Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe

Overview

General Information

Sample name:Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
Analysis ID:1365321
MD5:ddeae6a33dadac7e815f44ffa2e3af72
SHA1:35d124119f877ff9d84979f768bc542389f19514
SHA256:28b96f7ac372171acbcac4a2cefd1c19d571fb157ab0394b6f33af4f059e5741
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Disables DEP (Data Execution Prevention) for certain images
Installs new ROOT certificates
Tries to detect sandboxes and other dynamic analysis tools (window names)
Writes a notice file (html or txt) to demand a ransom
Yara detected Generic Downloader
Checks for available system drives (often done to infect USB drives)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates Visual Basic Runtime Dlls
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64_ra
  • Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe (PID: 2808 cmdline: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe MD5: DDEAE6A33DADAC7E815F44FFA2E3AF72)
    • SolarWinds.Orion.MaintDateCheck.exe (PID: 5144 cmdline: "C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exe" /check:KiwiSyslog;9 MD5: EBBA335FD28EE47F33CC3D9F219A165F)
    • vcredist_x86_2010.exe (PID: 2772 cmdline: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe MD5: A9BDC3AC1FB59528A9907452756BD0DF)
      • Setup.exe (PID: 6632 cmdline: c:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe MD5: 006F8A615020A4A17F5E63801485DF46)
    • vcredist_x86_2013.exe (PID: 2632 cmdline: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe MD5: 0FC525B6B7B96A87523DAA7A0013C69D)
      • vcredist_x86_2013.exe (PID: 1744 cmdline: "C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe" -burn.unelevated BurnPipe.{B2C923D5-03AD-40DC-9405-A63C3C16425A} {6708B3AD-47E5-4E6F-9EE8-261E5C997216} 2632 MD5: 0FC525B6B7B96A87523DAA7A0013C69D)
    • RegAsm.exe (PID: 3496 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll" /tlb:SolarWinds.Licensing.KiwiSyslog.COMWrapper.tlb /u MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • conhost.exe (PID: 6136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 3728 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll" /tlb:SolarWinds.SyslogServer.Engine.tlb /u MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • conhost.exe (PID: 3396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 3448 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll" /tlb:SolarWinds.SyslogServer.SyslogAction.tlb /u MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • conhost.exe (PID: 6460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Syslogd_TaskEngine.exe (PID: 4516 cmdline: "C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exe" /regserver MD5: 60995005FCE2D6C7632D06722BDF1073)
    • RegAsm.exe (PID: 2396 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll" /tlb /codebase MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • conhost.exe (PID: 3440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 5680 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll" /tlb /codebase MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • conhost.exe (PID: 1436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 5224 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll" /tlb /codebase MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • conhost.exe (PID: 5404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5708 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Syslogd\DEPInc.bat"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 5800 cmdline: rundll32 sysdm.cpl, NoExecuteAddFileOptOutList C:\Program Files (x86)\Syslogd\Syslogd.exe MD5: 889B99C52A60DD49227C5E485A016679)
    • Syslogd.exe (PID: 4944 cmdline: "C:\Program Files (x86)\Syslogd\Syslogd.exe" MD5: 3503D3AEF9B4A29886D11471AED1B047)
  • msiexec.exe (PID: 3664 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • SrTasks.exe (PID: 6124 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1 MD5: 2694D2D28C368B921686FE567BD319EB)
    • conhost.exe (PID: 3924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • msiexec.exe (PID: 5324 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            Click to see the 1 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results
            Source: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeWindow detected: I &AgreeCancel 2022 SolarWinds Worldwide LLC. All rights reserved. 2022 SolarWinds Worldwide LLC. All rights reserved.License AgreementPlease review the license terms before installing Kiwi Syslog Server 9.8.2 .Press Page Down to see the rest of the agreement.202203015SOLARWINDSEND USER LICENSE AGREEMENTThis Agreement (as defined below) is hereby entered into and agreed upon by you either an individual or an entity (You or Company) and SolarWinds Worldwide LLC (SolarWinds) for the Software (as defined below). This Agreement is made and entered into as of the date that You accept it as defined below (the Effective Date).BY ACCEPTING THIS AGREEMENT EITHER BY INDICATING YOUR ACCEPTANCE BY EXECUTING THIS AGREEMENT OR AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY DOWNLOADING INSTALLING AND/OR UTILIZING THE SOFTWARE (DEFINED BELOW) YOU AGREE TO THIS AGREEMENT. THIS AGREEMENT IS A LEGALLY BINDING CONTRACT BETWEEN YOU AND SOLARWINDS AND SETS FORTH THE TERMS THAT GOVERN THE LICENSE PROVIDED TO YOU HEREUNDER. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. ANY CHANGES ADDITIONS OR DELETIONS BY YOU TO THIS AGREEMENT WILL NOT BE ACCEPTED AND WILL NOT BE A PART OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT YOU MUST NOT DOWNLOAD INSTALL OR USE THE SOFTWARE.1. DEFINITIONS.1.1 Affiliates means an entity now or hereafter controlled by under common control with or controlling such party where control is denoted by having fifty percent (50%) or more of the voting power (or equivalent) of the applicable entity but only for so long as such control exists. Subject to the terms and conditions of this Agreement Your Affiliates may use the license granted hereunder and You are responsible for their compliance with this Agreement. SolarWinds Affiliates may provide some of the services or ancillary services (such as invoicing) under this Agreement.1.2 Agreement means collectively this End User License Agreement as well as any applicable Product-Specific Terms and the Order Form. 1.3 Device means (whether physical or virtual) a server system workstation computer mobile device or end point upon which or through which the Software is used and/or on which the Software is installed.1.4 Documentation means the official user documentation prepared and provided by SolarWinds to You on the use of the Software (as may be updated by SolarWinds from time to time). For the avoidance of doubt any online community site; unofficial documentation videos white papers or related media; or feedback does not constitute Documentation.1.5 Order Form means the SolarWinds order page quote product information dashboard or other SolarWinds ordering document that specifies Your purchase of the Software pricing and other related information.1.6 Fees means any and all charges payable by You to SolarWinds pursuant to the Order Form.1.7 Perpetual License means
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeWindow detected: I &AgreeCancel 2022 SolarWinds Worldwide LLC. All rights reserved. 2022 SolarWinds Worldwide LLC. All rights reserved.License AgreementPlease review the license terms before installing Kiwi Syslog Server 9.8.2 .Press Page Down to see the rest of the agreement.202203015SOLARWINDSEND USER LICENSE AGREEMENTThis Agreement (as defined below) is hereby entered into and agreed upon by you either an individual or an entity (You or Company) and SolarWinds Worldwide LLC (SolarWinds) for the Software (as defined below). This Agreement is made and entered into as of the date that You accept it as defined below (the Effective Date).BY ACCEPTING THIS AGREEMENT EITHER BY INDICATING YOUR ACCEPTANCE BY EXECUTING THIS AGREEMENT OR AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY DOWNLOADING INSTALLING AND/OR UTILIZING THE SOFTWARE (DEFINED BELOW) YOU AGREE TO THIS AGREEMENT. THIS AGREEMENT IS A LEGALLY BINDING CONTRACT BETWEEN YOU AND SOLARWINDS AND SETS FORTH THE TERMS THAT GOVERN THE LICENSE PROVIDED TO YOU HEREUNDER. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. ANY CHANGES ADDITIONS OR DELETIONS BY YOU TO THIS AGREEMENT WILL NOT BE ACCEPTED AND WILL NOT BE A PART OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT YOU MUST NOT DOWNLOAD INSTALL OR USE THE SOFTWARE.1. DEFINITIONS.1.1 Affiliates means an entity now or hereafter controlled by under common control with or controlling such party where control is denoted by having fifty percent (50%) or more of the voting power (or equivalent) of the applicable entity but only for so long as such control exists. Subject to the terms and conditions of this Agreement Your Affiliates may use the license granted hereunder and You are responsible for their compliance with this Agreement. SolarWinds Affiliates may provide some of the services or ancillary services (such as invoicing) under this Agreement.1.2 Agreement means collectively this End User License Agreement as well as any applicable Product-Specific Terms and the Order Form. 1.3 Device means (whether physical or virtual) a server system workstation computer mobile device or end point upon which or through which the Software is used and/or on which the Software is installed.1.4 Documentation means the official user documentation prepared and provided by SolarWinds to You on the use of the Software (as may be updated by SolarWinds from time to time). For the avoidance of doubt any online community site; unofficial documentation videos white papers or related media; or feedback does not constitute Documentation.1.5 Order Form means the SolarWinds order page quote product information dashboard or other SolarWinds ordering document that specifies Your purchase of the Software pricing and other related information.1.6 Fees means any and all charges payable by You to SolarWinds pursuant to the Order Form.1.7 Perpetual License means
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIESThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <http://www.microsoft.com/exporting>.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.Entire Agreement. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.Applicable Law.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIESThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <http://www.microsoft.com/exporting>.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.Entire Agreement. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.Applicable Law.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ REDISTRIBUTABLE FOR VISUAL STUDIO 2013 These license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services andsupport servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.IF YOU COMPLY WITH THESE LICENSE TERMS YOU HAVE THE PERPETUAL RIGHTS BELOW.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.SCOPE OF LICENSE. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.ENTIRE AGREEMENT. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.APPLICABLE LAW.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict of laws pri
