x64..2023-10-24 17:37:51.416 User privileges: Administrative..2023-10-24 17:37:52.084 64-bit install mode: Yes..2023-10-24 17:37:52.100 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-PGJQ7.tmp..2023-10-24 17:37:52.116 -- DLL function import --..2023-10-24 17:37:52.116 Function name: GetProcessId..2023-10-24 17:37:52.116 DLL name:
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:ASCII text, with very long lines (311), with CRLF line terminators
          Category:dropped
          Size (bytes):6874
          Entropy (8bit):5.486144520436552
          Encrypted:false
          SSDEEP:
          MD5:9886764F664DA91741BAF8813DE1B602
          SHA1:39D86A23B6E9409E3CD1CBA3700E4748740FBBDA
          SHA-256:043D43A3E51032DFD35E61F24B867B50FAA1C78CCDB9EC83C7939AA76ED791FB
          SHA-512:9C02374DCD87A07A17055B2A69B4CF2F3EF7306CAE2F626320CC5E3C18EDE26A8918FD50DDE3C18DEE0A9B05A1AA44E5E557BA9BE8CC1FE7717292440F2F1142
          Malicious:false
          Reputation:low
          Preview:[0B64:104C][2023-10-24T17:36:25]i001: Burn v3.7.3813.0, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe, cmdline: '/passive /norestart -burn.unelevated BurnPipe.{4F78198D-CCF4-4BDA-B229-9F6ECD155586} {4F97EF20-8ED2-4EE3-ADE3-D632CD31AA0A} 6124'..[0B64:104C][2023-10-24T17:36:26]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20231024173626.log'..[0B64:104C][2023-10-24T17:36:26]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe'..[0B64:104C][2023-10-24T17:36:26]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\AppData\Local\Temp\is-483BE.tmp\'..[0B64:104C][2023-10-24T17:36:26]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215'..[0B64:104C][2023-10-24T17:36:26]i100: Detect begin, 10 packa
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:ASCII text, with very long lines (320), with CRLF line terminators
          Category:modified
          Size (bytes):16213
          Entropy (8bit):5.5272079736350905
          Encrypted:false
          SSDEEP:
          MD5:B4CBD21FA327F6E26BF010180528342E
          SHA1:A98AEEF214A01BF5E5E813386837B2C1FAD44461
          SHA-256:B8DECE268C6C49B355D9A428F9B0605754144E69A7B4A5F1FCA603412B4A5DA0
          SHA-512:8FCA5F4B6B268C09F642A7D3071689267EA9C04C5CAC1D91320881BCE8F2C4F60ECC2CE17A4233C63D266BE49DA65A8B4F088B932761E9C111A288F3B98FF329
          Malicious:false
          Reputation:low
          Preview:[10BC:1B18][2023-10-24T17:36:28]i001: Burn v3.7.3813.0, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe, cmdline: '/passive /norestart -burn.unelevated BurnPipe.{47F62FCB-416C-4BBB-9E18-CDA7A796F212} {D21067EF-2E64-4E1B-B04F-EE78644A74D1} 4612'..[10BC:1B18][2023-10-24T17:36:28]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20231024173628.log'..[10BC:1B18][2023-10-24T17:36:28]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe'..[10BC:1B18][2023-10-24T17:36:28]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\AppData\Local\Temp\is-483BE.tmp\'..[10BC:1B18][2023-10-24T17:36:28]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215'..[10BC:1B18][2023-10-24T17:36:29]i100: Detect begin, 10 package
          Process:C:\Windows\System32\msiexec.exe
          File Type:Unicode text, UTF-16, little-endian text, with very long lines (588), with CRLF line terminators
          Category:dropped
          Size (bytes):185204
          Entropy (8bit):3.7931248849574204
          Encrypted:false
          SSDEEP:
          MD5:EA4C37E948F351F4D7A485F9BFF9BC94
          SHA1:FA8E5DA2AE7E7FAADA91C00900D4ED5A4998D396
          SHA-256:614D8026374A0B2A3954EFA4E9C0751A97B680F4EA1E3C327FFB4225EE5655A1
          SHA-512:19073116A8E40BC6DB5963F1153A8095742325BBA559447682D3D1BC697991D14B8491F899AD2465C162E7BBEE44FBA2D429483A7F490C28BCD298D602FEBAA4
          Malicious:false
          Reputation:low
          Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.4./.1.0./.2.0.2.3. . .1.7.:.3.6.:.4.3. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.i.s.-.4.8.3.B.E...t.m.p.\.v.c._.r.e.d.i.s.t...x.8.6...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.0.4.:.7.8.). .[.1.7.:.3.6.:.4.3.:.6.5.1.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.0.4.:.7.8.). .[.1.7.:.3.6.:.4.3.:.6.5.1.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.0.4.:.7.8.). .[.1.7.:.3.6.:.4.3.:.6.5.1.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.B.B.F.2.A.C.7.4.-.7.2.0.C.-.3.C.B.3.-.8.2.9.1.-.5.E.3.4.0.3.9.2.3.2.F.A.}.v.1.4...0...2.4.2.1.5.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.M.i.n.i.m.u.m._.x.8.6.\.v.c.
          Process:C:\Windows\System32\msiexec.exe
          File Type:Unicode text, UTF-16, little-endian text, with very long lines (588), with CRLF line terminators
          Category:dropped
          Size (bytes):210700
          Entropy (8bit):3.8102823184552257
          Encrypted:false
          SSDEEP:
          MD5:DB2170D1E71A2B7F15A6DD5F2FA67980
          SHA1:3A58622DA9AFCA680C1607D2DE12BB29202F655F
          SHA-256:048EF46ECCD445C0A2D6360BED227E6C2B451A297F77AAA17BF4F764E68105C2
          SHA-512:FB1B319E925429E78F968C92BB982DBFBBDE653D471DC53DC284B90BF37929504673629B093DF0D5806D69A80FA79FD6C8488AFEB5AA8B2C1630D2628831D16C
          Malicious:false
          Reputation:low
          Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.4./.1.0./.2.0.2.3. . .1.7.:.3.6.:.4.5. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.i.s.-.4.8.3.B.E...t.m.p.\.v.c._.r.e.d.i.s.t...x.8.6...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.0.4.:.A.4.). .[.1.7.:.3.6.:.4.5.:.1.0.5.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.0.4.:.A.4.). .[.1.7.:.3.6.:.4.5.:.1.0.5.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.0.4.:.A.4.). .[.1.7.:.3.6.:.4.5.:.1.0.5.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.6.9.B.C.E.4.A.C.-.9.5.7.2.-.3.2.7.1.-.A.2.F.B.-.9.4.2.3.B.D.A.3.6.A.4.3.}.v.1.4...0...2.4.2.1.5.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.A.d.d.i.t.i.o.n.a.l._.x.8.6.
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32+ executable (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):6144
          Entropy (8bit):4.720366600008286
          Encrypted:false
          SSDEEP:
          MD5:E4211D6D009757C078A9FAC7FF4F03D4
          SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
          SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
          SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):15301888
          Entropy (8bit):7.99675809454307
          Encrypted:true
          SSDEEP:
          MD5:45B47F4214DDC9F4782363A38504C9D2
          SHA1:10B1683EA3FF5F36F225769244BF7E7813D54AD0
          SHA-256:DA66717784C192F1004E856BBCF7B3E13B7BF3EA45932C48E4C9B9A50CA80965
          SHA-512:C87955C5542E39FBB44C6EDF9EA0C6671693E7CD93B2BBB3988BD51C4E0BFC4C46FBD968BA9BC6327B21F2E52DD1DFE8D0D077AA27A8619BCF61EDC3F58B246A
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-.}}~.}}~.}}~...~.}}~...~.}}~...~.}}~...~.}}~.}|~.|}~...~.}}~...~.}}~.}.~.}}~...~.}}~Rich.}}~........PE..L....S.T.....................6....................@..........................P............@..................................6..@........9..........H>...>......03.. .......................H/......./..@............................................text............................... ..`.rdata.............................@..@.data....0...`.......:..............@....wixburn8............J..............@..@.tls.................L..............@....rsrc....9.......:...N..............@..@.reloc...D.......F..................@..B................................................................................................................................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-8F63M.tmp\ActiveBarcode-Setup6.12.0.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):14456872
          Entropy (8bit):7.9963183685796775
          Encrypted:true
          SSDEEP:
          MD5:A3CB49DAA1347FFE34B517F1A12F40AB
          SHA1:72211BD2E7DFC91EA7C8FAC549C49C0543BA791B
          SHA-256:12A69AF8623D70026690BA14139BF3793CC76C865759CAD301B207C1793063ED
          SHA-512:E3D96CC4C822793893FC3831CBE40D7A53EE8ECA3A73021AEA2193BBF5C5A05EF5FA4A9FC314C29AD5392F980997A25507CAA9CF3A1E3362674AC913FBAEBB17
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-.}}~.}}~.}}~...~.}}~...~.}}~...~.}}~...~.}}~.}|~.|}~...~.}}~...~.}}~.}.~.}}~...~.}}~Rich.}}~........PE..L....S.T.....................6....................@..........................P............@..................................6..@........9..........pY...>......03.. .......................H/......./..@............................................text............................... ..`.rdata.............................@..@.data....0...`.......:..............@....wixburn8............J..............@..@.tls.................L..............@....rsrc....9.......:...N..............@..@.reloc...D.......F..................@..B................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\ActiveBarcode-Setup6.12.0.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1197328
          Entropy (8bit):6.416595688611189
          Encrypted:false
          SSDEEP:
          MD5:D37F2C5CAC5747F6321F90C095DCE0FD
          SHA1:419BE97F530181EBE1FA2DCA089F1AA05AECF93C
          SHA-256:E9635CA97A638E4A49E44B26456504EA08AC3314DDAC08DE463BB03CF787CB19
          SHA-512:BBC0D9124321229DD7EBCB53291509CC987EEB30FEF515AF88C15F5FF795BA0159A22C6A3F2FF2C5D462F336A173144B0D04F5D7837939BB39716D9FECD05AFE
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 2%
          Reputation:low
          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@.................................".....@......@..............................@8...@...................)...................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc........@......................@..@....................................@..@........................................................................................................................................