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ REDISTRIBUTABLE FOR VISUAL STUDIO 2013 These license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services andsupport servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.IF YOU COMPLY WITH THESE LICENSE TERMS YOU HAVE THE PERPETUAL RIGHTS BELOW.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.SCOPE OF LICENSE. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.ENTIRE AGREEMENT. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.APPLICABLE LAW.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict of laws pri
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeWindow detected: I &AgreeCancel 2022 SolarWinds Worldwide LLC. All rights reserved. 2022 SolarWinds Worldwide LLC. All rights reserved.License AgreementPlease review the license terms before installing Kiwi Syslog Server 9.8.2 .Press Page Down to see the rest of the agreement.202203015SOLARWINDSEND USER LICENSE AGREEMENTThis Agreement (as defined below) is hereby entered into and agreed upon by you either an individual or an entity (You or Company) and SolarWinds Worldwide LLC (SolarWinds) for the Software (as defined below). This Agreement is made and entered into as of the date that You accept it as defined below (the Effective Date).BY ACCEPTING THIS AGREEMENT EITHER BY INDICATING YOUR ACCEPTANCE BY EXECUTING THIS AGREEMENT OR AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY DOWNLOADING INSTALLING AND/OR UTILIZING THE SOFTWARE (DEFINED BELOW) YOU AGREE TO THIS AGREEMENT. THIS AGREEMENT IS A LEGALLY BINDING CONTRACT BETWEEN YOU AND SOLARWINDS AND SETS FORTH THE TERMS THAT GOVERN THE LICENSE PROVIDED TO YOU HEREUNDER. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. ANY CHANGES ADDITIONS OR DELETIONS BY YOU TO THIS AGREEMENT WILL NOT BE ACCEPTED AND WILL NOT BE A PART OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT YOU MUST NOT DOWNLOAD INSTALL OR USE THE SOFTWARE.1. DEFINITIONS.1.1 Affiliates means an entity now or hereafter controlled by under common control with or controlling such party where control is denoted by having fifty percent (50%) or more of the voting power (or equivalent) of the applicable entity but only for so long as such control exists. Subject to the terms and conditions of this Agreement Your Affiliates may use the license granted hereunder and You are responsible for their compliance with this Agreement. SolarWinds Affiliates may provide some of the services or ancillary services (such as invoicing) under this Agreement.1.2 Agreement means collectively this End User License Agreement as well as any applicable Product-Specific Terms and the Order Form. 1.3 Device means (whether physical or virtual) a server system workstation computer mobile device or end point upon which or through which the Software is used and/or on which the Software is installed.1.4 Documentation means the official user documentation prepared and provided by SolarWinds to You on the use of the Software (as may be updated by SolarWinds from time to time). For the avoidance of doubt any online community site; unofficial documentation videos white papers or related media; or feedback does not constitute Documentation.1.5 Order Form means the SolarWinds order page quote product information dashboard or other SolarWinds ordering document that specifies Your purchase of the Software pricing and other related information.1.6 Fees means any and all charges payable by You to SolarWinds pursuant to the Order Form.1.7 Perpetual License means
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ REDISTRIBUTABLE FOR VISUAL STUDIO 2013 These license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services andsupport servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.IF YOU COMPLY WITH THESE LICENSE TERMS YOU HAVE THE PERPETUAL RIGHTS BELOW.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.SCOPE OF LICENSE. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.ENTIRE AGREEMENT. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.APPLICABLE LAW.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict of laws pri
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeWindow detected: I &AgreeCancel 2022 SolarWinds Worldwide LLC. All rights reserved. 2022 SolarWinds Worldwide LLC. All rights reserved.License AgreementPlease review the license terms before installing Kiwi Syslog Server 9.8.2 .Press Page Down to see the rest of the agreement.202203015SOLARWINDSEND USER LICENSE AGREEMENTThis Agreement (as defined below) is hereby entered into and agreed upon by you either an individual or an entity (You or Company) and SolarWinds Worldwide LLC (SolarWinds) for the Software (as defined below). This Agreement is made and entered into as of the date that You accept it as defined below (the Effective Date).BY ACCEPTING THIS AGREEMENT EITHER BY INDICATING YOUR ACCEPTANCE BY EXECUTING THIS AGREEMENT OR AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY DOWNLOADING INSTALLING AND/OR UTILIZING THE SOFTWARE (DEFINED BELOW) YOU AGREE TO THIS AGREEMENT. THIS AGREEMENT IS A LEGALLY BINDING CONTRACT BETWEEN YOU AND SOLARWINDS AND SETS FORTH THE TERMS THAT GOVERN THE LICENSE PROVIDED TO YOU HEREUNDER. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. ANY CHANGES ADDITIONS OR DELETIONS BY YOU TO THIS AGREEMENT WILL NOT BE ACCEPTED AND WILL NOT BE A PART OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT YOU MUST NOT DOWNLOAD INSTALL OR USE THE SOFTWARE.1. DEFINITIONS.1.1 Affiliates means an entity now or hereafter controlled by under common control with or controlling such party where control is denoted by having fifty percent (50%) or more of the voting power (or equivalent) of the applicable entity but only for so long as such control exists. Subject to the terms and conditions of this Agreement Your Affiliates may use the license granted hereunder and You are responsible for their compliance with this Agreement. SolarWinds Affiliates may provide some of the services or ancillary services (such as invoicing) under this Agreement.1.2 Agreement means collectively this End User License Agreement as well as any applicable Product-Specific Terms and the Order Form. 1.3 Device means (whether physical or virtual) a server system workstation computer mobile device or end point upon which or through which the Software is used and/or on which the Software is installed.1.4 Documentation means the official user documentation prepared and provided by SolarWinds to You on the use of the Software (as may be updated by SolarWinds from time to time). For the avoidance of doubt any online community site; unofficial documentation videos white papers or related media; or feedback does not constitute Documentation.1.5 Order Form means the SolarWinds order page quote product information dashboard or other SolarWinds ordering document that specifies Your purchase of the Software pricing and other related information.1.6 Fees means any and all charges payable by You to SolarWinds pursuant to the Order Form.1.7 Perpetual License means
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20231221_001318816-MSI_vc_red.msi.txt
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\install.log
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1033\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1041\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1042\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1028\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\2052\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1040\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1036\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1031\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\3082\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1049\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile created: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf
            Source: C:\Windows\System32\msiexec.exeFile opened: c:\Windows\SysWOW64\msvcr100.dll
            Source: unknownHTTPS traffic detected: 23.221.212.44:443 -> 192.168.2.16:49724 version: TLS 1.2
            Source: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Windows\System32\msiexec.exeFile opened: z:
            Source: C:\Windows\System32\msiexec.exeFile opened: x:
            Source: C:\Windows\System32\msiexec.exeFile opened: v:
            Source: C:\Windows\System32\msiexec.exeFile opened: t:
            Source: C:\Windows\System32\msiexec.exeFile opened: r:
            Source: C:\Windows\System32\msiexec.exeFile opened: p:
            Source: C:\Windows\System32\msiexec.exeFile opened: n:
            Source: C:\Windows\System32\msiexec.exeFile opened: l:
            Source: C:\Windows\System32\msiexec.exeFile opened: j:
            Source: C:\Windows\System32\msiexec.exeFile opened: h:
            Source: C:\Windows\System32\msiexec.exeFile opened: f:
            Source: C:\Windows\System32\msiexec.exeFile opened: b:
            Source: C:\Windows\System32\msiexec.exeFile opened: y:
            Source: C:\Windows\System32\msiexec.exeFile opened: w:
            Source: C:\Windows\System32\msiexec.exeFile opened: u:
            Source: C:\Windows\System32\msiexec.exeFile opened: s:
            Source: C:\Windows\System32\msiexec.exeFile opened: q:
            Source: C:\Windows\System32\msiexec.exeFile opened: o:
            Source: C:\Windows\System32\msiexec.exeFile opened: m:
            Source: C:\Windows\System32\msiexec.exeFile opened: k:
            Source: C:\Windows\System32\msiexec.exeFile opened: i:
            Source: C:\Windows\System32\msiexec.exeFile opened: g:
            Source: C:\Windows\System32\msiexec.exeFile opened: e:
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: c:
            Source: C:\Windows\System32\msiexec.exeFile opened: a:
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\NULL
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dll, type: DROPPED
            Source: Yara matchFile source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dll, type: DROPPED
            Source: Yara matchFile source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dll, type: DROPPED
            Source: Yara matchFile source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dll, type: DROPPED
            Source: Yara matchFile source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dll, type: DROPPED
            Source: Yara matchFile source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dll, type: DROPPED
            Source: global trafficHTTP traffic detected: GET /solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml HTTP/1.1Host: downloads.solarwinds.comConnection: Keep-Alive
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml HTTP/1.1Host: downloads.solarwinds.comConnection: Keep-Alive
            Source: unknownDNS traffic detected: queries for: downloads.solarwinds.com
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownHTTPS traffic detected: 23.221.212.44:443 -> 192.168.2.16:49724 version: TLS 1.2

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Writes a notice file (html or txt) to demand a ransom
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile dropped: C:\Program Files (x86)\Syslogd\MIBs\KiwiCurrentMIBs.txt -> encryption-mib140adva-fspr7-pm-mib3402adva-fspr7-tc-mib1adva-mib416adventnet-netflowanalyzer-mib15aem-mib377agama-alarm-mib26agama-alarm-tc-mib1agama-tc-mib1agama-top-mib1agent5views-mib149agent8245-mib68agentcmn-mib63agent-general-mib312agent-mib58agentx-mib41aggregated-ext-mib82aidu-mib43airespace-ref-mib1airespace-switching-mib349airespace-wireless-mib1245airpair-mib420airpairv2ctrap-mib67airport-basestation-3-mib46akara-admin-reg71akara-alarm-mib43akara-bandwidth-mib146akara-client-mib120akara-ds3-mib97akara-entity-mib7akara-gbe-line-interface-mib45akara-line-interface-mib22akara-protection-group-mib10akara-sonet-mib92akara-system-mib34akara-tca-mib6akara-textual-conventions1akara-vftp-mib42aktino-alarm-mib22aktino-smi5alarm-mib175alcatel-cid-mib6alcatel-ieee8021-pae-mib37alcatel-igmp-snooping-mib220alcatel-ind1-aaa-mib153alcatel-ind1-base88alcatel-ind1-bgp-mib279alcJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\MSWINSCK.ocx
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\mswinsck.ocx
            Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\Installer\3ed841.msi
            Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\3ed844.msi
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess token adjusted: Security
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeSection loaded: tsappcmp.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeSection loaded: tsappcmp.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exeSection loaded: vb6zz.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: vb6zz.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: ssthreedzzz.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: ssthreedzz.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: ssthreezzz.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: winskenu.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: winsken.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: winsenu.dll
            Source: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal60.rans.troj.evad.winEXE@43/304@1/2
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\Public\Desktop\Kiwi Syslog Server Console.lnk
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3440:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3396:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6744:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1436:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5404:120:WilError_03
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeMutant created: \Sessions\1\BaseNamedObjects\Global\SolarWindsLicenseStoreDALMutex
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeMutant created: \Sessions\1\BaseNamedObjects\C__Program Files (x86)_Syslogd_Syslogd.log
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6460:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6136:120:WilError_03
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeMutant created: \Sessions\1\BaseNamedObjects\Global\SolarWindsLicenseStoreDALFileMutex
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\nss5C7A.tmp
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Syslogd\DEPInc.bat""
            Source: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\4bc5e5252873c08797895d5b6fe6ddfd\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\faf93f57aa8c4c5dddd9cd0de441d5a1\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\faf93f57aa8c4c5dddd9cd0de441d5a1\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\faf93f57aa8c4c5dddd9cd0de441d5a1\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\faf93f57aa8c4c5dddd9cd0de441d5a1\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\faf93f57aa8c4c5dddd9cd0de441d5a1\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\faf93f57aa8c4c5dddd9cd0de441d5a1\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\faf93f57aa8c4c5dddd9cd0de441d5a1\mscorlib.ni.dll
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile read: C:\Users\desktop.ini
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 sysdm.cpl, NoExecuteAddFileOptOutList C:\Program Files (x86)\Syslogd\Syslogd.exe
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile read: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
            Source: unknownProcess created: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exe "C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exe" /check:KiwiSyslog;9
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exe "C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exe" /check:KiwiSyslog;9
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeProcess created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe c:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeProcess created: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe "C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe" -burn.unelevated BurnPipe.{B2C923D5-03AD-40DC-9405-A63C3C16425A} {6708B3AD-47E5-4E6F-9EE8-261E5C997216} 2632
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeProcess created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe c:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe
            Source: unknownProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
            Source: C:\Windows\System32\SrTasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeProcess created: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe "C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe" -burn.unelevated BurnPipe.{B2C923D5-03AD-40DC-9405-A63C3C16425A} {6708B3AD-47E5-4E6F-9EE8-261E5C997216} 2632
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll" /tlb:SolarWinds.Licensing.KiwiSyslog.COMWrapper.tlb /u
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll" /tlb:SolarWinds.SyslogServer.Engine.tlb /u
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll" /tlb:SolarWinds.SyslogServer.SyslogAction.tlb /u
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exe "C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exe" /regserver
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll" /tlb /codebase
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll" /tlb /codebase
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll" /tlb /codebase
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Syslogd\DEPInc.bat""
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 sysdm.cpl, NoExecuteAddFileOptOutList C:\Program Files (x86)\Syslogd\Syslogd.exe
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Program Files (x86)\Syslogd\Syslogd.exe "C:\Program Files (x86)\Syslogd\Syslogd.exe"
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll" /tlb:SolarWinds.Licensing.KiwiSyslog.COMWrapper.tlb /u
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll" /tlb:SolarWinds.SyslogServer.Engine.tlb /u
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll" /tlb:SolarWinds.SyslogServer.SyslogAction.tlb /u
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exe "C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exe" /regserver
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll" /tlb /codebase
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll" /tlb /codebase
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll" /tlb /codebase
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Syslogd\DEPInc.bat""
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Program Files (x86)\Syslogd\Syslogd.exe "C:\Program Files (x86)\Syslogd\Syslogd.exe"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 sysdm.cpl, NoExecuteAddFileOptOutList C:\Program Files (x86)\Syslogd\Syslogd.exe
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile written: C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\installas.ini
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeWindow found: window name: SysTabControl32
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeWindow detected: I &AgreeCancel 2022 SolarWinds Worldwide LLC. All rights reserved. 2022 SolarWinds Worldwide LLC. All rights reserved.License AgreementPlease review the license terms before installing Kiwi Syslog Server 9.8.2 .Press Page Down to see the rest of the agreement.202203015SOLARWINDSEND USER LICENSE AGREEMENTThis Agreement (as defined below) is hereby entered into and agreed upon by you either an individual or an entity (You or Company) and SolarWinds Worldwide LLC (SolarWinds) for the Software (as defined below). This Agreement is made and entered into as of the date that You accept it as defined below (the Effective Date).BY ACCEPTING THIS AGREEMENT EITHER BY INDICATING YOUR ACCEPTANCE BY EXECUTING THIS AGREEMENT OR AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY DOWNLOADING INSTALLING AND/OR UTILIZING THE SOFTWARE (DEFINED BELOW) YOU AGREE TO THIS AGREEMENT. THIS AGREEMENT IS A LEGALLY BINDING CONTRACT BETWEEN YOU AND SOLARWINDS AND SETS FORTH THE TERMS THAT GOVERN THE LICENSE PROVIDED TO YOU HEREUNDER. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. ANY CHANGES ADDITIONS OR DELETIONS BY YOU TO THIS AGREEMENT WILL NOT BE ACCEPTED AND WILL NOT BE A PART OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT YOU MUST NOT DOWNLOAD INSTALL OR USE THE SOFTWARE.1. DEFINITIONS.1.1 Affiliates means an entity now or hereafter controlled by under common control with or controlling such party where control is denoted by having fifty percent (50%) or more of the voting power (or equivalent) of the applicable entity but only for so long as such control exists. Subject to the terms and conditions of this Agreement Your Affiliates may use the license granted hereunder and You are responsible for their compliance with this Agreement. SolarWinds Affiliates may provide some of the services or ancillary services (such as invoicing) under this Agreement.1.2 Agreement means collectively this End User License Agreement as well as any applicable Product-Specific Terms and the Order Form. 1.3 Device means (whether physical or virtual) a server system workstation computer mobile device or end point upon which or through which the Software is used and/or on which the Software is installed.1.4 Documentation means the official user documentation prepared and provided by SolarWinds to You on the use of the Software (as may be updated by SolarWinds from time to time). For the avoidance of doubt any online community site; unofficial documentation videos white papers or related media; or feedback does not constitute Documentation.1.5 Order Form means the SolarWinds order page quote product information dashboard or other SolarWinds ordering document that specifies Your purchase of the Software pricing and other related information.1.6 Fees means any and all charges payable by You to SolarWinds pursuant to the Order Form.1.7 Perpetual License means
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeWindow detected: I &AgreeCancel 2022 SolarWinds Worldwide LLC. All rights reserved. 2022 SolarWinds Worldwide LLC. All rights reserved.License AgreementPlease review the license terms before installing Kiwi Syslog Server 9.8.2 .Press Page Down to see the rest of the agreement.202203015SOLARWINDSEND USER LICENSE AGREEMENTThis Agreement (as defined below) is hereby entered into and agreed upon by you either an individual or an entity (You or Company) and SolarWinds Worldwide LLC (SolarWinds) for the Software (as defined below). This Agreement is made and entered into as of the date that You accept it as defined below (the Effective Date).BY ACCEPTING THIS AGREEMENT EITHER BY INDICATING YOUR ACCEPTANCE BY EXECUTING THIS AGREEMENT OR AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY DOWNLOADING INSTALLING AND/OR UTILIZING THE SOFTWARE (DEFINED BELOW) YOU AGREE TO THIS AGREEMENT. THIS AGREEMENT IS A LEGALLY BINDING CONTRACT BETWEEN YOU AND SOLARWINDS AND SETS FORTH THE TERMS THAT GOVERN THE LICENSE PROVIDED TO YOU HEREUNDER. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. ANY CHANGES ADDITIONS OR DELETIONS BY YOU TO THIS AGREEMENT WILL NOT BE ACCEPTED AND WILL NOT BE A PART OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT YOU MUST NOT DOWNLOAD INSTALL OR USE THE SOFTWARE.1. DEFINITIONS.1.1 Affiliates means an entity now or hereafter controlled by under common control with or controlling such party where control is denoted by having fifty percent (50%) or more of the voting power (or equivalent) of the applicable entity but only for so long as such control exists. Subject to the terms and conditions of this Agreement Your Affiliates may use the license granted hereunder and You are responsible for their compliance with this Agreement. SolarWinds Affiliates may provide some of the services or ancillary services (such as invoicing) under this Agreement.1.2 Agreement means collectively this End User License Agreement as well as any applicable Product-Specific Terms and the Order Form. 1.3 Device means (whether physical or virtual) a server system workstation computer mobile device or end point upon which or through which the Software is used and/or on which the Software is installed.1.4 Documentation means the official user documentation prepared and provided by SolarWinds to You on the use of the Software (as may be updated by SolarWinds from time to time). For the avoidance of doubt any online community site; unofficial documentation videos white papers or related media; or feedback does not constitute Documentation.1.5 Order Form means the SolarWinds order page quote product information dashboard or other SolarWinds ordering document that specifies Your purchase of the Software pricing and other related information.1.6 Fees means any and all charges payable by You to SolarWinds pursuant to the Order Form.1.7 Perpetual License means
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIESThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <http://www.microsoft.com/exporting>.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.Entire Agreement. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.Applicable Law.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIESThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <http://www.microsoft.com/exporting>.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.Entire Agreement. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.Applicable Law.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ REDISTRIBUTABLE FOR VISUAL STUDIO 2013 These license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services andsupport servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.IF YOU COMPLY WITH THESE LICENSE TERMS YOU HAVE THE PERPETUAL RIGHTS BELOW.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.SCOPE OF LICENSE. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.ENTIRE AGREEMENT. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.APPLICABLE LAW.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict of laws pri
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ REDISTRIBUTABLE FOR VISUAL STUDIO 2013 These license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services andsupport servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.IF YOU COMPLY WITH THESE LICENSE TERMS YOU HAVE THE PERPETUAL RIGHTS BELOW.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.SCOPE OF LICENSE. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.ENTIRE AGREEMENT. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.APPLICABLE LAW.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict of laws pri
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeWindow detected: I &AgreeCancel 2022 SolarWinds Worldwide LLC. All rights reserved. 2022 SolarWinds Worldwide LLC. All rights reserved.License AgreementPlease review the license terms before installing Kiwi Syslog Server 9.8.2 .Press Page Down to see the rest of the agreement.202203015SOLARWINDSEND USER LICENSE AGREEMENTThis Agreement (as defined below) is hereby entered into and agreed upon by you either an individual or an entity (You or Company) and SolarWinds Worldwide LLC (SolarWinds) for the Software (as defined below). This Agreement is made and entered into as of the date that You accept it as defined below (the Effective Date).BY ACCEPTING THIS AGREEMENT EITHER BY INDICATING YOUR ACCEPTANCE BY EXECUTING THIS AGREEMENT OR AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY DOWNLOADING INSTALLING AND/OR UTILIZING THE SOFTWARE (DEFINED BELOW) YOU AGREE TO THIS AGREEMENT. THIS AGREEMENT IS A LEGALLY BINDING CONTRACT BETWEEN YOU AND SOLARWINDS AND SETS FORTH THE TERMS THAT GOVERN THE LICENSE PROVIDED TO YOU HEREUNDER. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. ANY CHANGES ADDITIONS OR DELETIONS BY YOU TO THIS AGREEMENT WILL NOT BE ACCEPTED AND WILL NOT BE A PART OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT YOU MUST NOT DOWNLOAD INSTALL OR USE THE SOFTWARE.1. DEFINITIONS.1.1 Affiliates means an entity now or hereafter controlled by under common control with or controlling such party where control is denoted by having fifty percent (50%) or more of the voting power (or equivalent) of the applicable entity but only for so long as such control exists. Subject to the terms and conditions of this Agreement Your Affiliates may use the license granted hereunder and You are responsible for their compliance with this Agreement. SolarWinds Affiliates may provide some of the services or ancillary services (such as invoicing) under this Agreement.1.2 Agreement means collectively this End User License Agreement as well as any applicable Product-Specific Terms and the Order Form. 1.3 Device means (whether physical or virtual) a server system workstation computer mobile device or end point upon which or through which the Software is used and/or on which the Software is installed.1.4 Documentation means the official user documentation prepared and provided by SolarWinds to You on the use of the Software (as may be updated by SolarWinds from time to time). For the avoidance of doubt any online community site; unofficial documentation videos white papers or related media; or feedback does not constitute Documentation.1.5 Order Form means the SolarWinds order page quote product information dashboard or other SolarWinds ordering document that specifies Your purchase of the Software pricing and other related information.1.6 Fees means any and all charges payable by You to SolarWinds pursuant to the Order Form.1.7 Perpetual License means
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ REDISTRIBUTABLE FOR VISUAL STUDIO 2013 These license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services andsupport servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.IF YOU COMPLY WITH THESE LICENSE TERMS YOU HAVE THE PERPETUAL RIGHTS BELOW.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.SCOPE OF LICENSE. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.ENTIRE AGREEMENT. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.APPLICABLE LAW.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict of laws pri
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeWindow detected: I &AgreeCancel 2022 SolarWinds Worldwide LLC. All rights reserved. 2022 SolarWinds Worldwide LLC. All rights reserved.License AgreementPlease review the license terms before installing Kiwi Syslog Server 9.8.2 .Press Page Down to see the rest of the agreement.202203015SOLARWINDSEND USER LICENSE AGREEMENTThis Agreement (as defined below) is hereby entered into and agreed upon by you either an individual or an entity (You or Company) and SolarWinds Worldwide LLC (SolarWinds) for the Software (as defined below). This Agreement is made and entered into as of the date that You accept it as defined below (the Effective Date).BY ACCEPTING THIS AGREEMENT EITHER BY INDICATING YOUR ACCEPTANCE BY EXECUTING THIS AGREEMENT OR AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY DOWNLOADING INSTALLING AND/OR UTILIZING THE SOFTWARE (DEFINED BELOW) YOU AGREE TO THIS AGREEMENT. THIS AGREEMENT IS A LEGALLY BINDING CONTRACT BETWEEN YOU AND SOLARWINDS AND SETS FORTH THE TERMS THAT GOVERN THE LICENSE PROVIDED TO YOU HEREUNDER. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. ANY CHANGES ADDITIONS OR DELETIONS BY YOU TO THIS AGREEMENT WILL NOT BE ACCEPTED AND WILL NOT BE A PART OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT YOU MUST NOT DOWNLOAD INSTALL OR USE THE SOFTWARE.1. DEFINITIONS.1.1 Affiliates means an entity now or hereafter controlled by under common control with or controlling such party where control is denoted by having fifty percent (50%) or more of the voting power (or equivalent) of the applicable entity but only for so long as such control exists. Subject to the terms and conditions of this Agreement Your Affiliates may use the license granted hereunder and You are responsible for their compliance with this Agreement. SolarWinds Affiliates may provide some of the services or ancillary services (such as invoicing) under this Agreement.1.2 Agreement means collectively this End User License Agreement as well as any applicable Product-Specific Terms and the Order Form. 1.3 Device means (whether physical or virtual) a server system workstation computer mobile device or end point upon which or through which the Software is used and/or on which the Software is installed.1.4 Documentation means the official user documentation prepared and provided by SolarWinds to You on the use of the Software (as may be updated by SolarWinds from time to time). For the avoidance of doubt any online community site; unofficial documentation videos white papers or related media; or feedback does not constitute Documentation.1.5 Order Form means the SolarWinds order page quote product information dashboard or other SolarWinds ordering document that specifies Your purchase of the Software pricing and other related information.1.6 Fees means any and all charges payable by You to SolarWinds pursuant to the Order Form.1.7 Perpetual License means
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeWindow detected: Number of UI elements: 19
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeWindow detected: Number of UI elements: 19
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeWindow detected: Number of UI elements: 19
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeKey value created or modified: HKEY_CURRENT_USER\Control Panel\Mouse MouseHoverTime
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
            Source: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeStatic file information: File size 29394832 > 1048576
            Source: C:\Windows\System32\msiexec.exeFile opened: c:\Windows\SysWOW64\msvcr100.dll
            Source: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Persistence and Installation Behavior