          Process:C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:modified
          Size (bytes):1197328
          Entropy (8bit):6.416687886017444
          Encrypted:false
          SSDEEP:
          MD5:0544949ED66EFF058CB7E1311C104CDD
          SHA1:9A46FBD6639A46784190A044402206DDB798F18E
          SHA-256:D114262D88412C3E6AD7E02672E500089812E0B443A396E75AC814242DD5EDD1
          SHA-512:320384E86C65C12AF47D14C58850D0A2957D964270648C269711A86C7DC167ABA93519512133CC1B3D7278E7301E46219C4A67C57CB50E680FC2FE5BBED3E459
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 3%
          Reputation:low
          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@..................................|....@......@..............................@8...@...................)...................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc........@......................@..@....................................@..@........................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):222842
          Entropy (8bit):5.001125078607001
          Encrypted:false
          SSDEEP:
          MD5:D4A9B6D1DBAD45982B85F3B296D60117
          SHA1:38E63E6276AEFBEA7DD0526978F26625A78D554E
          SHA-256:9AB1E570F8D1257094B0A933017669D68FAC393615588DF909157125291A4DA8
          SHA-512:1170B90C620659E04E044DA2B3DB687D4C90DF75D5B2D1B25E8F4D1B3CF0D725ACE82C4FB752A0403FCAE80DD655561557FC7F0AE5D37254892E7839AB432DC9
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch0\stshfloch31506\stshfhich31506\stshfbi31506\deflang1033\deflangfe2052\themelang16393\themelangfe2052\themelangcs1054{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}{\f5\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070409020205020404}Courier;}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f14\fbidi \froman\fcharset136\fprq2{\*\panose 02020500000000000000}PMingLiU{\*\falt !Ps2OcuAe};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 020405030504060
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):2980
          Entropy (8bit):6.163758160900388
          Encrypted:false
          SSDEEP:
          MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
          SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
          SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
          SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3333
          Entropy (8bit):5.370651462060085
          Encrypted:false
          SSDEEP:
          MD5:16343005D29EC431891B02F048C7F581
          SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
          SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
          SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):148979
          Entropy (8bit):5.058732518282156
          Encrypted:false
          SSDEEP:
          MD5:59E7C6E022B76B9906B13B324F7EC9B3
          SHA1:2A88EDAB414B7BFCFEE62C1E2C100E043D06EC1E
          SHA-256:243039F0FFE11EE032104E690EF61B2053F7369363D30BAFC430E96B6226EFFC
          SHA-512:E945303B150B832C04833F832C30BFF52BF45F222EF29F7A9CFCD61F22A44F477470DA6090A4177D42E567676B7D525C37DAF6F597FA1C170F6B4FAF03BC01C9
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe2052\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Yu Gothic UI};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????\'a8\'ac??????????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?l?r ???};}{\f96\f
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3379
          Entropy (8bit):5.094097800535488
          Encrypted:false
          SSDEEP:
          MD5:561F3F32DB2453647D1992D4D932E872
          SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
          SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
          SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):250383
          Entropy (8bit):4.973202289275364
          Encrypted:false
          SSDEEP:
          MD5:04105D5D6BA9BF94065327FBCD331D2D
          SHA1:4577CA0F7BEB4667BA102EBAFDDE0367ACA44AE6
          SHA-256:5B0EA3147EC01BEC77D3E1B8AE9AD0AE13421DB9929A1E1D41B53FE1A8075EB5
          SHA-512:E55581EEB352AE5FE7BC48846264ECEB29B161A27D9075DDE9EFB28029B6CA46CC8E4D10EB600DD5FAD5A77A3F048968621BDCCC8B3BAEC43D7ABB7BE9190A15
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch0\stshfloch31506\stshfhich31506\stshfbi31506\deflang1033\deflangfe2052\themelang16393\themelangfe2052\themelangcs1054{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}{\f5\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070409020205020404}Courier;}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}{\f35\fbidi \fswiss\fcharset128\fprq2{\*\panose 020b060402
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3959
          Entropy (8bit):5.955167044943003
          Encrypted:false
          SSDEEP:
          MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
          SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
          SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
          SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):505468
          Entropy (8bit):4.829573385384541
          Encrypted:false
          SSDEEP:
          MD5:D66807A2D5E059061BF3C8CF60238C3C
          SHA1:B14D4E7EFF44302EA8F16B6F1FA9DBCAA91F8390
          SHA-256:503C25737668D3234B6E7BFFFE664A657868E57D93E65400930E460FEF13472B
          SHA-512:90FF86A188F736274B80A319D8BD414A06D5B1D3104C7AABCCF9110EDFA899E1699174EEEDCD1E6A230749EF4AA114998602EC64DC36DCB75C8DE27A10481B55
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch0\stshfloch31506\stshfhich31506\stshfbi31506\deflang1033\deflangfe2052\themelang16393\themelangfe2052\themelangcs1054{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}{\f5\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070409020205020404}Courier;}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????\'a1\'a7????????};}..{\f20\fbidi \fswiss\fcharset129\fp
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):159546
          Entropy (8bit):5.07660602663951
          Encrypted:false
          SSDEEP:
          MD5:E544B7FBAF6DB4DE6DB8A7D099FCE21F
          SHA1:8B4E82AA0F44EB28013396A2DA53211E42624636
          SHA-256:3EB6AD3F289D8D5C8A946CA1609B1538E83959D285C40EEE297CEBC1CFD8265D
          SHA-512:E54EE3F933103FB63ADD3660E3DC427D6F0814A181ABF54EB20686ADEB6F94FBD2E3A6D8154ABDF56B1796C5645CA1464CBDC15A64ACB88ACA18DA32BA836C38
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff39\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1042\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Yu Gothic UI};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ?????????????????\'a1\'ec?????????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f39\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?l?r ???};}{\f42\fbidi
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3212
          Entropy (8bit):5.268378763359481
          Encrypted:false
          SSDEEP:
          MD5:15172EAF5C2C2E2B008DE04A250A62A1
          SHA1:ED60F870C473EE87DF39D1584880D964796E6888
          SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
          SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):146819
          Entropy (8bit):5.040400157034575
          Encrypted:false
          SSDEEP:
          MD5:9C2457FBEDD9770A006876032DF57259
          SHA1:9B4F17B9BDF3ECC2EC07E69EE3764CDC0B39F003
          SHA-256:83FFDD5E96773C92B5A5C3352D0F61FA6A1D32D1876B87BE24CCC5F80C0FC794
          SHA-512:F179276B577442BDC0681D40D7D043084B0D061B8CEC9A9F4865C852122130CBCB99391CB5B3747A5D96F6C468120DB51E33E1343E9E40865189D1C3D360B5AE
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff39\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1042\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ?????????????????????????\'a1\'ec?????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f39\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?l?r ???};}{\f
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):206712
          Entropy (8bit):4.868670032408113
          Encrypted:false
          SSDEEP:
          MD5:2C5C86E1342142A08B6CCE494178D6CE
          SHA1:7ADCEF4C8B90CD7A1FB073566D9CB457395B854E
          SHA-256:6ACEB4A261D1902B637A9FB917381925C44FEDB725399EA37063222EC639B205
          SHA-512:A8DE980C9C3625A7A1BB90907F618AEB27EBD9F2B7DB0604C1A515E25031BA55033AC910A0F1BA8620B150C51E1E9C375BD3B9E711B63CDB66ECA2A3526F71E2
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff39\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1042\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????\'a1\'a7??????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}userbri{\*\falt Times New Rom
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):168140
          Entropy (8bit):4.983362108933948
          Encrypted:false
          SSDEEP:
          MD5:51208B192D025522D69EDF7B5CABABDA
          SHA1:CA41F2042CC0F4A6420298B138B6E224E9FE1A14
          SHA-256:E7067FE502D0A2CE51AF2F66A0CED1472D6702244E4C06479935BBC655DB4970
          SHA-512:3A7FA8A1474A172337AC1AF60B277A99F0669A526EAAF69B42122E5A90710A08F631F95778BCC7BE7BB0C4D0973DA3323B063C2222A4964961FAA15AD48A474B
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff39\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1042\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???\'a1\'ec??};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f39\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?l?r ???};}{\f42\fbidi \fswiss\fcharset
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3221
          Entropy (8bit):5.280530692056262
          Encrypted:false
          SSDEEP:
          MD5:DEFBEA001DC4EB66553630AC7CE47CCA
          SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
          SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
          SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):2978
          Entropy (8bit):6.135205733555905
          Encrypted:false
          SSDEEP:
          MD5:3D1E15DEEACE801322E222969A574F17
          SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
          SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
          SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):145887
          Entropy (8bit):5.029126389027723
          Encrypted:false
          SSDEEP:
          MD5:629843A74C7FF03F9107D9DC0D550A6D
          SHA1:F7B88666EA7435966E08A5A76A6EA41C56CDA214
          SHA-256:1DD594D7E68FF37BF5DA36B4266D3ED35ADF3E79B925B6D66DD3F75149D7D4D9
          SHA-512:FC57A2E506DE51496396A402B5B2964A100186E1E7AC7018C1E2A73601C3758A7FFF9568B7B39425988E3A929AEC2AD0E26A191692D930D3CE12EA8920AB4070
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff39\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1042\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ?????????????????????????\'a1\'ec?????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f39\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?l?r ???};}{\f
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3265
          Entropy (8bit):5.0491645049584655
          Encrypted:false
          SSDEEP:
          MD5:47F9F8D342C9C22D0C9636BC7362FA8F
          SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
          SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
          SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (561), with CRLF line terminators
          Category:dropped
          Size (bytes):12360
          Entropy (8bit):3.721552365349195
          Encrypted:false
          SSDEEP:
          MD5:D27D307712925F066BC0B3DC26C0EFD2
          SHA1:42C6FBB12AE880B23C782B176E0EF257B9807639
          SHA-256:43B490F158B16E5307C2B3C1EF7DC3E215A382492CD983B260221883BC70FD7D
          SHA-512:4824A80DA0A197FA788861D42BBFF0C11900A3D25E91658A19BA8B0481778E157899B0077D1868BBADC74933031496FCEA5148BDEF34B7CD39A2EB139E4A0DFC
          Malicious:false
          Reputation:low
          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.U.x.B.l.o.c.k.e.r. .S.h.o.r.t.N.a.m.e.=.".M.i.n.i.m.u.m.O.S.L.e.v.e.l.". .T.y.p.e.=.".S.t.o.p.". .C.o.n.d.i.t.i.o.n.=.".N.O.T.(.(.V.e.r.s.i.o.n.N.T. .&.g.t.;. .v.6...1.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.6...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).).". .D.i.s.p.l.a.y.T.e.x.t.=.".#.l.o.c...M.i.n.i.m.u.m.O.S.L.e.v.e.l.". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T.6.4. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .X.P. .S.P.1. .(.
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):152615
          Entropy (8bit):5.012810892724743
          Encrypted:false
          SSDEEP:
          MD5:B6CB0D1DECDF54F406D6D8855F991F6F
          SHA1:73FC0C292007BB05EFFEC5A47C99E4DAC9CEF99C
          SHA-256:97075CBD21F6FABAA0F076EDB3FF44F585454E4C0FC32F7694F54FA87C4FEE91
          SHA-512:E7A74DA948D82B8DB38B62E2DF50C58C5B2A1E2AB4C17F32AC2A4883E86B8CF7137D7363DDEB9E74C7657C67EE68DB64E851D7F85444AF40D52D2A69AE7680C8
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff40\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \froman\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ?????????????????????\'a1\'ec?????????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f40\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?l?r ???};}{\f4
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):2952
          Entropy (8bit):5.052095286906672
          Encrypted:false
          SSDEEP:
          MD5:FBFCBC4DACC566A3C426F43CE10907B6
          SHA1:63C45F9A771161740E100FAF710F30EED017D723
          SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
          SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x64.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):5881
          Entropy (8bit):5.175177119212422
          Encrypted:false
          SSDEEP:
          MD5:0056F10A42638EA8B4BEFC614741DDD6
          SHA1:61D488CFBEA063E028A947CB1610EE372D873C9F
          SHA-256:6B1BA0DEA830E556A58C883290FAA5D49C064E546CBFCD0451596A10CC693F87
          SHA-512:5764EC92F65ACC4EBE4DE1E2B58B8817E81E0A6BC2F6E451317347E28D66E1E6A3773D7F18BE067BBB2CB52EF1FA267754AD2BF2529286CF53730A03409D398E
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="64" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader)</T
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):166377
          Entropy (8bit):5.026731114600231
          Encrypted:false
          SSDEEP:
          MD5:F2D8C94464B459E9EB907C3FEB941A9C
          SHA1:601AEB7D17315D49B4BF625CDD9BE3461384CA19
          SHA-256:F2DB4BF289198917EC1CF8FBC8B65A91A96C76EDEF46476CEE4F9E88FF8B9936
          SHA-512:00F01FAF72169C461B9A86B1A9FE679A22E078F9CCB90AFC12395A9DFA8A7B44A2F4F9C64264837E5F7BF0CFF6658928A444C5DF676612E13FB8906F24C6CB92
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe2052\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????\'a1\'a7??????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?l?r ???};}{\f