            barindex
            Installs new ROOT certificates
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\System.Data.SQLite.EF6.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120chs.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100cht.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\System.Data.SQLite.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Castle.Windsor.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120ita.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.Json.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\MSCOMCTL.OCXJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\3082\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\KSS\log4net.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.OLE.Interop.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\XceedZip.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\PcapDotNet.Packets.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\System.Data.SQLite.Linq.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100deu.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp100.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\System.Buffers.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100u.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\System.Numerics.Vectors.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\KiwiSC.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\nssm.exeJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1028\SetupResources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120fra.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp120.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1033\SetupResources.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile created: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\wixstdba.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100esn.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ccrpbds6.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\sqmapi.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileSystemGlobbing.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\splash.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100rus.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm100.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiEventlog.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\PacketX.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1036\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiControls.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120kor.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.UI.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ipinfo200.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\certmgr200.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\InstallOptions.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1042\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Data.ConnectionUI.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1040\SetupResources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100enu.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcr100_x86Jump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiGrid3.ocxJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1049\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileProviders.Physical.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\EntityFramework.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.Gen4.UI.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120jpn.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\TimerLite.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.ForwardSyslog.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\IGThreed40.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\Vsflex7L.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.TextManager.Interop.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\actskn43.ocxJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1041\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\SetupUi.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.Npcap.Net.x86.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\KiwiSyslogLicensor.exeJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileProviders.Abstractions.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Logging.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120deu.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Serilog.Settings.Configuration.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\System.Memory.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\atl100.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100chs.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile created: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.be\vcredist_x86.exeJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiSocket.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120cht.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\COMCTL32.OCXJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Castle.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ssnmpag200.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.Logging.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ssnmptrp200.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100ita.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\KSS\JetBrains.Annotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KRDPLoggerforIPv6.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\PcapDotNet.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.DatabaseConnectionStringBuilder.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\PcapDotNet.Base.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1031\SetupResources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120esn.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.System.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100fra.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.Shell.Interop.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiSubtmr.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Primitives.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\2052\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\log4net.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120rus.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.ForwardToLoggly.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\System.Threading.Tasks.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\MSWINSCK.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KRDPLogger.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.DependencyModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\System.ValueTuple.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.Gen4.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm100u.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.BulkInsert.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exeJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\PcapDotNet.Core.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.FileExtensions.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: C:\9f205d7d8f8ebe3c20c6094cd41758f8\SetupEngine.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcp100_x86Jump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100kor.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Serilog.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp120.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ipdaem200.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100jpn.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120enu.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Serilog.Sinks.File.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\NeoCalendarII.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\RestSharp.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\htmlml200.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.Data.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\uninst-Syslogd.exeJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe (copy)Jump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120chs.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120deu.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100cht.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\atl100.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100chs.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120ita.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiSocket.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120cht.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\MSCOMCTL.OCXJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\COMCTL32.OCXJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ssnmpag200.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\XceedZip.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ssnmptrp200.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100deu.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100ita.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp100.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100u.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KRDPLoggerforIPv6.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120fra.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp120.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100esn.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120esn.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ccrpbds6.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100fra.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100rus.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm100.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiEventlog.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiSubtmr.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\PacketX.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiControls.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120rus.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120kor.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ipinfo200.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KRDPLogger.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\certmgr200.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcr100_x86Jump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100enu.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm100u.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\KiwiGrid3.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcp100_x86Jump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120jpn.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\TimerLite.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100kor.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\IGThreed40.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp120.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\ipdaem200.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100jpn.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc120enu.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\Vsflex7L.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\NeoCalendarII.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\actskn43.ocxJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Windows\SysWOW64\htmlml200.ocxJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcp100_x86Jump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcr100_x86Jump to dropped file
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20231221_001318816-MSI_vc_red.msi.txt
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\Program Files (x86)\Syslogd\install.log
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1033\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1041\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1042\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1028\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\2052\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1040\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1036\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1031\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\3082\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeFile created: c:\9f205d7d8f8ebe3c20c6094cd41758f8\1049\eula.rtf
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile created: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\VSSetup
            Source: C:\Windows\System32\SrTasks.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Documentation
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Uninstall
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Kiwi Syslog Server Console.lnk
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Documentation\Kiwi Syslog Server Help.lnk
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Kiwi Syslog Sever Licensing.lnk
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds\Solarwinds License Manager Setup.lnk
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Uninstall\Uninstall Kiwi Syslog Server.lnk
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {f65db027-aff3-4070-886a-0d87064aabb1}
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {f65db027-aff3-4070-886a-0d87064aabb1}
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {f65db027-aff3-4070-886a-0d87064aabb1}
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {f65db027-aff3-4070-886a-0d87064aabb1}
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599874
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599762
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599651
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599540
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599428
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599268
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599140
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599028
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598916
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598804
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598692
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598567
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598439
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598311
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598200
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598089
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597977
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597866
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597754
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597626
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597498
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597385
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597273
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597159
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597029
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596919
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596807
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596696
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596587
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596478
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596365
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596239
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596112
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595985
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595872
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595764
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595656
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595549
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595423
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595297
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595188
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595076
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 594966
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeWindow / User API: threadDelayed 8266
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeWindow / User API: threadDelayed 352
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\System.Data.SQLite.EF6.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120chs.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100cht.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\System.Data.SQLite.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Castle.Windsor.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120ita.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.Json.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\3082\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\KSS\log4net.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.OLE.Interop.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\PcapDotNet.Packets.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\System.Data.SQLite.Linq.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100deu.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcomp100.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\System.Buffers.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100u.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\System.Numerics.Vectors.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\nssm.exeJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1028\SetupResources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120fra.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcamp120.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1033\SetupResources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100esn.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeDropped PE file which has not been started: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileSystemGlobbing.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\splash.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100rus.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1036\SetupResources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120kor.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.UI.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\InstallOptions.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1042\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Data.ConnectionUI.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1040\SetupResources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcr100_x86Jump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100enu.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1049\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileProviders.Physical.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\EntityFramework.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.Gen4.UI.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120jpn.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.ForwardSyslog.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.TextManager.Interop.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1041\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\KiwiSyslogLicensor.exeJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileProviders.Abstractions.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.Npcap.Net.x86.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Logging.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120deu.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Serilog.Settings.Configuration.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\System.Memory.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\atl100.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100chs.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.be\vcredist_x86.exeJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120cht.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Castle.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.Logging.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100ita.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\KSS\JetBrains.Annotations.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\PcapDotNet.Core.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.DatabaseConnectionStringBuilder.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\PcapDotNet.Base.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\1031\SetupResources.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120esn.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.System.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100fra.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.Shell.Interop.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Primitives.dllJump to dropped file
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exeDropped PE file which has not been started: C:\9f205d7d8f8ebe3c20c6094cd41758f8\2052\SetupResources.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\log4net.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120rus.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.ForwardToLoggly.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\System.Threading.Tasks.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.DependencyModel.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.Gen4.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\System.ValueTuple.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100u.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.BulkInsert.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\PcapDotNet.Core.Extensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.FileExtensions.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcp100_x86Jump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100kor.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Serilog.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcomp120.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100jpn.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc120enu.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Serilog.Sinks.File.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.Data.dllJump to dropped file
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeDropped PE file which has not been started: C:\Program Files (x86)\Syslogd\RestSharp.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exe TID: 4636Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\SrTasks.exe TID: 2872Thread sleep time: -240000s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5944Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6176Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5348Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5168Thread sleep time: -2767011611056431s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 348Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1252Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3092Thread sleep count: 123 > 30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2008Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2824Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7128Thread sleep count: 199 > 30
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -10145709240540247s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -600000s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -599874s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -599762s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -599651s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -599540s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -599428s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -599268s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -599140s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -599028s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -598916s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -598804s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -598692s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -598567s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -598439s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -598311s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -598200s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -598089s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -597977s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -597866s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -597754s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -597626s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -597498s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -597385s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -597273s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -597159s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -597029s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -596919s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -596807s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -596696s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -596587s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -596478s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -596365s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -596239s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -596112s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -595985s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -595872s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -595764s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -595656s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -595549s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -595423s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -595297s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -595188s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -595076s >= -30000s
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exe TID: 1940Thread sleep time: -594966s >= -30000s
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile Volume queried: C:\Program Files (x86) FullSizeInformation
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeFile Volume queried: C:\Program Files (x86) FullSizeInformation
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile Volume queried: C:\Windows FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599874
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599762
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599651
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599540
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599428
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599268
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599140
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 599028
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598916
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598804
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598692
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598567
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598439
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598311
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598200
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 598089
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597977
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597866
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597754
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597626
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597498
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597385
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597273
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597159
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 597029
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596919
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596807
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596696
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596587
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596478
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596365
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596239
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 596112
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595985
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595872
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595764
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595656
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595549
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595423
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595297
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595188
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 595076
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeThread delayed: delay time: 594966
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\NULL
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL
            Source: C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exeProcess information queried: ProcessInformation

            Anti Debugging

            barindex
            Tries to detect sandboxes and other dynamic analysis tools (window names)
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeOpen window title or class name: filemonc ass
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeOpen window title or class name: regmoncl ss
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeFile opened: NTICE
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeFile opened: SICE
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeProcess token adjusted: Debug
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeMemory allocated: page read and write | page guard
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeProcess created: C:\Program Files (x86)\Syslogd\Syslogd.exe "C:\Program Files (x86)\Syslogd\Syslogd.exe"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 sysdm.cpl, NoExecuteAddFileOptOutList C:\Program Files (x86)\Syslogd\Syslogd.exe
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeQueries volume information: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exe VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeQueries volume information: C:\Users\user\AppData\Local\Temp\KSS\log4net.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeQueries volume information: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Logging.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeQueries volume information: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeQueries volume information: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.UI.dll VolumeInformation
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\logo.png VolumeInformation
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.Gen4.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll VolumeInformation
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.Logging.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\log4net.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.Gen4.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.ForwardSyslog.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.BulkInsert.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.ForwardToLoggly.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Program Files (x86)\Syslogd\Newtonsoft.Json.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Program Files (x86)\Syslogd\Syslogd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Disables DEP (Data Execution Prevention) for certain images
            Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers DisableNXShowUI
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            1
            Replication Through Removable Media            		1
            Windows Management Instrumentation            		2
            Windows Service            		2
            Windows Service            		32
            Masquerading            		OS Credential Dumping12
            Security Software Discovery            		1
            Replication Through Removable Media            		Data from Local SystemExfiltration Over Other Network Medium2
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
            Data Encrypted for Impact            		Acquire InfrastructureGather Victim Identity Information
            Default Accounts1
            Scripting            		11
            Registry Run Keys / Startup Folder            		11
            Process Injection            		11
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
            Ingress Tool Transfer            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAt1
            DLL Side-Loading            		11
            Registry Run Keys / Startup Folder            		131
            Virtualization/Sandbox Evasion            		Security Account Manager131
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin Hook1
            DLL Side-Loading            		11
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureTraffic Duplication3
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Scripting            		LSA Secrets11
            Peripheral Device Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
            Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Install Root Certificate            		Cached Domain Credentials1
            Remote System Discovery            		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
            External Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Rundll32            		DCSync3
            File and Directory Discovery            		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
            Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc Filesystem13
            System Information Discovery            		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
            Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            File Deletion            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe6%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\KSS\JetBrains.Annotations.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.UI.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Logging.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exe0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\KSS\log4net.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\InstallOptions.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\splash.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\1028\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\1031\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\1033\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\1036\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\1040\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\1041\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\1042\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\1049\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\2052\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\3082\SetupResources.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\SetupEngine.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\SetupUi.dll0%ReversingLabs
            C:\9f205d7d8f8ebe3c20c6094cd41758f8\sqmapi.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe0%ReversingLabs
            C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\wixstdba.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.be\vcredist_x86.exe0%ReversingLabs
            C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcp100_x860%ReversingLabs
            C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcr100_x860%ReversingLabs
            C:\Windows\SysWOW64\atl100.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100chs.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100cht.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100deu.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100enu.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100esn.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100fra.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100ita.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100jpn.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100kor.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100rus.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc100u.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfcm100.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfcm100u.dll0%ReversingLabs
            C:\Windows\SysWOW64\vcomp100.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120chs.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120cht.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120deu.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120enu.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120esn.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120fra.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120ita.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120jpn.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120kor.dll0%ReversingLabs
            C:\Windows\SysWOW64\mfc120rus.dll0%ReversingLabs
            C:\Windows\SysWOW64\vcamp120.dll0%ReversingLabs
            C:\Windows\SysWOW64\vcomp120.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Castle.Core.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Castle.Windsor.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\EntityFramework.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\KiwiSyslogLicensor.exe0%ReversingLabs
            C:\Program Files (x86)\Syslogd\MSWINSCK.ocx0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Bcl.AsyncInterfaces.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Data.ConnectionUI.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.Abstractions.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.FileExtensions.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.Json.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.DependencyModel.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileProviders.Abstractions.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileProviders.Physical.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileSystemGlobbing.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Logging.Abstractions.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Primitives.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.Data.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.OLE.Interop.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.Shell.Interop.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.TextManager.Interop.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\Newtonsoft.Json.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\PcapDotNet.Base.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\PcapDotNet.Core.Extensions.dll0%ReversingLabs
            C:\Program Files (x86)\Syslogd\PcapDotNet.Core.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            downloads.solarwinds.com
            		23.221.212.44
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xmlfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                23.221.212.44
                		downloads.solarwinds.comUnited States
                		35994AKAMAI-ASUSfalse

                General Information

                Joe Sandbox version:38.0.0 Ammolite
                Analysis ID:1365321
                Start date and time:2023-12-21 00:12:24 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:36
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Sample name:Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                Detection:MAL
                Classification:mal60.rans.troj.evad.winEXE@43/304@1/2
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                • Report size getting too big, too many NtEnumerateValueKey calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.
                • Report size getting too big, too many NtSetValueKey calls found.
                • VT rate limit hit for: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe

                Created / dropped Files

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\$shtdwn$.req

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:data
                Category:dropped
                Size (bytes):788
                Entropy (8bit):0.09823380614560741
                Encrypted:false
                SSDEEP:
                MD5:DF7119A5D3CAEDA80BF0FB6F8E53DE8F
                SHA1:76458E1D2E0FA4519FACB71A5F23F8799713BE2B
                SHA-256:3C418A401CBE09F64EDE6E598C5CA36717830446147C8EF6327168EDC7B1CB0C
                SHA-512:85142D1942111783303FA060348BC76B1DD361336DCCC9DC9CDD3432EC6CF215756CBA66A367E560C9D5719BA4F585434319A66D9A97D9A09F5AC4A752B00B6C
                Malicious:false
                Reputation:low
                Preview:Sdwn................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1028\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (388), with CRLF line terminators
                Category:dropped
                Size (bytes):30672
                Entropy (8bit):4.2936704552740705
                Encrypted:false
                SSDEEP:
                MD5:7FC06A77D9AAFCA9FB19FAFA0F919100
                SHA1:E565740E7D582CD73F8D3B12DE2F4579FF18BB41
                SHA-256:A27F809211EA1A2D5224CD01101AA3A59BF7853168E45DE28A16EF7ED6ACD46A
                SHA-512:466DCC6A5FB015BE1619F5725FA62CA46EB0FB428E11F93FD9D82E5DF61C3950B3FB62D4DB7746CC4A2BE199E5E69EAA30B6F3354E0017CFA14D127FAD52F8CF
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P.[..z._.... .x.6.4. .s^.S..!q.l.[.(W...Ps^.S.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P.[..z._.... .I.A.6.4. .s^.S..!q.l.[.(W...Ps^.S.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P\Omi.|q}.N/e.c .M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. ..SI.ce|vWY.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1028\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):14168
                Entropy (8bit):5.9724110685335825
                Encrypted:false
                SSDEEP:
                MD5:7C136B92983CEC25F85336056E45F3E8
                SHA1:0BB527E7004601E920E2AAC467518126E5352618
                SHA-256:F2E8CA58FA8D8E694D04E14404DEC4E8EA5F231D3F2E5C2F915BD7914849EB2B
                SHA-512:06DA50DDB2C5F83E6E4B4313CBDAE14EED227EEC85F94024A185C2D7F535B6A68E79337557727B2B40A39739C66D526968AAEDBCFEF04DAB09DC0426CFBEFBF4
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................@......E.....@.......................................... ..X............ ..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1028\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                Category:dropped
                Size (bytes):188446
                Entropy (8bit):4.98936861773382
                Encrypted:false
                SSDEEP:
                MD5:129D8E8824B0D545ADC29E571A6E2C02
                SHA1:5A1DDFCD2AE21D96C818D315CB5E263F525A39CD
                SHA-256:83B8268E2874699227F9B1AD3F72A06CBF474EFA3983F5C5EE9BFE415DB98476
                SHA-512:1048F646D5866DC8736DB0A023A65A7E208A5F56774FA8EC5D59E4272A54A9A6E94B01B84293A7EC9F889BAD7865522E783AF30BF61BB9249687DCEAC62066D8
                Malicious:false
                Reputation:low
                Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch14\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???????????????????????????\'a1\'ec???};}{\f14\fbidi \froman\fcharset136\fprq2{\*\panose 02020500000000000000}PMingLiU{\*\falt \'b7\'73\'b2\'d3\'a9\'fa\'c5\'e9};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\fa