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):150644
          Entropy (8bit):5.038910072390364
          Encrypted:false
          SSDEEP:
          MD5:B2425005ED1EC70689F598544842F760
          SHA1:44D1BEAD447A8200CDDD2A0E30B56ABFD7FAA996
          SHA-256:276DED59422B72402E7AEF6431628F705ABC465D14ED24AF2E53C22DDC86E35F
          SHA-512:9D78317BC3EC02573AB93C1453A73E4EB06C7B51F2FFD93206F857CA132FB3FD7417DBDF556E74BEE7ECACB8B059DEA01C8CB00DABA65F0CA2DC84E8950D9E1E
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe2052\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ?????????????????????????\'a1\'ec?????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?l?r ???};}{\f
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3366
          Entropy (8bit):5.0912204406356905
          Encrypted:false
          SSDEEP:
          MD5:7B46AE8698459830A0F9116BC27DE7DF
          SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
          SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
          SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):141946
          Entropy (8bit):5.048991273241136
          Encrypted:false
          SSDEEP:
          MD5:1549CEB14D69FEADD63112C1D843EABA
          SHA1:C3373A85747AF4038E6A37E0B5A2E52E24B1A923
          SHA-256:1412502C498FD67B5D2B6030914BFC6C67C0F9ACC8C265EED1AFED2578320953
          SHA-512:7748855BFF400F8F10CDA2CF277A70CA3A8DEAB32DC46D4D7BAC844EE3DDA5E750D0CB666ECCA018590C0E9F92AF7A272AA46CAF5AB3B47F17C49188664F4AD0
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe2052\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????\'a8\'ac??????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?l?r ???};}{\f
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3319
          Entropy (8bit):5.019774955491369
          Encrypted:false
          SSDEEP:
          MD5:D90BC60FA15299925986A52861B8E5D5
          SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
          SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
          SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3249
          Entropy (8bit):5.985100495461761
          Encrypted:false
          SSDEEP:
          MD5:B3399648C2F30930487F20B50378CEC1
          SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
          SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
          SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):3095
          Entropy (8bit):5.150868216959352
          Encrypted:false
          SSDEEP:
          MD5:BE27B98E086D2B8068B16DBF43E18D50
          SHA1:6FAF34A36C8D9DE55650D0466563852552927603
          SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
          SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
          Category:dropped
          Size (bytes):4150
          Entropy (8bit):5.444436038992627
          Encrypted:false
          SSDEEP:
          MD5:17C652452E5EE930A7F1E5E312C17324
          SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
          SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
          SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
          Category:dropped
          Size (bytes):220951
          Entropy (8bit):4.998712486806776
          Encrypted:false
          SSDEEP:
          MD5:765EFFB9F6A4888F7A537456F4BC3D99
          SHA1:5A80BCD5D4D639AE298731E3E8460EC13ED6F52B
          SHA-256:71D1BFC8A930BF7D6A70FB6A06517CCD3E3C78DFAED13741F9B306DE21C66A72
          SHA-512:EA635AAF36DB57FCFE684B5A604E9B7FC326408B02316D6771EC599B57C24FEA3EC0169258EC9DFE4778E27BA5EFCDF29B2F40079BC3F926346815D9DF54443D
          Malicious:false
          Reputation:low
          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang1033\deflangfe2052\themelang16393\themelangfe2052\themelangcs1054{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Bookshelf Symbol 3};}{\f5\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070409020205020404}Courier;}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt Arial Unicode MS};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????\'a8\'ac??????};}{\f34\fbidi \froman\fcharset0\fprq2{
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (561), with CRLF line terminators
          Category:dropped
          Size (bytes):12426
          Entropy (8bit):3.7253465306828963
          Encrypted:false
          SSDEEP:
          MD5:564D27090906E78FE0892C02E6AA3F8E
          SHA1:E4E2739805FB450FE1FA9F35C42139D728D8B79C
          SHA-256:519024756983B3BBB66004A2D074BBC4B3965B7743727F9AC94314427F5670F8
          SHA-512:104F03E2ECDF4E8947093C99FE75E35B1E7838B4C96F2E2DBB6B0FB88A75F5DFD69A7E1107C4B61F92D283F572E38A6B8191F359F49828395BD5BCA31B35779F
          Malicious:false
          Reputation:low
          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.U.x.B.l.o.c.k.e.r. .S.h.o.r.t.N.a.m.e.=.".M.i.n.i.m.u.m.O.S.L.e.v.e.l.". .T.y.p.e.=.".S.t.o.p.". .C.o.n.d.i.t.i.o.n.=.".N.O.T.(.(.V.e.r.s.i.o.n.N.T. .&.g.t.;. .v.6...1.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.6...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).).". .D.i.s.p.l.a.y.T.e.x.t.=.".#.l.o.c...M.i.n.i.m.u.m.O.S.L.e.v.e.l.". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.5...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .2.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):1861
          Entropy (8bit):6.868587546770907
          Encrypted:false
          SSDEEP:
          MD5:D6BD210F227442B3362493D046CEA233
          SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
          SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
          SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):120832
          Entropy (8bit):6.2760527819182705
          Encrypted:false
          SSDEEP:
          MD5:4D20A950A3571D11236482754B4A8E76
          SHA1:E68BD784AC143E206D52ECAF54A7E3B8D4D75C9C
          SHA-256:A9295AD4E909F979E2B6CB2B2495C3D35C8517E689CD64A918C690E17B49078B
          SHA-512:8B9243D1F9EDBCBD6BDAF6874DC69C806BB29E909BD733781FDE8AC80CA3FFF574D786CA903871D1E856E73FD58403BEBB58C9F23083EA7CD749BA3E890AF3D2
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................x=....x...... .....0.....n..x.....x8....x9....x>...Rich..........................PE..L....NjT...........!.....4...................P...............................0......h.....@.............................................l....................... ...0S.................................@............P...............................text....2.......4.................. ..`.rdata...d...P...f...8..............@..@.data..../..........................@....rsrc...l...........................@..@.reloc..J ......."..................@..B................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):821880
          Entropy (8bit):7.577649468691907
          Encrypted:false
          SSDEEP:
          MD5:24043D621E555C7030908726532654D1
          SHA1:5B5F24754FAEF7557EB57EC4D3B464C29C9DFABF
          SHA-256:78E3EAD3C50ECB908B2A9EC8C70770749D032E02F61D2BCB25EA6F7A1A7029B8
          SHA-512:1F4AF34BF16581F7DA89E7E73526278335F513E98B290975CA9515293E11252EE33192CE49EA33CE983E6258F5EF7ED98A20684133F797115C3E5F980F87C4A0
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-.}}~.}}~.}}~...~.}}~...~.}}~...~.}}~...~.}}~.}|~.|}~...~.}}~...~.}}~.}.~.}}~...~.}}~Rich.}}~........PE..L....S.T.....................6....................@..........................P......,.....@..................................6..@........9...........K...>......03.. .......................H/......./..@............................................text............................... ..`.rdata.............................@..@.data....0...`.......:..............@....wixburn8............J..............@..@.tls.................L..............@....rsrc....9.......:...N..............@..@.reloc...D.......F..................@..B................................................................................................................................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:Microsoft Cabinet archive data, many, 1285741 bytes, 47 files, at 0x44 +A "api_ms_win_core_console_l1_1_0.dll" +A "api_ms_win_core_datetime_l1_1_0.dll", flags 0x4, number 1, extra bytes 20 in head, 104 datablocks, 0x1 compression
          Category:dropped
          Size (bytes):1301869
          Entropy (8bit):7.997539489338984
          Encrypted:true
          SSDEEP:
          MD5:AC033D0003EE782146E0F30A02453E7B
          SHA1:7D87C27ED683755BE54D4A0F6675D7C24C4814A5
          SHA-256:617EE77595EA6FEC9CF3D31CF2DF23CE249660F0F758ECC84A13D0BBAB3162F2
          SHA-512:76647602F00AFAA8CEFA8759481DFFE20B34109B7F171B9F244858729CD66F7346268EF6AB19B662CFB6D080D3840E34D4131379CEE71643927BB325BD5E08AE
          Malicious:false
          Reputation:low
          Preview:MSCF....m.......D.........../...............m....?..............h....M.........I.. .api_ms_win_core_console_l1_1_0.dll..K...M.....I.. .api_ms_win_core_datetime_l1_1_0.dll..K..@......I.. .api_ms_win_core_debug_l1_1_0.dll..K.........I.. .api_ms_win_core_errorhandling_l1_1_0.dll..Y...0.....I.. .api_ms_win_core_file_l1_1_0.dll..K.........I.. .api_ms_win_core_file_l1_2_0.dll..K.........I.. .api_ms_win_core_file_l2_1_0.dll..K..8!.....I.. .api_ms_win_core_handle_l1_1_0.dll..M...l.....I.. .api_ms_win_core_heap_l1_1_0.dll..M..X......I.. .api_ms_win_core_interlocked_l1_1_0.dll..M.........I.. .api_ms_win_core_libraryloader_l1_1_0.dll..U...U.....I.. .api_ms_win_core_louserzation_l1_2_0.dll..M..h......I.. .api_ms_win_core_memory_l1_1_0.dll..K.........I.. .api_ms_win_core_namedpipe_l1_1_0.dll..O...D.....I.. .api_ms_win_core_processenvironment_l1_1_0.dll..S..h......I.. .api_ms_win_core_processthreads_l1_1_0.dll..M.. ......I.. .api_ms_win_core_processthreads_l1_1_1.dll..I...5.....I.. .api_ms_win_core_
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:Microsoft Cabinet archive data, many, 5188345 bytes, 14 files, at 0x44 +A "mfc140.dll" +A "mfc140chs.dll", flags 0x4, number 1, extra bytes 20 in head, 315 datablocks, 0x1 compression
          Category:dropped
          Size (bytes):5204473
          Entropy (8bit):7.9977440222217835
          Encrypted:true
          SSDEEP:
          MD5:82C0DC0899E358C85C535D8A056B4F42
          SHA1:6E2D9CDA8E9DA2C7D8202B60CFFC7DFECA3DDFEE
          SHA-256:545461E20A09804DECCEC79916229A9386E7A630D2A6C933DE26A8564579457A
          SHA-512:FFADE18EB1A5DBC3D722E37BF87B6C33607AEBA760726CB02F27EA225DEDD0A8060949593ED5DF59856633825DC075E5C3BC57D550A875530880E472AF61E6B1
          Malicious:false
          Reputation:low
          Preview:MSCF.....*O.....D............................*O..?..............;...0.G........I.. .mfc140.dll.@...0.G....I.. .mfc140chs.dll.@...p.H....I.. .mfc140cht.dll.@'...9I....I.. .mfc140deu.dll.@....`J....I.. .mfc140enu.dll.@#..0bK....I.. .mfc140esn.dll.@'..p.L....I.. .mfc140fra.dll.@.....M....I.. .mfc140ita.dll.@.....N....I.. .mfc140jpn.dll.@...0.O....I.. .mfc140kor.dll.@...pvP....I.. .mfc140rus.dll.8.H...Q....I.. .mfc140u.dll.8s...j.....I.. .mfcm140.dll.8u.. .....I.. .mfcm140u.dll......7..CK..g.&E.(."3..4a``Fi2(........Hl.Hj....JP.4A.h...[..Vrnr.F.$79.}^.w}.{...s..T..wU.....l.m...!L._.p]...........a....)\5..y..b.....{......;....~...p....../.k.x.M6........7n.....&....+my....mg.9.....9.u.....q.5.8rnc...G..j.......}5fGL.*..#'~.s.#.Zu.....W..[.1........W..........5[+........-[..X..g.)f......s}../_$..dXl....O.....?.W.I...G_..u...j_.E.)....!.v....!t./...{.b.P.>......d.Q.Za.c...1eX....w.'..........q!.....)..........>........9q....|......?..w./...9.]|..$......[......K..m....S
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2015 x86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215., Template: Intel;1033, Revision Number: {48171CEE-A5DE-49D9-920C-A92F816564BC}, Create Time/Date: Fri Aug 26 07:36:26 2016, Last Saved Time/Date: Fri Aug 26 07:36:26 2016, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.7.3517.0), Security: 2
          Category:dropped
          Size (bytes):143360
          Entropy (8bit):5.771239148608941
          Encrypted:false
          SSDEEP:
          MD5:6224ED7F3323EB9F0B5B4320E9F48438
          SHA1:A642E741A3824B88FC72C0164FCF05CF178B4AD7
          SHA-256:34A530B21AA95323638302DBA603D23AF9776918EA4D5229C25EF81699AD3A0A
          SHA-512:63CE82CAECF5EC5CFBE8200DE72C6700DC183F3CB462DD1D5F1108C2EFBD299C936C6583B30906AD9FA7CE635201511832DB0FD9D7D6560868C3581E594E055A
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-483BE.tmp\vc_redist.x86.exe
          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2015 x86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215., Template: Intel;1033, Revision Number: {F24C76FD-574E-40AC-A98D-E93BF1F834D0}, Create Time/Date: Fri Aug 26 07:36:26 2016, Last Saved Time/Date: Fri Aug 26 07:36:26 2016, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.7.3517.0), Security: 2
          Category:dropped
          Size (bytes):147456
          Entropy (8bit):5.776672538136041
          Encrypted:false
          SSDEEP:
          MD5:3943F0574AE232424B65C87FAE5BBE9A
          SHA1:ED8C50BD2D91CB418BF73353A48C8677778D0536
          SHA-256:321512CE69F31607727F199859E29548862CE1312D95262EE5EA85E43D6EC3F3
          SHA-512:DA7C5428A4764F40EF85598D33C60313239612389261CF291FC8EE5BB49AEBA70524A3866EEF09BA095D544578ED137EB03CC78C24B96D333909B3A2E167B7AB
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):6625
          Entropy (8bit):5.23155223626388
          Encrypted:false
          SSDEEP:
          MD5:E7B1F71D2B9587E08EBBF8893F02E990
          SHA1:6AE71B34B4465F65451627CF189FA984C7A17672
          SHA-256:8134AA94B06F212960B28B3EC5AEA2D0F534F63B9433A5E738E7CD9198EFC52B
          SHA-512:C5AA15D399F382AFD083062F7DB06E08EF18422D5EFF2E963AABAB26AEEB591F90DCC99A727E523F73DA7396CC2A9205DA568947667913155E53988AAF5B80F0
          Malicious:false
          Reputation:low
          Preview:.2023-10-24 17:37:39.097 Log opened. (Time zone: UTC+02:00)..2023-10-24 17:37:39.097 Setup version: Inno Setup version 5.6.1 (u)..2023-10-24 17:37:39.097 Original Setup EXE: C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe..2023-10-24 17:37:39.097 Setup command line: /SL5="$A02C0,481838,121344,C:\Program Files (x86)\ActiveBarcode\excel\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.exe" /SILENT..2023-10-24 17:37:39.097 Windows version: 10.0.19045 (NT platform: Yes)..2023-10-24 17:37:39.097 64-bit Windows: Yes..2023-10-24 17:37:39.097 Processor architecture: x64..2023-10-24 17:37:39.097 User privileges: Administrative..2023-10-24 17:37:39.607 64-bit install mode: Yes..2023-10-24 17:37:39.623 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-5RSRK.tmp..2023-10-24 17:37:39.639 -- DLL function import --..2023-10-24 17:37:39.639 Function name: GetProcessId..2023-10-24 17:37:39.639 DLL name: setup:kernel32.dll..