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1031\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (615), with CRLF line terminators
                Category:dropped
                Size (bytes):41622
                Entropy (8bit):3.577523249714746
                Encrypted:false
                SSDEEP:
                MD5:B83C3803712E61811C438F6E98790369
                SHA1:61A0BC59388786CED045ACD82621BEE8578CAE5A
                SHA-256:2AA6E8D402E44D9EE895B18195F46BF90259DE1B6F44EFD46A7075B110F2DCD6
                SHA-512:E020F93E3A082476087E690AD051F1FEB210E0915924BB4548CC9F53A7EE2760211890EB6036CE9E5E4A311ABC0300E89E25EFBBB894C2A621FFBC9D64CC8A38
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".D.i.e.s.e.s. .S.e.t.u.p.p.r.o.g.r.a.m.m. .e.r.f.o.r.d.e.r.t. .e.i.n.e. .x.6.4.-.P.l.a.t.t.f.o.r.m... .E.s. .k.a.n.n. .n.i.c.h.t. .a.u.f. .d.e.r. .P.l.a.t.t.f.o.r.m. .i.n.s.t.a.l.l.i.e.r.t. .w.e.r.d.e.n..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".D.i.e.s.e.s. .S.e.t.u.p.p.r.o.g.r.a.m.m. .e.r.f.o.r.d.e.r.t. .e.i.n.e. .I.A.6.4.-.P.l.a.t.t.f.o.r.m... .E.s. .k.a.n.n. .n.i.c.h.t. .a.u.f. .d.e.r. .P.l.a.t.t.f.o.r.m. .i.n.s.t.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1031\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):18776
                Entropy (8bit):5.135663555520085
                Encrypted:false
                SSDEEP:
                MD5:7C9AE49B3A400C728A55DD1CACC8FFB2
                SHA1:DD3A370F541010AD650F4F6AA42E0CFC68A00E66
                SHA-256:402C796FEBCD78ACE8F1C5975E39193CFF77F891CFF4D32F463F9A9C83806D4A
                SHA-512:D30FE9F78A49C533BE5C00D88B8C2E66A8DFAC6D1EAE94A230CD937F0893F6D4A0EECE59C1D2C3C8126FFA9A9648EC55A94E248CD8C7F9677F45C231F84F221B
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................P.......D....@.......................................... ..`+...........2..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1031\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                Category:dropped
                Size (bytes):163866
                Entropy (8bit):5.029712171633306
                Encrypted:false
                SSDEEP:
                MD5:117DABB5A055B09B6DB6BCBA8F911073
                SHA1:E8F5D907939400824CC5DADB681852C35CA7BB79
                SHA-256:DAEA9CD8151A2C24A87C3254DEC1DE0463234E44922C8E0AA4E01AB58EC89664
                SHA-512:E995D03998BE9F07F9E9B8566E429D3795ADBDEEEFB2048D6B8877CE15A0ABFCE4FAAEE8DC773250495C15CC35FD0040D81593B51067533836D5F3CF8612D3C4
                Malicious:false
                Reputation:low
                Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???????????????????????????\'a1\'ec???};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}{\f38\fbidi \fswiss\fcharset0\fpr

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1033\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (565), with CRLF line terminators
                Category:dropped
                Size (bytes):39246
                Entropy (8bit):3.5443876937052083
                Encrypted:false
                SSDEEP:
                MD5:D642E322D1E8B739510CA540F8E779F9
                SHA1:36279C76D9F34C09EBDDC84FD33FCC7D4B9A896C
                SHA-256:5D90345FF74E177F6DA8FB6459C1CFCAC080E698215CA75FEB130D0D1F2A76B9
                SHA-512:E1E16AE14BC7CC1608E1A08D3C92B6D0518B5FABD27F2C0EB514C87AFC3D6192BF7A793A583AFC65F1899F03DC419263B29174456E1EC9AB0F0110E0258E0F0D
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .x.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .I.A.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1033\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):17240
                Entropy (8bit):5.151474565875158
                Encrypted:false
                SSDEEP:
                MD5:9547D24AC04B4D0D1DBF84F74F54FAF7
                SHA1:71AF6001C931C3DE7C98DDC337D89AB133FE48BB
                SHA-256:36D0159ED1A7D88000737E920375868765C0A1DD6F5A5ACBB79CF7D97D9E7A34
                SHA-512:8B6048F4185A711567679E2DE4789407077CE5BFE72102D3CB1F23051B8D3E6BFD5886C801D85B4E62F467DD12DA1C79026A4BC20B17F54C693B2F24E499D40F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........(...............................................P......<f....@.......................................... ...%...........,..X............................................................................................text...G...........................@..@.rsrc....%... ...&..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1033\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                Category:dropped
                Size (bytes):7080
                Entropy (8bit):4.934776172726828
                Encrypted:false
                SSDEEP:
                MD5:19D028345AADCC05697EEC6D8C5B5874
                SHA1:70BD3D4D51373FB82F0257F28D5F3609BFC82520
                SHA-256:F4FF4EACE31B75176A0806E1693041D546D2599AEC0C77D295BAD09CAC7D9FE7
                SHA-512:9B3DFFEC7C1595197AF69E59094588541558BEF56982475DDDD2C9E3D75FC8B970B384452713632AE20435EC0CAEC6CC4CD8CEC9CD4B4809335FDC9F2CC7B842
                Malicious:false
                Reputation:low
                Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset0 Times New Roman;}{\f2\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT SOFTWARE LICENSE TERMS\f1\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f0 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES\f1\par..\pard\nowidctlpar\sb120\sa120\b0\f0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft\f1\par..\pard\nowidctlpar\fi-360\li360\sb120\sa120\tx360\f2\'b7\tab\f0 updates,\f1\par..\f2\'b7\tab\f0 supplements,\f1\par..\f2\'b7\tab\f0 Internet-based services, and \f1\par..\f2\'b7\tab\f0 support services\f1\par.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1036\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (619), with CRLF line terminators
                Category:dropped
                Size (bytes):41492
                Entropy (8bit):3.5522209001567364
                Encrypted:false
                SSDEEP:
                MD5:E382ABC19294F779D2833287242E7BC6
                SHA1:1CEAE32D6B24A3832F9244F5791382865B668A72
                SHA-256:43F913FF28D677316F560A0F45221F35F27CFAF5FC5BD645974A82DCA589EDBF
                SHA-512:06054C8048CADE36A3AF54F9A07FD8FA5EB4F3228790996D2ABEA7EE1EE7EB563D46BD54FF97441F9610E778194082C44E66C5F566C9C50A042ABA9EB9CAE25E
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".C.e. .p.r.o.g.r.a.m.m.e. .d.'.i.n.s.t.a.l.l.a.t.i.o.n. .r.e.q.u.i.e.r.t. .u.n.e. .p.l.a.t.e.f.o.r.m.e. .x.6.4... .I.l. .n.e. .p.e.u.t. .p.a.s. ...t.r.e. .i.n.s.t.a.l.l... .s.u.r. .c.e.t.t.e. .p.l.a.t.e.f.o.r.m.e..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".C.e. .p.r.o.g.r.a.m.m.e. .d.'.i.n.s.t.a.l.l.a.t.i.o.n. .r.e.q.u.i.e.r.t. .u.n.e. .p.l.a.t.e.f.o.r.m.e. .I.A.6.4... .I.l. .n.e. .p.e.u.t. .p.a.s. ...t.r.e. .i.n.s.t.a.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1036\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):18776
                Entropy (8bit):5.112489568342605
                Encrypted:false
                SSDEEP:
                MD5:93F57216FE49E7E2A75844EDFCCC2E09
                SHA1:DCCD52787F147E9581D303A444C8EE134AFC61A8
                SHA-256:2506827219B461B7C6C862DAE29C8BFF8CB7F4A6C28D2FF60724CAC70903987D
                SHA-512:EADFFB534C5447C24B50C7DEFA5902F9EB2DCC4CF9AF8F43FA889B3367EA25DFA6EA87FF89C59F1B7BBF7106888F05C7134718021B44337AE5B7D1F808303BB1
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................P......B|....@.......................................... ...+...........2..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1036\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                Category:dropped
                Size (bytes):162915
                Entropy (8bit):5.023428742885146
                Encrypted:false
                SSDEEP:
                MD5:BBBBB0BDA00FDA985BB39FEE5FD04FF8
                SHA1:3053CF30FAD92F133AD3EA7EEFB8C729D323EA00
                SHA-256:3CB591E6801E91FE58E79449F7C99B88C3BA0ACE5D922B4AA0C8F2CDD81854BD
                SHA-512:32CC1B0F033B13D7614F8BD80DE4D3F9D4668632010BCB563E90773FB2F4971D19206C46B0C2B0E55308CA14F4DEAF5EB415DAE5F2C0C4331B5DF0AE44B2F61E
                Malicious:false
                Reputation:low
                Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????????\'a1\'a7??};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi \fswiss\f