          Process:C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1197328
          Entropy (8bit):6.416684985627293
          Encrypted:false
          SSDEEP:
          MD5:A37C67C02D9C55EDCA3BD37B276A4ADA
          SHA1:E9C9DD46A868E25CB7B4CB316120AEFE79BEB575
          SHA-256:F9FED1B319ED007A8802C14E11145ECA5ADC67A2761827948117BD9CD7109A8A
          SHA-512:B297445FE627D4ED67288264669A9871A53B20C5F4B2687E5D63E7CBEA03C3897AB209D20017780D29C0F1A549FF16CB6D30D6101A5A112F5CABA0B7D0B9B42B
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 3%
          Reputation:low
          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@..................................t....@......@..............................@8...@...................)...................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc........@......................@..@....................................@..@........................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp
          File Type:InnoSetup Log 64-bit ActiveBarcode Add-In for Excel {2e675dd0-c392-44b8-8836-7d39672dd714}, version 0x418, 22721 bytes, 767668\37\user\376\, C:\Users\user\AppData\Roaming\Microsoft\Ad
          Category:dropped
          Size (bytes):22721
          Entropy (8bit):3.824696263686767
          Encrypted:false
          SSDEEP:
          MD5:58293C3C8E0AEF5451021D624026F7F4
          SHA1:DD9D8D1B2C005617E285C6170B20FDCCD021C6E5
          SHA-256:543D319ADC0518586DB70A4BE7A5B3BA59341CA773DCFF81710390325BA74A7D
          SHA-512:A68D84CEF6059CF452BC12BEA875F83075470EAB82D2324C98CA31BFCC371173C196F45F200BCF2AFC0C867529CBB6AD89A22EAFBED8DE5F803975F41B747D15
          Malicious:false
          Reputation:low
          Preview:Inno Setup Uninstall Log (b) 64-bit.............................{2e675dd0-c392-44b8-8836-7d39672dd714}..........................................................................................ActiveBarcode Add-In for Excel...........................................................................................................X..%...............................................................................................................fy...........|g$...............7.6.7.6.6.8......c.a.l.i......C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.A.d.d.I.n.s................%.(.... ......S.......IFPS....!...7...........................................................................................................................................................BOOLEAN..............TSETUPSTEP.........TMSGBOXTYPE.........TOUTPUTMSGWIZARDPAGE....TOUTPUTMSGWIZARDPAGE.........TEXECWAIT.................!MAIN....-1.....G.......GETDESTDIR....17 @17..LOG........EX
          Process:C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp
          File Type:InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
          Category:dropped
          Size (bytes):22709
          Entropy (8bit):3.2704486925356004
          Encrypted:false
          SSDEEP:
          MD5:79173DA528082489A43F39CF200A7647
          SHA1:AA253B477CE2BF9D886D07694CD5DDB7C7FE9EEC
          SHA-256:4F36E6BE09CD12E825C2A12AB33544744E7256C9094D7149258EA926705E8FFD
          SHA-512:C46EB9DD3D03A993FDC4F65AE2751ECFDCB1FB6E1FB69A119105FD40290CE5EC4427B04F813EED47415390689943D05B5432D4571B1ACA0CE37EE52391790D18
          Malicious:false
          Reputation:low
          Preview:Inno Setup Messages (5.5.3) (u).....................................hX..........&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s... .A.f.
          Process:C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):7062
          Entropy (8bit):5.246491074091224
          Encrypted:false
          SSDEEP:
          MD5:EFDAF182402DE34453FC8BA52AA87638
          SHA1:0B9AE1797DD7D5940B0249D64D1DB3A0B972F546
          SHA-256:59CD6100456A4E912421547E8C4BE14EB6E6FC3F70DE88970EA86286C46FF4B8
          SHA-512:A69B511408EBFD9FE40FF1A9E6246059B9091BDF2E068873DE8FD5600CA59D9AEC2227EC6ED903525D4A39828472FCBE3DDE65662F659764D60C8A8F2934AD1F
          Malicious:false
          Reputation:low
          Preview:.2023-10-24 17:37:51.416 Log opened. (Time zone: UTC+02:00)..2023-10-24 17:37:51.416 Setup version: Inno Setup version 5.6.1 (u)..2023-10-24 17:37:51.416 Original Setup EXE: C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe..2023-10-24 17:37:51.416 Setup command line: /SL5="$A02CE,385517,121344,C:\Program Files (x86)\ActiveBarcode\powerpoint\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.exe" /SILENT..2023-10-24 17:37:51.416 Windows version: 10.0.19045 (NT platform: Yes)..2023-10-24 17:37:51.416 64-bit Windows: Yes..2023-10-24 17:37:51.416 Processor architecture: x64..2023-10-24 17:37:51.416 User privileges: Administrative..2023-10-24 17:37:52.084 64-bit install mode: Yes..2023-10-24 17:37:52.100 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-PGJQ7.tmp..2023-10-24 17:37:52.116 -- DLL function import --..2023-10-24 17:37:52.116 Function name: GetProcessId..2023-10-24 17:37:52.116 DLL name:
          Process:C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp
          File Type:InnoSetup Log 64-bit ActiveBarcode Add-In for PowerPoint {AB889823-5C62-4659-B07D-3AE53DE257F8}, version 0x418, 19465 bytes, 767668\37\user\376\, C:\Users\user\AppData\Roaming\Microsoft\Ad
          Category:dropped
          Size (bytes):19465
          Entropy (8bit):3.8703561593498392
          Encrypted:false
          SSDEEP:
          MD5:B2AB38527F37CD8AA417F2A3CF6C0539
          SHA1:FD0102A1D6B6445E7AE5C33CF685075F399313AA
          SHA-256:23C3624D53A1F7C46E503777CC150E4BAEE7AC4CB37F442ADD53CBC65533EFBA
          SHA-512:EEFA38EF8446205137002ADCE81A6FBC5056FF0D1E52619A74E6E137DAE85E5C340B0AE8552D5B57937C36109B8EE79C37ABEC42028A52C4D629DC1F43C60988
          Malicious:false
          Reputation:low
          Preview:Inno Setup Uninstall Log (b) 64-bit.............................{AB889823-5C62-4659-B07D-3AE53DE257F8}..........................................................................................ActiveBarcode Add-In for PowerPoint......................................................................................................L..%...............................................................................................................1............qJ................7.6.7.6.6.8......c.a.l.i......C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.A.d.d.I.n.s................%.4.... .....VF.......IFPS....!...1...........................................................................................................................................................BOOLEAN..............TSETUPSTEP.........TMSGBOXTYPE.........TOUTPUTMSGWIZARDPAGE....TOUTPUTMSGWIZARDPAGE.........TEXECWAIT.................!MAIN....-1...../.......GETDESTDIR....17 @17..LOG........EX
          Process:C:\Users\user\AppData\Local\Temp\is-AC17U.tmp\ActiveBarcode-Add-In-for-PowerPoint-Setup-1.1.0.tmp
          File Type:Microsoft PowerPoint 2007+
          Category:dropped
          Size (bytes):305009
          Entropy (8bit):7.928687547488895
          Encrypted:false
          SSDEEP:
          MD5:75C293669A9428184E9F3C56FDE18C8E
          SHA1:6629F13D80C45422C321320581185EE0EE7E1BD9
          SHA-256:DE39A8537293847E9D5AE16F6F86E6CF42308EF2CBDDF8F4D76E84AD73B165BE
          SHA-512:9803BAC295B814433FD3D9DF8AC031BBD7C622C8B191FE631B39D566B24E0152791622F3CE92228A05F83C5CA2E2D50C335BA78509555DB983BB19771680EEAF
          Malicious:false
          Reputation:low
          Preview:PK..........!....,...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.D.H...+.]8 ..T...*Q>`.lR....mi..'- $.......o<.l:'....T.S5.....R[...mq!Eb...',....T.G..6`..M..K.p.u2K. )............Z.g..6.....3d5...V..t.?.,,Iq....RB....<.k.U...4.Z/`.............r....s....$.....a..w...m.b....*....1e.U.'./.....-..:.+..~J.p..`..!....lK....o;....w.Z.o.......W.......PK..........!.o.A............._rels/.rels ...(.....................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-HNIRC.tmp\ActiveBarcode-Add-In-for-Excel-Setup-2.0.0.tmp
          File Type:Microsoft Excel 2007+
          Category:dropped
          Size (bytes):424589
          Entropy (8bit):7.900153896916071
          Encrypted:false
          SSDEEP:
          MD5:271153BE70FF7199CE86D4D3E32B9F2C
          SHA1:9EE769B3A834AA00C4092AE1C5EFDD720FB561B0
          SHA-256:BA586CF43221F1298B1A51311AFAA233864FC9486051596830CA35E4EB048796
          SHA-512:12980565731E5AED6023FFB24990DA6F1995BA13076B94BDBE93881BCB48AEC4D0E23CA43815EB3BBF5E8FAB6DB060C44A542DB10551B4FE43F265E879CCFBB8
          Malicious:false
          Reputation:low
          Preview:PK..........!...}.....%.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................TKO.0..#...|]..{@+..!...i..L.ij...-.g.."P..\.r.{.k|.n\..D6.J..(..`..+..t_...e..\.X......8.?m"R..*1.9^*Ez.....=..Bj .k.U.......B..3.\..CL.8.....?o.L.............2.U+odCe..F...c./..P...:.@.,.....1..F..z..~.....s...GH..4lJ..z.i1.a!...<.Z..`.B......C..X.......3..v..._..M..z.p.%.`:....I.<.#s...K.`..)o..7...0..._[{....z{..`O...]..L...r3..E.fs.M.3jmt...S....CN....N.*.K.9...%7y.......PK..........!.+d9.,.........
          Process:C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1197328
          Entropy (8bit):6.41660656047907
          Encrypted:false
          SSDEEP:
          MD5:509F520729C3E6EFEF76ACE2CE206D45
          SHA1:8F4A45716D909C61FD43897164E39095417B5CF0
          SHA-256:A7227791FF75FDA23A904A065D67013170E20DEB790945A426C7E68E0431AC8B
          SHA-512:48B07F3AFAF470BD94FF8BD6160E890D612BFE820726124795164A9FF902E1CEE8BF4126962E95DBF01FE85AAE36D7495AE9CFDC10B44C0E2A0E5894E49E3CCF
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 2%
          Reputation:low
          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@..................................q....@......@..............................@8...@...................)...................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc........@......................@..@....................................@..@........................................................................................................................................