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1040\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (601), with CRLF line terminators
                Category:dropped
                Size (bytes):40338
                Entropy (8bit):3.5295538496820984
                Encrypted:false
                SSDEEP:
                MD5:0AF948FE4142E34092F9DD47A4B8C275
                SHA1:B3D6DD5C126280398D9055F90E2C2C26DBAE4EAA
                SHA-256:C4C7C0DDAA6D6A3A1DC260E9C5A24BDFAA98C427C69E8A65427DD7CAC0A4B248
                SHA-512:D97B5FE2553CA78A3019D53E33D2DB80C9FA1CF1D8D2501D9DDF0576C7E6EA38DAB754FE4712123ABF34B97E10B18FB4BBD1C76D3DACB87B4682E501F93423D9
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .r.i.c.h.i.e.d.e. .u.n.a. .p.i.a.t.t.a.f.o.r.m.a. .x.6.4... .I.m.p.o.s.s.i.b.i.l.e. .e.s.e.g.u.i.r.e. .l.'.i.n.s.t.a.l.l.a.z.i.o.n.e. .s.u. .q.u.e.s.t.a. .p.i.a.t.t.a.f.o.r.m.a..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .r.i.c.h.i.e.d.e. .u.n.a. .p.i.a.t.t.a.f.o.r.m.a. .I.A.6.4... .I.m.p.o.s.s.i.b.i.l.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1040\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):18264
                Entropy (8bit):5.142702232041524
                Encrypted:false
                SSDEEP:
                MD5:E4860FC5D4C114D5C0781714F3BF041A
                SHA1:864CE88E8AB1DB9AFF6935F9231521B6B72D5974
                SHA-256:6B2D479D2D2B238EC1BA9D14F9A68DC552BC05DCBCC9007C7BB8BE66DEFC643B
                SHA-512:39B0A97C4E83D5CCA1CCCCE494831ADBC18DF1530C02E6A2C13DAE66150F66A7C987A26CECB5587EA71DD530C8BE1E46922FE8C65AE94145D90B0A057C06548D
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........,...............................................P......^.....@.......................................... ...)...........0..X............................................................................................text...G...........................@..@.rsrc....0... ...*..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1040\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                Category:dropped
                Size (bytes):189369
                Entropy (8bit):4.993456059906976
                Encrypted:false
                SSDEEP:
                MD5:F1602100F6C135AB5D8026E9248BAF02
                SHA1:DEBE92E8761F5320352DCFFE844FB25A10E9EA14
                SHA-256:284A8BBA438DA22A1B4F497B0B4ED1D9886184859527B87FF7350C83F198AB2D
                SHA-512:2A0FBEF3114B54EDB400D913D317A5097801834BEE0FB536B0FF645DD1CA40A1451945AD563119A5BA80F26B51CDA8B23E93BE71D7C82723AFEDE3CBF1DA00C6
                Malicious:false
                Reputation:low
                Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ?????????????????????????????\'a1\'ec?};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi \fsw

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1041\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (440), with CRLF line terminators
                Category:dropped
                Size (bytes):34318
                Entropy (8bit):4.3825885013202255
                Encrypted:false
                SSDEEP:
                MD5:7FCFBC308B0C42DCBD8365BA62BADA05
                SHA1:18A0F0E89B36818C94DE0AD795CC593D0E3E29A9
                SHA-256:01E7D24DD8E00B5C333E96D1BB83813E02E96F89AAD0C2F28F84551D28ABBBE2
                SHA-512:CD6F912A037E86D9E1982C73F0F8B3C4D5A9A6B5B108A7B89A46E6691E430A7CB55718DE9A0C05650BB194C8D4A2E309AD6221D638CFCA8E16AA5920881BA649
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .x.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .I.A.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1041\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):15704
                Entropy (8bit):5.929554826924656
                Encrypted:false
                SSDEEP:
                MD5:278FD7595B580A016705D00BE363612F
                SHA1:89A299A9ABECB624C3606267371B7C07B74B3B26
                SHA-256:B3ECD3AEA74D0D97539C4971C69F87C4B5FE478FC42A4A31F7E1593D1EBA073F
                SHA-512:838D23D35D8D042A208E8FA88487CD1C72DA48F336157D03B9549DD55C75DA60A83F6DD2B3107EB3E5A24F3FAD70AE1629ACC563371711117C3C3E299B59D838
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!........."...............................................@............@.......................................... ..h............&..X............................................................................................text...G...........................@..@.rsrc.... ... ... ..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1041\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                Category:dropped
                Size (bytes):181054
                Entropy (8bit):4.962328655200384
                Encrypted:false
                SSDEEP:
                MD5:89D66A0B94450729015D021BC8F859E9
                SHA1:C9AD4C7DCDAFEAD282DAA1C214E7A0EAB567FFD5
                SHA-256:6A1884515CC4378D732F681934658252A4B45D76CE7F53CF8650BE794CC8D390
                SHA-512:336A5B1CBF2F52DF5B151A564C8452826D253F9FC565C865D7BA37B91229996D9AE59603350BD5CD99352ED63D265D8578095560CB7DE67DA7E1AA2135FBF0FB
                Malicious:false
                Reputation:low
                Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch13\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????????????\'a8\'ac};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}{\f38\fbidi \fswiss\fcharset0\f

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1042\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (439), with CRLF line terminators
                Category:dropped
                Size (bytes):32962
                Entropy (8bit):4.366055142656104
                Encrypted:false
                SSDEEP:
                MD5:71DFD70AE141F1D5C1366CB661B354B2
                SHA1:C4B22590E6F6DD5D39E5158B831AE217CE17A776
                SHA-256:CCCDA55294AEB4AF166A8C0449BCA2189DDF5AA9A43D5E939DD3803E61738331
                SHA-512:5000D62F3DE41C3FB0ED8A8E9C37DBF4EB427C4F1E3AD3823D4716C6FE62250BAC11B7987A302B8A45D91AABCF332457F7AFF7D99F15EDEFFE540639E9440E8A
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. .$.X. ...\.....D. .....X.$.t. .x.6.4. ......t. .D..i..... .t. ......... .$.X.`. ... ........"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. .$.X. ...\.....D. .....X.$.t. .I.A.6.4. ......t. .D..i..... .t. ......... .$.X.`. ... ........"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. ..... ........... .M.i.c.r.o.s.o.f.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1042\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):15192
                Entropy (8bit):5.9622226182057325
                Encrypted:false
                SSDEEP:
                MD5:FCFD69EC15A6897A940B0435439BF5FC
                SHA1:6DE41CABDB45294819FC003560F9A2D1E3DB9A7B
                SHA-256:90F377815E3C81FC9AE5F5B277257B82811417CA3FFEACD73BAB530061B3BE45
                SHA-512:4DC3580B372CEE1F4C01569BAEA8CD0A92BC613648DB22FF1855920E47387A151964B295A1126597B44BB0C596E8757B1FCF47CDA010F9BBB15A88F97F41B8BF
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!......... ...............................................@......v.....@.......................................... ...............$..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1042\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                Category:dropped
                Size (bytes):351492
                Entropy (8bit):4.844773730829239
                Encrypted:false
                SSDEEP:
                MD5:8203E9FC25A5720AFB8C43E8BE10C3B0
                SHA1:FC7D9B452B6D5475FD1EF61B78E8BC6E32F08974
                SHA-256:0EBD62213F41DFFA0BCD939BDC6ABC25096E95112C217FDF27CE661A19AD0866
                SHA-512:F95DCB9C25436AE322C240A0D0ABD9F4904A5AF313CAC5CB8C90C1A5460DAD8E983347AD7540C672046E4210945B053B75313BB6D10B44B2A0BF0024B400E81E
                Malicious:false
                Reputation:low
                Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch12\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe1042\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f12\fbidi \froman\fcharset129\fprq2{\*\panose 02030600000101010101}Batang{\*\falt \'b9\'d9\'c5\'c1};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????????????\'a1\'a7};}{\f20\fbidi \froman\fcharset129\f

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1049\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (634), with CRLF line terminators
                Category:dropped
                Size (bytes):40428
                Entropy (8bit):4.232828720335164
                Encrypted:false
                SSDEEP:
                MD5:0EEB554D0B9F9FCDB22401E2532E9CD0
                SHA1:08799520B72A1EF92AC5B94A33509D1EDDF6CAF8
                SHA-256:BEEF0631C17A4FB1FF0B625C50C6CB6C8CE90A1AE62C5E60E14BF3D915AD509C
                SHA-512:2180E46A5A2EA1F59C879B729806CA02A232C66660F29C338C1FA7FBEE2AFA4B13D8777D1F7B63CF831EB42F3E55282D70AA8E53F40616B8A6E4D695C36E313D
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."...;.O. .M.B.>.9. .?.@.>.3.@.0.<.<.K. .C.A.B.0.=.>.2.:.8. .B.@.5.1.C.5.B.A.O. .?.;.0.B.D.>.@.<.0. .x.6.4... ...5. .=.5.;.L.7.O. .C.A.B.0.=.>.2.8.B.L. .=.0. .4.0.=.=.C.N. .?.;.0.B.D.>.@.<.C..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."...;.O. .M.B.>.9. .?.@.>.3.@.0.<.<.K. .C.A.B.0.=.>.2.:.8. .B.@.5.1.C.5.B.A.O. .?.;.0.B.D.>.@.<.0. .I.A.6.4... ...5. .=.5.;.L.7.O. .C.A.B.0.=.>.2.8.B.L. .=.0. .4.0.=.=.C.N. .?.;.0.B.D.>.@.<.C.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1049\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):18264
                Entropy (8bit):5.548909804205606
                Encrypted:false
                SSDEEP:
                MD5:7EF74AF6AB5760950A1D233C582099F1
                SHA1:BF79FF66346907446F4F95E1E785A03CA108EB5D
                SHA-256:658398F1B68D49ABD37FC3B438CD564992D4100ED2A0271CBF83173F33400928
                SHA-512:BBBB099AD24F41785706033962ACFC75039F583BEED40A7CDC8EDA366AB2C77F75A5B2792CF6AACB80B39B6B1BB84ECE372BE926FF3F51028FB404D2F6334D78
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........,...............................................P......O.....@.......................................... ...*...........0..X............................................................................................text...G...........................@..@.rsrc....0... ...*..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\1049\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                Category:dropped
                Size (bytes):213363
                Entropy (8bit):4.934134633374225
                Encrypted:false
                SSDEEP:
                MD5:5B95EFBC01DC97EE9A6C6F64A49AA62D
                SHA1:A99C984A0D5E316FE60D588A3519F2D5C805C1DE
                SHA-256:0CFACFF2B63121AD1D71376E4A3799B93B7E6D278209FE4806CCA0F74830CFC1
                SHA-512:A0B19864E68945A74BCE24C8D5EB0050ABB66C6FF6A53D0482FFA70E93EEE2957608BB9BDE535718D56CD5D7509B4DD7A1786C99BC2120344293234B7A6C2A3B
                Malicious:false
                Reputation:low
                Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???????????????????????????????};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}{\f38\fbidi \fswiss\fcharset0\fprq2{\*\p