          Process:C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp
          File Type:InnoSetup Log 64-bit ActiveBarcode Add-In for Word {DADCCE9A-08FE-4FD7-80F6-BD78F0E63F1B}, version 0x418, 10961 bytes, 767668\37\user\376\, C:\Users\user\AppData\Roaming\Microsoft\Wo
          Category:dropped
          Size (bytes):10961
          Entropy (8bit):3.897208774654342
          Encrypted:false
          SSDEEP:
          MD5:CA16DDF8794EF05DCA548227B6FB988A
          SHA1:C5116F13E7C82788F57694D8372555FFC0F962B1
          SHA-256:0D176F27EE0F4E35B0FDD6E998356197C7E0C6C517DCD8EF898CFB4DCBA4D116
          SHA-512:2705F3A171BC32088D15D7B16A56D8E096A8179DB74FCC159FEA68548D1090C9BE8146F21D9DC091B89DC50DD85EEE3B56C45B09E117DB5276C8D05DFD76DD86
          Malicious:false
          Reputation:low
          Preview:Inno Setup Uninstall Log (b) 64-bit.............................{DADCCE9A-08FE-4FD7-80F6-BD78F0E63F1B}..........................................................................................ActiveBarcode Add-In for Word............................................................................................................*..%...........................................................................................................................Y.yS...............7.6.7.6.6.8......c.a.l.i......C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.o.r.d.\.S.T.A.R.T.U.P................%.-.... .....>$...l...IFPS.... ... ...........................................................................................................................................................BOOLEAN..............TSETUPSTEP.........TMSGBOXTYPE.........TOUTPUTMSGWIZARDPAGE....TOUTPUTMSGWIZARDPAGE.................!MAIN....-1.....S.......BOOLTOSTR....17 @27.4...1.......CURSTEPCH
          Process:C:\Users\user\AppData\Local\Temp\is-U4BAJ.tmp\ActiveBarcode-Add-In-for-Word-Setup-1.1.0.tmp
          File Type:Microsoft Word 2007+
          Category:dropped
          Size (bytes):277582
          Entropy (8bit):7.913342742214111
          Encrypted:false
          SSDEEP:
          MD5:2F3C381BABD03024F3E09547FD73359A
          SHA1:3AA3188145C403ACA7F5B328DC3C325EE88DC87B
          SHA-256:4C05218F13DAD132C1053C8CEC8A793E768A05B81368A991ED2CE74B17731FAA
          SHA-512:FEC60D8903713DCCC7830BEC8F128048572E299F7729752FA8EBC8AB3D76851CF3C8D439E848D714E035F8B03486576AB4BC80213CB9820160ED9208D94B99CF
          Malicious:false
          Reputation:low
          Preview:PK..........!...v.....E.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................U.n.0....;.......a.S.[w..4{.E..m.......t-..k....~H......j..]..8..QA4..5...{.ITH:Z.S.Fl......t....#6bI.?+.f.A.L."G.T.&~-..........GeR$.TS.!f.o.....'..E.u....s..h.ZG+..m...^..~.!..%+.q...zgW2r..K..='.P.#..v.....,T.....nS..&.....ivU..I.2[...).2..;.8t...A....jZ...k....z_:.O...UF.x..t........s.. .....xG..@..0.c..p...7s......u......{.Q..k.....>.4.$9.G6#....WQ.........+2...A..,.g.............PK..........!..C!
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):244032
          Entropy (8bit):6.693575628218493
          Encrypted:false
          SSDEEP:
          MD5:092B95B9308E2827A3B1598ADD0E306D
          SHA1:10321C34BBE5982C3005188AFA94D1CE73964F2E
          SHA-256:A3CDD51D7A6260E352AD6DE5451F4164228EF8150C77C02E5DAB3B38F964307F
          SHA-512:20464945CDB7662E4D9F2226AD5E32FF5CFF53F08E803BAC1CD0A45063534E5B12AACD5661AEDFE8EF5064FF56D6B147ECB9430D17E2D9EF4BB13FB7626C01CF
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u..}1.j.1.j.1.j..Q..3.j.8...;.j.1.k...j...k/4.j...i/6.j...n/=.j...o/'.j...c/..j...j/0.j....0.j...h/0.j.Rich1.j.........................PE..L.....W.........."!.........r......@........ ......................................WQ....@A........................@....K..,R.......p...............z..@?.......)...'..8............................(..@............P..(............................text............................... ..`.data........ ...,..................@....idata.......P.......8..............@..@.rsrc........p.......J..............@..@.reloc...).......*...P..............@..B................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):440120
          Entropy (8bit):6.655648020789354
          Encrypted:false
          SSDEEP:
          MD5:CFBDF284C12056347E6773CB3949FBBA
          SHA1:AD3FA5FBBC4296D4A901EA94460762FAF3D6A2B8
          SHA-256:BBECDFDA2551B01AA16005C88305982C360A9FB9BA3D9BE2FB15F2E9C6EB809F
          SHA-512:2F24EAC94D51F8F28C8E6B6234CA2E481E0F8F1A73DF62766FF4F5640480377FB2C4A469BABEDB87D303503994B469E570AAF725E16DA6F9B2D6A77F15B4623F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.............!;......c....5..........5.....5......5......5...v..5.....5......5.....Rich...........................PE..L.....W.........."!......................... ............................................@A.........................C.......R..,....................x..8?.......:.. g..8............................(..@............P......p@..@....................text...B........................... ..`.data....'... ......................@....idata.......P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc...:.......<...<..............@..B........................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):267592
          Entropy (8bit):6.585392909442922
          Encrypted:false
          SSDEEP:
          MD5:EB977A48CB599861361188190AE80E49
          SHA1:7118EBACF3D92F8BA66B1FB0FCC6487CC38C4557
          SHA-256:409B4CCAEBCFFBFF0EB12A1A8DA9A2AFFE488FCDBBAD7E00D194CEEC38E944BD
          SHA-512:83AA45E92770C327E6AE7BF74DF00D2B620405B20A0FAD5039BE378FA0C30CB36623F89710751A7F8EC5AB43845AA34C2173D915CE01702BDE509D39B0DF63C9
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Kv.|.../.../.../.oo/.../4I...../4I...../4I...../4I...../..7/.../.../|../4I...../4I...../4I./.../4I...../Rich.../........................PE..L...w.W.........."!................@........@......................................y.....@A.............................=..............................H?.......Q...D..8............................D..@............................................text....,.......................... ..`.data....=...@...:...2..............@....idata...............l..............@..@minATL...............|..............@..@.rsrc................~..............@..@.reloc...Q.......R..................@..B........................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):138560
          Entropy (8bit):6.700234986421881
          Encrypted:false
          SSDEEP:
          MD5:49B855EFEA2EBE9E104FEFA017CC9878
          SHA1:29448F4B8D7678BA63A5C8E1FD3585A19BF307BB
          SHA-256:AE780948E9CA4E6968DC72A2B32D55409B685E4326DB735B0679E32512506CB3
          SHA-512:774429A80C04E35037A8494FDC0944F3DEA22BD0610B1534847764E669025C90B1A092CA2C9D3A5F6C065FBB869682B9A5F22FA860657CE3A13934F1E9BE2005
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A~../-../-../-...-../-...-./-...-../-..*,../-..,,../-..+,../-ez.-../-...-./-..&,../-../,../-...-../-..-,../-Rich../-........................PE..L...x.W.........."!.........>............................................... ............@A...............................T...<.......................@?..........pd..8............................d..@...............P............................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):83792
          Entropy (8bit):6.845112098086369
          Encrypted:false
          SSDEEP:
          MD5:8E65E033799EB9FD46BC5C184E7D1B85
          SHA1:E1CC5313BE1F7DF4C43697F8F701305585FE4E71
          SHA-256:BE38A38E22128AF9A529AF33D1F02DD24B2A344D29175939E229CF3A280673E4
          SHA-512:E0207FE2C327E7A66C42F23B3CBABC771D3819275DC970A9FA82D7AF5F26606685644B8EA511F87EC511EB3A086A9506ADEC96C01C1B80B788C253BD0D459FBD
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c..'...'...'....Yf.%.....>.,...'...........7.......4.......#.......?.......&.....R.&.......&...Rich'...................PE..L.....W.........."!........."...............................................P............@A........................P................0..................P?...@..p.......8...............................@............................................text...d........................... ..`.data...d...........................@....idata..............................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc..p....@......................@..B........................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):6275
          Entropy (8bit):5.688668331796018
          Encrypted:false
          SSDEEP:
          MD5:2C184B4EAC457E084F609AE99C80D445
          SHA1:75625745269830B25A5ABCD1B475392205C8FA8A
          SHA-256:CCB9C433046D9EF80ED9E34042588C742272E402C6CFD0A7EC722DDC25ED0966
          SHA-512:79EF3CC8B2707AD03FCF0DDE7B4A4FC298BD2BE628CE1AF3069AA7816DC352A7D053074D15623F24DCA17B1B0010B288968390699E0C8572792DBA51B3C09002
          Malicious:false
          Reputation:low
          Preview:...@IXOS.@.....@..XW.@.....@.....@.....@.....@.....@......&.{BBF2AC74-720C-3CB3-8291-5E34039232FA}:.Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215..vc_runtimeMinimum_x86.msi.@.....@.^...@.....@........&.{F24C76FD-574E-40AC-A98D-E93BF1F834D0}.....@.....@.....@.....@.......@.....@.....@.......@....:.Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{9C501CB1-E3C9-3DF3-9B8D-C55D81B59E6A}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x86\Version.@.......@.....@.....@......&.{42F41217-AF8B-33D4-9CB3-FF5F696BECBB}...@.......@.....@.....@......&.{E8E39D3B-4F35-36D8-B892-4B28336FE041}$.C:\Windows\SysWOW64\vcruntime140.dll.@.......@.....@.....@......&.{A2AA960C-FD3C-3A6D-BD6F-14933011AFB3} .C:\Windows\SysWOW64\msvcp140.dll.@.......@.....@.....@......&.{9FC931F8-9ED1-3263-A0F1-8ADE33
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):9824
          Entropy (8bit):5.6416749696943524
          Encrypted:false
          SSDEEP:
          MD5:0EC607B88B5B416C709DC5D3C85FBA37
          SHA1:5F5E213C0803790071252CEE44096044C3A0808B
          SHA-256:B00BCEDE5F127B97748D37E92C21A3CC1ABECD1F8EF810516108CCE9DB859B48
          SHA-512:1BD67EC01D0D3BA2B509BDC3EFBDD9C0C91C16FCA629F51B701A7E14D806410407993C036CC130DD05E57140A0BFAE8720ACAF7ED886C44B3FFD4B7C03A00BB1
          Malicious:false
          Reputation:low
          Preview:...@IXOS.@.....@..XW.@.....@.....@.....@.....@.....@......&.{69BCE4AC-9572-3271-A2FB-9423BDA36A43}=.Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215..vc_runtimeAdditional_x86.msi.@.....@.^...@.....@........&.{48171CEE-A5DE-49D9-920C-A92F816564BC}.....@.....@.....@.....@.......@.....@.....@.......@....=.Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{2FBCCF06-0D7B-3E2D-A6AF-5DA2828EBEE9}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x86\Version.@.......@.....@.....@......&.{4FD4AB8C-C57F-3782-9230-9CCA22153AD3}..C:\Windows\SysWOW64\mfc140.dll.@.......@.....@.....@......&.{46A1EA6B-3D81-3399-8991-127F7F7AE76A}..C:\Windows\SysWOW64\mfc140u.dll.@.......@.....@.....@......&.{C94DDE19-CC70-3B9A-A6AF-5CA7340B9B9A}..C:\Windows\SysWOW64\mfcm140.dll.@.......@.....@.....@......
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):4887
          Entropy (8bit):5.655300524493647
          Encrypted:false
          SSDEEP:
          MD5:AC56948BF9320C74210A6D39224B9C97
          SHA1:F709807BDA5C04BD9BBAF583621FE6F557EC86A4
          SHA-256:8F57B3DB912B7D76B5E0B5199C5A91FB1D4FFC076C80FF4532A5AB83278B4535
          SHA-512:999AF00851F250A4503FE01AAAF3FCCDEC3E150421FABCD220D2EDE20FD1310434FAF0967490CE0BB68235ED5438E4C5AB4C63EB92EC4138FC4069050280ACE3
          Malicious:false
          Reputation:low
          Preview:...@IXOS.@.....@..XW.@.....@.....@.....@.....@.....@......&.{C879E73E-E447-4B9B-A9DC-28D8DC6CFB80}..ActiveBarcode Object (x86)..ActiveBarcode.x86.msi.@.....@.....@.....@........&.{8FE5CC92-C320-4ED3-B3A7-5EE8A55E836D}.....@.....@.....@.....@.......@.....@.....@.......@......ActiveBarcode Object (x86)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{4D5987BD-522D-4BFC-B072-EC615F3386B0}R.C:\Program Files (x86)\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocx.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@H.-..@.....@......A.C:\Program Files (x86)\Common Files\ActiveBarcode\ActiveXControl\..2.1\e1tg1pgf\tgdmr0ll\|ActiveBarcode\ActiveXControl\......Please insert the disk: ..cab1.cab.@.....@......C:\Windows\Installer\602eba.msi.........@........u5nigy2l.ocx|ActiveBarcode.ocx..ActiveBarc
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):4839
          Entropy (8bit):5.653773291418987
          Encrypted:false
          SSDEEP:
          MD5:E7EF2625120D597F51F89C3C01C120A7
          SHA1:1F85A77F6B44D6516D9E4C574D25FAB52294CDEC
          SHA-256:55AFF7C1FFFF0DE9DF1B1DFA6386437E7A0E6B03AE19B2D29FE1C3A7AA6D758C
          SHA-512:BF2E5FAA3D2811AC2093FAC7E3E54F05B004F37590F1C85C4205D17CEE84B6E9122CE7F4085A5D0C5146312A10D1BFE47B2C2495A078107721E5417CF9D0FD2C
          Malicious:false
          Reputation:low
          Preview:...@IXOS.@.....@..XW.@.....@.....@.....@.....@.....@......&.{4C1970B8-6342-436C-8E50-FC580646FF4F}..ActiveBarcode Object (x64)..ActiveBarcode.x64.msi.@.....@.....@.....@........&.{F3CDA063-0EC4-495A-800B-78C743C78297}.....@.....@.....@.....@.......@.....@.....@.......@......ActiveBarcode Object (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{4D5987BD-522D-4BFC-B072-EC615F3386B0}L.C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\ActiveBarcode.ocx.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@H.;..@.....@......;.C:\Program Files\Common Files\ActiveBarcode\ActiveXControl\..2.1\3yrx1ce4\tgdmr0ll\|ActiveBarcode\ActiveXControl\......Please insert the disk: ..cab1.cab.@.....@......C:\Windows\Installer\602ebd.msi.........@........ndyv3sot.ocx|ActiveBarcode.ocx..ActiveBarcodeOCX..Acti
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.1670696281488728
          Encrypted:false
          SSDEEP:
          MD5:F8FD4B686A723A72CBCE58AC382BD659
          SHA1:C2300C26A9DE09D386CACC78344EDF1E67539CC9
          SHA-256:D04E22FD7CAF1CD2A45A70E6E37252253DFD3AF6AB92A510FF953BDE11C774A4
          SHA-512:9C9E4F5750EFC4DEAEB65940D5FAD65A814FD22EA8EC024AD661D81303FEB90F9252DBCF16BDD3C50B0BCE232CA589986BEED4EA7BC0E5E0DFCB2050EDF45282
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.2070119095831515
          Encrypted:false
          SSDEEP:
          MD5:7CBF24ED45C8A220DE01FCAF34760F22
          SHA1:238A67FC840FA45EA7E2489B86288E0253EADE85
          SHA-256:1206A4A48223116673C3E05B4E344336658A054DA21F4120390047C7AE15F207
          SHA-512:D80A612AB2D2E9465167FD13483BE153D7E0CF961874FFF7A7999E3BE5685B56941FB02EBEF1CF767FAE8EC32C2494821798A554DE884456647908584F6F12E8
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.2063977838700626
          Encrypted:false
          SSDEEP:
          MD5:E3DAC6C2DC2E233F26861C6298860302
          SHA1:D541742F79E98CD56D64786B062C46290977B313
          SHA-256:76F8CB7CAA00C43BDA22D40B0BEE384CAE104B443F0EB1A1A11A074B8A249EC6
          SHA-512:733BA8EDD5FE697EF78D09DD6FBFE24745A456D9549DEB35A804A58C9AC0CA6BFE38FE12F8BC08B7020C95C464363C7676E458C0B23C5D23FBA8EADEFCD9698A
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.1687091521006923
          Encrypted:false
          SSDEEP:
          MD5:D5B5D7A5E3D7BA13A4BFABEC449FDA11
          SHA1:A3B3EF9407F63EAAAA82FF65E93C26FA93FE21DE
          SHA-256:31125591D86F8A5F237911D71716CFA0A845F430670082DD1C9C212C659E0457
          SHA-512:C6EDF6F1024B8C8D543DF2EF46261C62FDD3174B0E85B5AFC20765B708031DF2278001DEACFDA9A80B123BF82A4B3B6F44CEC35F9E9D49C419010E546B1B53B2
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):454234
          Entropy (8bit):5.3561603204081445
          Encrypted:false
          SSDEEP:
          MD5:BFBA7E8773386C1C130B67D2BF0AFE88
          SHA1:313F01AA5B30F82A740CFCD5C72B2D196250C157
          SHA-256:DD19D5ED76EB60C8B077CAFF8223A32962C56E2F4E8BC160C31223B031083C82
          SHA-512:C9DE0712F873E6C0F2BD5A12FEF2B394013BAA5FF0B4B5F42F00CFCD0CE138946BFAC6945F22C4C7EAAEE11758EBD795E02BE8C08E06FEDD03C3047A96F94A41
          Malicious:false
          Reputation:low
          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4705072
          Entropy (8bit):7.05735073619111
          Encrypted:false
          SSDEEP:
          MD5:9A145819FEB9B159176FB95368BCD0BE
          SHA1:3728A89D10062B3701435638B1F01F138C5DC0F2
          SHA-256:3262782C80CEF7EF2CC23FFBE5D12F312736198D2F81F70DE1AA5F346D652DEB
          SHA-512:53B3D388C4D51D7CCA4F6E3C1F319372C1D78288CDA9EEDC6DAF25CBE9B4E17E3C29DF816F4724A8B16689C0A6E0AA925D517BC6EE0450B13AE4FC12F876B78E
          Malicious:false
          Reputation:low
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......OZ;,.;U..;U..;U.....;U.....;U.....;U.....;U..C...;U.0eT~.;U.0eV~.;U.0eQ~.;U.0eP~.;U.....;U..;T..?U.0e\~.:U.0eU~.;U.0e...;U.0eW~.;U.Rich.;U.........................PE..L...q.W.........."!......-......... .).......-..............................0H.....F.H...@A........................ .-..............p/...............G.0?....E.....0~..8...................h~..........@.....................,......................text.....-.......-................. ..`.data.........-.......-.............@....idata...T.......V..................@..@.didat.......P/.....................@....tls.........`/.....................@....rsrc........p/.....................@..@.reloc........E......tD.............@..B................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):46912
          Entropy (8bit):6.103240817782741
          Encrypted:false
          SSDEEP:
          MD5:03BCEBE6AF1088AF204855679E09742C
          SHA1:4C047F3970A622E3199B17B272A933E5CA2FD96B
          SHA-256:DA38EC145DE1DF91F112FCA7D44698A8A03695735391ACC04197A83D177E78C5
          SHA-512:8F0B77972F137506F4541DEC97F29E44BDF388F433C48863D7BCDFA190058DB9AEBB15F2826E5E514CFE3FF58D08CA939A99DE316AE67426397E71A3A841459C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!.........v......................................................;.....@.......................................... ..Ps...........x..@?..............8............................................................................text...............................@..@.rsrc...Ps... ...t..................@..@......W........&...8...8.........W........T...`...`...RSDS ...;;FK....9.......MFC140CHS.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):46912
          Entropy (8bit):6.144936881236486
          Encrypted:false
          SSDEEP:
          MD5:43CD3280EE498297FFAA5A3466A0DB36
          SHA1:690529B34C50374E26F86F5EBDEB77CB59B3D78B
          SHA-256:F20A23427715CF1A0EB791C60059A8B07AB13AEE2CDA1FAC8FEB779AE31C18E6
          SHA-512:6ED570920B6D65269F5E282202E90514041F11319EEB3E334E2BE258243F6EE32BEE961249D5FE4109113B538C2A91C9E06CB502A356006691E4DAB5A7341886
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!.........v.......................................................3....@.......................................... ..xs...........x..@?..............8............................................................................text...............................@..@.rsrc...xs... ...t..................@..@......W........&...8...8.........W........T...`...`...RSDS#I.%<.2J.....R.5....MFC140CHT.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1...b...rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):75584
          Entropy (8bit):4.746019557604047
          Encrypted:false
          SSDEEP:
          MD5:9307EB434BDEA57758E87B8183156535
          SHA1:85E417A70C8CA80574B726206C904B1716BC971B
          SHA-256:AF8A916F6B0FF9CFD80A81078B3022406653334C13A7187A4D206800E07C306C
          SHA-512:C330401D3D1C7F6843EC3C3020C3A714FD380A61E4004ECCE8463774E95E64B00F8E458B446964B97A981F45EBAD2820A54A6CC215417448EEF10BF5DCF16E10
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!......................................................................@.......................................... ..p...............@?..............8............................................................................text...............................@..@.rsrc...p.... ......................@..@......W........&...8...8.........W........T...`...`...RSDS7qC^.h.L.3'.........MFC140DEU.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):65856
          Entropy (8bit):4.889310904016867
          Encrypted:false
          SSDEEP:
          MD5:7A73D6670E011D9C500B9113A022281F
          SHA1:85C7DF2ECA4DABA594D3BEBE07273C54D56398BF
          SHA-256:357C047238FBAA6EC5A1D53EBDE7858C7F945DCE32B9FB28B1C4993E1077058E
          SHA-512:B6661E7CBFC8693AEC6B1804CEEBBC92FC8CF2FBCD7BB0A76BB8D4E19DA897E21A17C0458ACBD89A752A0E356F9677E6F68C9D28EFC2A45FB06DE5A354E70667
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!.................................................................U....@.......................................... .................@?..............8............................................................................text...............................@..@.rsrc....... ......................@..@......W........&...8...8.........W........T...`...`...RSDSK.}..c.E...7...I....MFC140ENU.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1..p....rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):74560
          Entropy (8bit):4.720868455843021
          Encrypted:false
          SSDEEP:
          MD5:25C2043A70F73C87375FBE58BA49B2D5
          SHA1:481464FDA6054B771079707F96BC3FA0FB8C928C
          SHA-256:0CA448BA8954CA8F625151AFFDC21DE63CB5677D2D6CCBC326CE0D8D89D0BF85
          SHA-512:1760782D80D03FAEFF92F1DFD4AC7B33FF49AC06D1045A7297673027DD0465E7DDA61AE7B6786FFB792AD8061E901882F1C2C831E96D1ABEA429CE58117B44CD
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!......................................................................@.......................................... ..................@?..............8............................................................................text...............................@..@.rsrc........ ......................@..@......W........&...8...8.........W........T...`...`...RSDS......=N.p...o.m....MFC140ESN.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):75584
          Entropy (8bit):4.732023958547452
          Encrypted:false
          SSDEEP:
          MD5:B509A58392CB134C2CA4B5AE844AC078
          SHA1:513071E8E8B3A4593CC445283784C661F2967661
          SHA-256:D6A5B92094764B42ECCB0EB4CF01429CCAE2FD8A01D43681964B4D24F9A5E0A4
          SHA-512:AAE7A9281EC2B9E2FB194B1EDED50744DA40D894E76A2C779E58A1878F34E990B8DA14DBF723AAE000C3334B2BF7F020D2F6EBBF747F1862EEB44EEAD4F3D1DE
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!................................................................$.....@.......................................... ..................@?..............8............................................................................text...............................@..@.rsrc........ ......................@..@......W........&...8...8.........W........T...`...`...RSDS..d..#sC..[..j......MFC140FRA.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1..H....rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):73536
          Entropy (8bit):4.72648600907302
          Encrypted:false
          SSDEEP:
          MD5:BBAE27EC6D3EF758785D9943A55CA317
          SHA1:618E4FBA0E7577584DC222236B699B66131FD979
          SHA-256:FB135F800BE3C75922B8799DF3A89299C633F90D39805248C77475B3774DDC66
          SHA-512:3E62B5FCA48A4D50C0C3A66E5F75B8AC839741DE7A97FE735C97CD3E30CC4FEABC663C8112B446DDB7604FAF511662AF5BD24243BA63A5CF2EFBAD4A2D58B7ED
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!.....................................................................@.......................................... ..................@?..............8............................................................................text...............................@..@.rsrc........ ......................@..@......W........&...8...8.........W........T...`...`...RSDS.4~...}N..CX~.......MFC140ITA.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1..(....rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):55104
          Entropy (8bit):5.910721084679986
          Encrypted:false
          SSDEEP:
          MD5:9D4A621E18C87019CC1200E4D9ACBEDA
          SHA1:F0B5669830F330BADBA22EAB484EC34B7DE45414
          SHA-256:0BD0922941986790AD83CD2658C0F07E7C8F653A158C6B1D81A2788BD725364E
          SHA-512:E86B7CE3C7E23A84909CE4F7D5C775DDF7B91E060522C858A2517E9991E5ADD9F14DF67A539BE42427A74C3309D65A8EDA821FA812E0FB474E26DA616B53F7AE
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!......................................................................@.......................................... .. ...............@?..............8............................................................................text...............................@..@.rsrc... .... ......................@..@......W........&...8...8.........W........T...`...`...RSDSD.z=..4A.........MFC140JPN.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):54080
          Entropy (8bit):6.073423569392797
          Encrypted:false
          SSDEEP:
          MD5:64CECFFCF850BEC038E7E591A1C286FE
          SHA1:80D532A59D4F9F1C87BD14FEF99AD3A90E793351
          SHA-256:57FD4F63B4EEA283AF182652F77A04842AF5988957DA67DA96D8846F5B1A09DD
          SHA-512:DA89F2C3D78A2A6D1997484EACAD865B946E5AE26C25D0F5AAD4A9E7EB6D3B407356F51A19D3FC003332E69C34EF5A78A2BC58E07BAEFFA365E303EA88E5CDA1
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!.................................................................y....@.......................................... .................@?..............8............................................................................text...............................@..@.rsrc....... ......................@..@......W........&...8...8.........W........T...`...`...RSDS..j.Zm.A.....o.....MFC140KOR.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1..X~...rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):71488
          Entropy (8bit):5.274499698926569
          Encrypted:false
          SSDEEP:
          MD5:EBE1AAC24EA274EB01061BF026AB526B
          SHA1:7D4CB9C49EC5A3CBBEDDBECF5E484E7CFF16AF41
          SHA-256:C9A02E397097FFCDF0F6C79C76DF359E7815A4CFC90EFC0FA65C965D55379298
          SHA-512:052C82CD89C8A521C60540E15E0CA729D1CC735AF0730C2336156AC6D1A86F6ABD42D8899850A781196952BCFEAB1B158490DA6E2AEE7A43D5716C93E2C5B13F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.<...R...R...R.6...R.6.P...R.Rich..R.................PE..L.....W.........."!......................................................................@.......................................... ..................@?..............8............................................................................text...............................@..@.rsrc........ ......................@..@......W........&...8...8.........W........T...`...`...RSDS.?*X...G..3.........MFC140RUS.pdb...........8....rdata..8...|....rdata$zzzdbg.... ..p....rsrc$01....p1..`....rsrc$02........................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4775224
          Entropy (8bit):7.037292025260288
          Encrypted:false
          SSDEEP:
          MD5:FF62AF7574CBA15E3192AD6A9D3D19B8
          SHA1:892FF33D139E9B9227AE03F2934DE5921C74364F
          SHA-256:54F6A0A169089D62B1A6DBCE899040B002C184BD54E8CA7CF02F4EBE4D8E7FD6
          SHA-512:4ABCA4BF0AB3E4F9175FD22AD506518F6E8FE4BFB4B4CB9C96AD10A9D73B3C9B41955CBE79FDC91F537EC3D0AE48A3B3BE4400744BC7AF635B4B66F19265CAE7
          Malicious:false
          Reputation:low
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........Z;-K;U~K;U~K;U~..~J;U~..~J;U~..~I;U~..~^;U~BC.~_;U~peT.I;U~peV.@;U~peQ.G;U~peP.\;U~..~X;U~K;T~.8U~pe\..:U~peU.J;U~pe.~J;U~peW.J;U~RichK;U~........................PE..L.....W.........."!.........................P................................I.....,5I...@A............................L...../......@0...............H.8?....E.....`...8...................,4......p...@............./.............................text.............................. ..`.data...$...........................@....idata..fS..../..T..../.............@..@.didat....... 0......./.............@....tls.........00......./.............@....rsrc........@0......./.............@..@.reloc........E.......E.............@..B................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):95032
          Entropy (8bit):6.488822703164812
          Encrypted:false
          SSDEEP:
          MD5:CF45BE9D7701608BC3174ABF46920EF2
          SHA1:55B61B3032520268E98652BEE1C43FDAAD66A079
          SHA-256:2DF9754E899A3EBD021BE033085354F190EE74D04A034FED95DB42480FBF34F6
          SHA-512:581DA886B1D204ABDC8AC4B83298906F56434BB935A6E3DAAFEC01C0FC48D7AA117DB87887891AA8542C0F0AAF89A2A622FAE593FEDFFD23522D1389C24BB91C
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*..y..y..yz<hy..y..5y..y...x..y...x..y...x..y..5y..yz<my..y..y..y...x..y...x..y..Yy..y...x..yRich..y........PE..L.....W.........."!.....D...........R.......`............................................@..........................0......`1.......p...............4..8?..........0f..8....................&.......e..@............`..L...........Pc..H............text....C.......D.................. ..`.rdata.......`.......H..............@..@.data........@......."..............@....tls.........P.......&..............@....gfids..T....`.......(..............@..@.rsrc........p.......*..............@..@.reloc..............................@..B........................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):95544
          Entropy (8bit):6.463075333235294
          Encrypted:false
          SSDEEP:
          MD5:CB56C5C3D746328FDF4E444E2D8A38E1
          SHA1:959B741391FB0DD55E26956387FB299FE9C2C416
          SHA-256:188C6A4E84114B522012FFCCA6DE7C18FE1032C226EEA4E4D15CADB0AC524185
          SHA-512:B47FE9D3801D8A206441C3294EAE065D13441259EADC2915E656BE96E56E15B76A00756EB4B6DE7E6043F86F0A7136B2F99DB887FA1B67C88D21075B16CA7E0C
          Malicious:false
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*..y..y..yz<hy..y..5y..y...x..y...x..y...x..y..5y..yz<my..y..y..y...x..y...x..y..Yy..y...x..yRich..y........PE..L.....W.........."!.....D...........R.......`............................................@..........................0.......1.......p...............6..8?..........0f..8....................&.......e..@............`..L...........Pc..H............text....C.......D.................. ..`.rdata.......`.......H..............@..@.data........@......."..............@....tls.........P.......&..............@....gfids..T....`.......(..............@..@.rsrc........p.......*..............@..@.reloc...............0..............@..B........................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):400184
          Entropy (8bit):6.408463971753924
          Encrypted:false
          SSDEEP:
          MD5:F89482C2C8A495993E2117D5D1BDF442
          SHA1:FBDA41C9A499F9D82E1CF69D06E4C6E16895F0F3
          SHA-256:AAA4364B8FD322F8878D91F8B76319ED71357E2A7E91D0F732D7857D067CEB2D
          SHA-512:121F882AF64FD67AFA86D0AC1B6B172B1DC9720078A0F6744A5C778911F22E4DD50B0C9D5509307C393DCC1131B3B5EFF6D088DA8D4C12D309B3FACDC46A334A
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........<.e.o.e.o.e.o...o.e.o.;.n.e.o.;.n.e.o.;.n.e.o.;.n.e.o..Go.e.o.e.oJe.o.;.n.e.o.;.n.e.o.;so.e.o.e.o.e.o.;.n.e.oRich.e.o........................PE..L.....W.........."!....."...........s.......@............................... .......P....@A............................47...r..@.......P$..............8?......$H...]..8....................]......8]..@............p...............................text...4 .......".................. ..`.data...<-...@...*...&..............@....idata..4....p.......P..............@..@.tls.................j..............@....rsrc...P$.......&...l..............@..@.reloc..$H.......J..................@..B................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):69632
          Entropy (8bit):0.1222300887201326
          Encrypted:false
          SSDEEP:
          MD5:0C81194CEF0749D9E332C8A7136CACFE
          SHA1:C7EB13F44675318CFFDC9AA3BEEA661901769BFA
          SHA-256:9DB01D67D4A95E5771936AA5E1B1E20370B1284E242DA81639CDD6A9A0CE3A53
          SHA-512:6E388643B69F5C43D970BDBF3F8EA68CDA3DED9CDC43C85B0E1172320944930934D203476609F605E5C1F06D5C25ACD5FED8F9804609477DB18553614AF73EEE
          Malicious:false
          Reputation:low
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):69632
          Entropy (8bit):0.12477187704484838
          Encrypted:false
          SSDEEP:
          MD5:7CA02422743318AE94B9634D2374B308
          SHA1:7A7E7FBECD79F8E3B32790D3E939A75E45FDFFD2
          SHA-256:489AD11EE4710B354CD327162DBB858AD1EBFE427AEF460572D7797CA0028AA0
          SHA-512:93737F2302958CFD075975E366DAF00EB4F0F7912973ED8EF17F16311BD7CA46935AB00A10C26945760B3F6B25E4155E1C153FE973A58DA7FB64CF9FA076E162
          Malicious:false
          Reputation:low
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):1.2434989297183723
          Encrypted:false
          SSDEEP:
          MD5:0AC85DF049D15C4D40A4725BD9118F86
          SHA1:99CEB8415325394D6E05EE4F9D6BADAEBC62F6C6
          SHA-256:C50BE81F744BDD8A67B09D9919BD91FB7214F8AF33C279DB6DBA653E159E2DC8
          SHA-512:E3C5BAEFC2B4B7872710DC67AE076DFF254A1C1A95B74EBE3B383ED8559EEBA9895ABDC04F60C7B89DF6486D7499E0E46CFC3ECC8F064609DC78DFF54C052D97
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):1.2401856099584374
          Encrypted:false
          SSDEEP:
          MD5:91A84B0BEC57E9D89CA2B03F96E4DC59
          SHA1:55A07F139933F6F3A83A375735FD083EA5CE4EF6
          SHA-256:32DC986E8775FF4E1DDB66DBEDB7847C0AB5ECC444269B3254CFAAC8C9D182B4
          SHA-512:A09B83DD3B810FD201939348847D0F7D1F27678FB1B9E56783CAC9B79C651D1E8B2A9962958A5F96E5405372A5BE460C9AB141580261890BB54E4C59B22FC783
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.07430030492339768
          Encrypted:false
          SSDEEP:
          MD5:52ACFB31F0BF25313A19DFC5C43FA41F
          SHA1:BA4FC647288ACD9A797E0CEC8B14469ACE1B296E
          SHA-256:0A1B48C3362A2D23200E5689466589E55781AD2AE12958D22A208584DD467659
          SHA-512:32765FAC558336502C425DE84DF4F0A7ED55E7A6960F420922B0FC0F1F4493981AD1BBEAAF8AB72ED3AEFBC7EA567A8A77F64B0EAAFC718B54B1FB79B695D005
          Malicious:false
          Reputation:low
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.10186237139289653
          Encrypted:false
          SSDEEP:
          MD5:2D2C80FE166609C1F4CD1C05343A4B84
          SHA1:13FB3F9688F6B52B8CB3B6C5C7978D8F92161F87
          SHA-256:FF2ADC4DFAE3AC5A282BFE8D1995BA44446D8C4A08D3266E7774B49C49159972
          SHA-512:28BFD284F78CCF3F1FB6D61D22EC7403F1F2D07011A69ADECC4E5ED459ADBB25D162D9A8842ABD80ED1E93DC00F745A61A95C2897DE06251939721EFE3D5AA86
          Malicious:false
          Reputation:low
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.549915540087648
          Encrypted:false
          SSDEEP:
          MD5:94FF40614CFF86C31119F1DB6328CCBD
          SHA1:DC61BFCC9FD1CE2A1A6586007A84621C47A0E7DC
          SHA-256:EAB535205D4A519026EF22A73AA2FB899FCF3149F4DC4032B49F58B5F9888086
          SHA-512:9A93298B26DC57C7A32D948AB00EBE99BB2897D419CF1F7E4A3459D062B507D51028693C546333A824F0A3324D8F3B075051BA6F8045718B07C99083FB48D77E
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.07488448775619394
          Encrypted:false
          SSDEEP:
          MD5:2B857B12C0F2537D5A69593750D30C9F
          SHA1:E6D70829BAFA31EFE1D1B190C868E65C5576FC6D
          SHA-256:DEB7B6E1AF6B3A9966B99DC69249B3600E5BCA1D86946CC9E002AF873AD3E9CF
          SHA-512:F7DFB8D78E19AB4274745A3B47E92AD9A75BF70C47E6268F6A075E1B24FE12B708084DEA1942D5887E99F1237B67C829CD4286980D209B73C67EB44379839CCA
          Malicious:false
          Reputation:low
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.10238370889664118
          Encrypted:false
          SSDEEP:
          MD5:9135EDA7E649E23FB176C147389665DC
          SHA1:3875AC310C49FFB3D6CAD7E33196A46DED0D2179
          SHA-256:49BF04169E5612D69DBEAA10AF851EF136E2F893FCF45DBA48337BA190067A12
          SHA-512:D00EB21CD8B55B09B39C6D34DC763C3CCBEB4995D050A8C07474DCDD480BB34C157DE84403083B223875406D5039CB69136C8E06D0AD71FFE53FAF9594552B14
          Malicious:false
          Reputation:low
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.5544253828990848
          Encrypted:false
          SSDEEP:
          MD5:F156C4F79937546B0174BC11B99D9A88
          SHA1:591A68523BF204521283BB53655B4BB3F87A49BE
          SHA-256:8A420E3878D8CC96871F0B01A82972093B141D73966AEB9675201A1F6234B59E
          SHA-512:7FB336B81E89DDC6655BE26BABD8DBE13D62F95D0A50447EED22F2FFF91E617D8930A57C0F20C9C15537285FF9B8C3F4DBABBCE171611AA004057C8198E6AB88
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):1.21263662001434
          Encrypted:false
          SSDEEP:
          MD5:4A50890D37488C1A9134705D83AC920D
          SHA1:305B3BDEFF095EE605C0014E81F45FFF79F0BFF3
          SHA-256:32785C25EB7392F3FD236581768D4B7E91CB84BE693DB09741750CEA4EF02279
          SHA-512:1EC4FFF3CD696174AD46669AA87250E73866747D270C2B78BB53BA0E83F0ED4F25DAD1E593BBCF237769CFF3A73CA585281E71386E281166B6BA97CB28ADD048
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):73728
          Entropy (8bit):0.12919803720042156
          Encrypted:false
          SSDEEP:
          MD5:B5E4D88AF67E19DA259C3BCD096FF8F9
          SHA1:8B2ACE049AFC371BB2C11C69D39551AF6E04E5D8
          SHA-256:42EEE6D6083E5D1C4448D741B2B5602BD7E6FAA4114A5925DA2DC9BB97E2A330
          SHA-512:A143C402BAAB6BDE23517CBF50E1EA2AEA2861CFC42FCB25494CCAF91D620DC5CE132314361C710176F43DA68C02D8CF557C6EF5C9407C748872DD8D47064B62
          Malicious:false
          Reputation:low
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):512
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BF619EAC0CDF3F68D496EA9344137E8B
          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
          Malicious:false
          Reputation:low
          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.5101853616105954
          Encrypted:false
          SSDEEP:
          MD5:6C878FE1953551637D13278020BA3EE0
          SHA1:E428EDFCFB0CDA5BE81906BF48D0E22C7FBDD62A
          SHA-256:C1C0F9643ACB1145858FB472050B16D3ED87F5EB0C1DFFC91D51F730C430FFFF
          SHA-512:8BFD1DDA130E2FAB36E3AB7CDBA21A3497B9D472E5AE8C43C4E09244B1F1255B0F484B417C7B362FBD3AA2D0DC587B5345922E301F0B67D03ED67BC51E19BE4C
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):1.2172704073120075
          Encrypted:false
          SSDEEP:
          MD5:E17A6DA2A4A78F3A263737B6B9BA1A53
          SHA1:525340CBB1B8125DEDFB0FD07635993FBC4D6CE8
          SHA-256:322065E55D81F20FA1951055536CF8BD55C8F051F88458164577C40D7063EA4A
          SHA-512:3FE87612D1AA4134F4C447CA4E7A8F276C8251D5BEA640DC0B4466B90B2A031D7BEBE0637B2A6DC1BBDFDC2C8D2175AB7D771BD04896ECA5C71D8FB6C0259976
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.5171389621498808
          Encrypted:false
          SSDEEP:
          MD5:9786B54B4813F268FA2DA814EC340885
          SHA1:02C2B3C31CF126292B885FDF5EB6F187A8529BAF
          SHA-256:F732DECE3A9E03A873335AAF007CC6D02BBDB155FA54FE3F9A55C1A1709CA9B6
          SHA-512:E6CAD062445E7C40D3C1EA01CBD81F384D77BDC050CFF8E64C0BA3C650520C27033E515BB9777A821792E68B82AD90621329DFD74B02E065951B2D730FCA3CFF
          Malicious:false
          Reputation:low
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):73728
          Entropy (8bit):0.13125427570520384
          Encrypted:false
          SSDEEP:
          MD5:ACB36E951934A2FA996E8B135553B5AE
          SHA1:33F57FE11BDDB082FB222E65CA03C4D383C8624B
          SHA-256:62281E122C5D14B2F3FB94D3DE966601A8944290EBD591E300300A0BFEA1289B
          SHA-512:CD8E58F0ED1E84EBBE27A73A8D2FDE393309683AE263770596C5C9A9AE21212DBEC43BEDCCEFFCD70AA1911AFC0F358793E14BFF220A4B50BBC4B6570D846C32
          Malicious:false
          Reputation:low
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):7.999570261352583
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.94%
          • Win16/32 Executable Delphi generic (2074/23) 0.02%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:ActiveBarcode-Setup6.12.0.exe
          File size:35'679'808 bytes
          MD5:7791a8a48af7782006dd4ccfad1cb14d
          SHA1:ce90c961462da6e025ba7c074ef1538e28e3d82c
          SHA256:cdcb9279fb747d04999c0c12476bfe38e7ae413365ff8eef9310c1be21d17078
          SHA512:6f3099b0e0bd2ac3b7fdf8db326c2da1af96e48bfad21fb459841c76498dbcab31dc05f13050077fa38ac0b27e001bea7c91b573642bc51019b02fe879488676
          SSDEEP:786432:CGRYO0NkfmNUNlJKeO0Hx1Zw00zYrsfApg9ywwt4DdctPyeC9tB:CGRYO0NCmNUYeXHxfw00zJf9Da4DGyeU
          TLSH:C3773317A56E72BDC507E231E0E1AA4C1E027C7910D631D92C78EECE5BB35D312B9EA1
          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
          Icon Hash:2d2e3797b32b2b99
          Entrypoint:0x41181c
          Entrypoint Section:.itext
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Time Stamp:0x5B226D52 [Thu Jun 14 13:27:46 2018 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:0
          File Version Major:5
          File Version Minor:0
          Subsystem Version Major:5
          Subsystem Version Minor:0
          Import Hash:20dd26497880c05caed9305b3c8b9109
          Signature Valid:true
          Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
          Signature Validation Error:The operation completed successfully
          Error Number:0
          Not Before, Not After
          • 12/01/2022 01:00:00 12/01/2025 00:59:59
          Subject Chain
          • CN=Lars Schenk, O=Lars Schenk, S=Schleswig-Holstein, C=DE
          Version:3
          Thumbprint MD5:80CAA0797922D4AF86AB249C090B0D27
          Thumbprint SHA-1:45CE1D83A1519E8EACBF30F4B91B91352D1A0837
          Thumbprint SHA-256:F44F09949C657A6D154748FEFD1AF6D1310660BE43150BB0B11B67767DB7A5A4
          Serial:0D9CC4CC3A53BE1613F677B693E2FB8B
          Instruction
          push ebp
          mov ebp, esp
          add esp, FFFFFFA4h
          push ebx
          push esi
          push edi
          xor eax, eax
          mov dword ptr [ebp-3Ch], eax
          mov dword ptr [ebp-40h], eax
          mov dword ptr [ebp-5Ch], eax
          mov dword ptr [ebp-30h], eax
          mov dword ptr [ebp-38h], eax
          mov dword ptr [ebp-34h], eax
          mov dword ptr [ebp-2Ch], eax
          mov dword ptr [ebp-28h], eax
          mov dword ptr [ebp-14h], eax
          mov eax, 0041015Ch
          call 00007F20416CF2EDh
          xor eax, eax
          push ebp
          push 00411EFEh
          push dword ptr fs:[eax]
          mov dword ptr fs:[eax], esp
          xor edx, edx
          push ebp
          push 00411EBAh
          push dword ptr fs:[edx]
          mov dword ptr fs:[edx], esp
          mov eax, dword ptr [00415B48h]
          call 00007F20416D7A4Bh
          call 00007F20416D759Ah
          cmp byte ptr [00412AE0h], 00000000h
          je 00007F20416DA56Eh
          call 00007F20416D7B60h
          xor eax, eax
          call 00007F20416CD385h
          lea edx, dword ptr [ebp-14h]
          xor eax, eax
          call 00007F20416D45CBh
          mov edx, dword ptr [ebp-14h]
          mov eax, 00418658h
          call 00007F20416CD95Ah
          push 00000002h
          push 00000000h
          push 00000001h
          mov ecx, dword ptr [00418658h]
          mov dl, 01h
          mov eax, dword ptr [0040C04Ch]
          call 00007F20416D4EE2h
          mov dword ptr [0041865Ch], eax
          xor edx, edx
          push ebp
          push 00411E66h
          push dword ptr fs:[edx]
          mov dword ptr fs:[edx], esp
          call 00007F20416D7ABEh
          mov dword ptr [00418664h], eax
          mov eax, dword ptr [00418664h]
          cmp dword ptr [eax+0Ch], 01h
          jne 00007F20416DA5AAh
          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x190000xe04.idata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c0000xb200.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x22045300x2910
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x1b0000x18.rdata
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x193040x214.idata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000xf25c0xf400False0.5482197745901639data6.375879013420213IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .itext0x110000xfa40x1000False0.563720703125data5.778765357049134IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .data0x120000xc8c0xe00False0.25362723214285715data2.3028287433175367IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .bss0x130000x56bc0x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .idata0x190000xe040x1000False0.321533203125data4.597812557707959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .tls0x1a0000x80x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rdata0x1b0000x180x200False0.05078125data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .rsrc0x1c0000xb2000xb200False0.177953827247191data4.140152878983828IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x1c41c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
          RT_ICON0x1c5440x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
          RT_ICON0x1caac0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
          RT_ICON0x1cd940x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
          RT_STRING0x1d63c0x68data0.6538461538461539
          RT_STRING0x1d6a40xd4data0.5283018867924528
          RT_STRING0x1d7780xa4data0.6524390243902439
          RT_STRING0x1d81c0x2acdata0.45614035087719296
          RT_STRING0x1dac80x34cdata0.4218009478672986
          RT_STRING0x1de140x294data0.4106060606060606
          RT_RCDATA0x1e0a80x82e8dataEnglishUnited States0.11261637622344235
          RT_RCDATA0x263900x10data1.5
          RT_RCDATA0x263a00x150data0.8392857142857143
          RT_RCDATA0x264f00x2cdata1.2045454545454546
          RT_GROUP_ICON0x2651c0x3edataEnglishUnited States0.8387096774193549
          RT_VERSION0x2655c0x4f4dataEnglishUnited States0.2665615141955836
          RT_MANIFEST0x26a500x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924
          DLLImport
          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
          advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
          user32.dllGetKeyboardType, LoadStringW, MessageBoxA, CharNextW
          kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
          kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
          user32.dllCreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
          kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
          advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
          comctl32.dllInitCommonControls
          kernel32.dllSleep
          advapi32.dllAdjustTokenPrivileges
          Language of compilation systemCountry where language is spokenMap
          DutchNetherlands
          EnglishUnited States