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\2052\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (390), with CRLF line terminators
                Category:dropped
                Size (bytes):31138
                Entropy (8bit):4.240036868712424
                Encrypted:false
                SSDEEP:
                MD5:52B1DC12CE4153AA759FB3BBE04D01FC
                SHA1:BF21F8591C473D1FCE68A9FAF1E5942F486F6EBA
                SHA-256:D1735C8CFD8E10BA019D70818C19FA865E7C72F30AB6421A3748408F85FB96C3
                SHA-512:418903AE9A7BAEBF73D055E4774FF1917FBAAB9EE7ED8C120C34BB10E7303F6DD7B7DAE701596D4626387A30AE1B4D329A9AF49B8718B360E2FF619C56C19623
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.[..z.^..Bl.O(u .x.6.4. .s^.S.0.N..(Wdks^.S.N.[.dk.z.^.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.[..z.^..Bl.O(u .I.A.6.4. .s^.S.0.N..(Wdks^.S.N.[.dk.z.^.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.d\O.|.~.N/e.c .M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e..0"./.>..... . . . . . .<.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\2052\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):14168
                Entropy (8bit):6.010838262457833
                Encrypted:false
                SSDEEP:
                MD5:407CDB7E1C2C862B486CDE45F863AE6E
                SHA1:308AEEBEB1E1663ACA26CE880191F936D0E4E683
                SHA-256:9DD9D76B4EF71188B09F3D074CD98B2DE6EA741530E4EA19D539AE3F870E8326
                SHA-512:7B4F43FC24EB30C234F2713C493B3C13928C591C77A3017E8DD806A41CCFEDD53B0F748B5072052F8F9AC43236E8320B19D708903E3F06C59C6ED3C12722494E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................@.......y....@.......................................... ............... ..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\2052\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                Category:dropped
                Size (bytes):225202
                Entropy (8bit):4.985888615397263
                Encrypted:false
                SSDEEP:
                MD5:6E5BDDF58163B11C79577B35A87A4424
                SHA1:8AAA1008360F7B255A6A88AD02D3A00DEB8B0AE6
                SHA-256:D4A26E3756437CA8BA132AE3A73AA7A829478A847D6B9AB69A8090515CE9A60A
                SHA-512:21DD9D754C0A3A383F20259E87AA4769D6ECB36753039DCE8B644E16E0ABC3C94B4B850648E0369474C914655140E7F3CC3E808ED27E70892A863F61F8588C6E
                Malicious:false
                Reputation:low
                Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch31505\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????????\'a1\'a7????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\3082\LouserzedData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (616), with CRLF line terminators
                Category:dropped
                Size (bytes):40912
                Entropy (8bit):3.5296334743141515
                Encrypted:false
                SSDEEP:
                MD5:5397A12D466D55D566B4209E0E4F92D3
                SHA1:FCFFD8961FB487995543FC173521FDF5DF6E243B
                SHA-256:F124D318138FF084B6484DEB354CCA0F72296E1341BF01169792B3E060C89E89
                SHA-512:7708F5A2AD3E4C90C4C216600435AF87A1557F60CAF880A3DD9B5F482E17399AF9F0B9DE03FF1DBDD210583E0FEC5B466E35794AC24D6D37F9BBC094E52FC77B
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".E.s.t.e. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .r.e.q.u.i.e.r.e. .u.n.a. .p.l.a.t.a.f.o.r.m.a. .x.6.4... .N.o. .s.e. .p.u.e.d.e. .i.n.s.t.a.l.a.r. .e.n. .e.s.t.a. .p.l.a.t.a.f.o.r.m.a..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".E.s.t.e. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .r.e.q.u.i.e.r.e. .u.n.a. .p.l.a.t.a.f.o.r.m.a. .I.A.6.4... .N.o. .s.e. .p.u.e.d.e. .i.n.s.t.a.l.a.r. .e.n. .e.s.t.a. .p.l.a.t.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\3082\SetupResources.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):18776
                Entropy (8bit):5.182140892959793
                Encrypted:false
                SSDEEP:
                MD5:B057315A8C04DF29B7E4FD2B257B75F4
                SHA1:D674D066DF8D1041599FCBDB3BA113600C67AE93
                SHA-256:51B174AE7EE02D8E84C152D812E35F140A61814F3AECD64E0514C3950060E9FE
                SHA-512:F1CD510182DE7BBF8D45068D1B3F72DE58C7B419EFC9768765DF6C180AB3E2D94F3C058143095A66C05BCB70B589D1A5061E5FEE566282E5DB49FFBDEA3C672F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................P............@.......................................... .. *...........2..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\3082\eula.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                Category:dropped
                Size (bytes):152458
                Entropy (8bit):5.013297113523102
                Encrypted:false
                SSDEEP:
                MD5:A920D4F55EAE5FEBAB1082AB2BCC2439
                SHA1:CBD631427871B620E9C95417788BFCDD1CD0A2A5
                SHA-256:2FFF2122C4D176E074365775227D4208AF48F2F921BE7623EDC315CD345ACF0B
                SHA-512:28135FBD9D940F0DEEC7A059AB2998B034575CC5D6DD31B1BE501B60689860478B0A0AB5183C69B2ACBBB9C1A074BBAA215960B3FACC6A9A3B0170E27E7B2B47
                Malicious:false
                Reputation:low
                Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????????\'a8\'ac??};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt usersto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi \fsw

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\DisplayIcon.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                Category:dropped
                Size (bytes):88533
                Entropy (8bit):7.210526848639953
                Encrypted:false
                SSDEEP:
                MD5:F9657D290048E169FFABBBB9C7412BE0
                SHA1:E45531D559C38825FBDE6F25A82A638184130754
                SHA-256:B74AD253B9B8F9FCADE725336509143828EE739CC2B24782BE3ECFF26F229160
                SHA-512:8B93E898148EB8A751BC5E4135EFB36E3AC65AF34EAAC4EA401F1236A2973F003F84B5CFD1BBEE5E43208491AA1B63C428B64E52F7591D79329B474361547268
                Malicious:false
                Reputation:low
                Preview:..............(...............h...............h...f... .............. .............. ..........^...00......h....#..00..........n)..00...........8........ .h....T.. .... .....&Y..00.... ..%...i........ ._...v...(....... ....................................................................................................w......x......................x..ww...........h...............................w.....w.x..........x................xwvwg.................................................................(....... ...................................jO:.mS?.qWD.v\I.|cP..kX..q_..sa..yg..{j...p..nh..pj..uo..|u..xq..|r..|u..rx..zy..|w.}.y...q...d...y...{......S...]..d..i..r..|...j..j...y...e...k...l..q...y...~...v...y..s..s..m...m...l...n...k...t...l.............................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Print.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                Category:dropped
                Size (bytes):1150
                Entropy (8bit):4.923507556620034
                Encrypted:false
                SSDEEP:
                MD5:7E55DDC6D611176E697D01C90A1212CF
                SHA1:E2620DA05B8E4E2360DA579A7BE32C1B225DEB1B
                SHA-256:FF542E32330B123486797B410621E19EAFB39DF3997E14701AFA4C22096520ED
                SHA-512:283D381AA396820B7E15768B20099D67688DA1F6315EC9F7938C2FCC3167777502CDED0D1BEDDF015A34CC4E5D045BCB665FFD28BA2FBB6FAF50FDD38B31D16E
                Malicious:false
                Reputation:low
                Preview:............ .h.......(....... ..... .....@.........................................................................................t?.fR.|bN.y_K.v\H.rXD.oUA.kQ=.hN:.eK7.cI5.cI5.cI5i.........th<..z............................................cI5.cI5...................................................qXE.cI5.cI5.......~.............................................}eS.kR>.cI5......................................................q`.w^L.cI5..............................z..~n..sb..jX.{bP.t[H..~m..kY.nT@.......................................................{..wf.zaM.......vO.......................q..r`.}cQ.w]J..lZ.......t.x^J...........}Z..................................z`M........{aM...............0..............................jY.{aO...........................................................x^K.x^Kk.....................................................n\.y_L...........................r...............................y_L.x^K&.........................s.............

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Rotate1.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                Category:dropped
                Size (bytes):894
                Entropy (8bit):2.5118974066097444
                Encrypted:false
                SSDEEP:
                MD5:26A00597735C5F504CF8B3E7E9A7A4C1
                SHA1:D913CB26128D5CA1E1AC3DAB782DE363C9B89934
                SHA-256:37026C4EA2182D7908B3CF0CEF8A6F72BDDCA5F1CFBC702F35B569AD689CF0AF
                SHA-512:08CEFC5A2B625F261668F70CC9E1536DC4878D332792C751884526E49E7FEE1ECFA6FCCFDDF7BE80910393421CC088C0FD0B0C27C7A7EFF2AE03719E06022FDF
                Malicious:false
                Reputation:low
                Preview:..............h.......(....... .......................................................................................................................................................................................t.r........................................p.nn.l|.z..........................................g.e.......................................................................................P.N..........................................P.OG.FP.O..........................................?.>...................................................................................................+.*..........................................3.2%.$+.*..........................................!. ............{.{.............................................................................................~.~..................................G.......................................G..........

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Rotate2.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                Category:dropped
                Size (bytes):894
                Entropy (8bit):2.5178766234336925
                Encrypted:false
                SSDEEP:
                MD5:8419CAA81F2377E09B7F2F6218E505AE
                SHA1:2CF5AD8C8DA4F1A38AAB433673F4DDDC7AE380E9
                SHA-256:DB89D8A45C369303C04988322B2774D2C7888DA5250B4DAB2846DEEF58A7DE22
                SHA-512:74E504D2C3A8E82925110B7CFB45FDE8A4E6DF53A188E47CF22D664CBB805EBA749D2DB23456FC43A86E57C810BC3D9166E7C72468FBD736DA6A776F8CA015D1
                Malicious:false
                Reputation:low
                Preview:..............h.......(....... ...............................................................................................................................................................................................................................................................................................................................................................................r.p..........................................q.oj.hq.o..........................................b.`...................................................................................................J.I..................|.|...y.y...............Q.PC.BF.E..........................................>.=.........".!..........................................2.1".!'.&..........................................".!.....................................G.......................................G..........

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Rotate3.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                Category:dropped
                Size (bytes):894
                Entropy (8bit):2.5189797450574103
                Encrypted:false
                SSDEEP:
                MD5:924FD539523541D42DAD43290E6C0DB5
                SHA1:19A161531A2C9DBC443B0F41B97CBDE7375B8983
                SHA-256:02A7FE932029C6FA24D1C7CC06D08A27E84F43A0CBC47B7C43CAC59424B3D1F6
                SHA-512:86A4C5D981370EFA20183CC4A52C221467692E91539AC38C8DEF1CC200140F6F3D9412B6E62FAF08CA6668DF401D8B842C61B1F3C2A4C4570F3B2CEC79C9EE8B
                Malicious:false
                Reputation:low
                Preview:..............h.......(....... .................................................................................................................................................................................................................................................................................................................................................................................................................z.z...{.{...........................................................................................................................................................s.q..........................................y.wl.jl.j...............3.2#."*.)..................f.d.........E.D.........(.'..............................U.TE.DF.E..........................................E.D.....................................G.......................................G..........

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Rotate4.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                Category:dropped
                Size (bytes):894
                Entropy (8bit):2.5119705312617957
                Encrypted:false
                SSDEEP:
                MD5:BB55B5086A9DA3097FB216C065D15709
                SHA1:1206C708BD08231961F17DA3D604A8956ADDCCFE
                SHA-256:8D82FF7970C9A67DA8134686560FE3A6C986A160CED9D1CC1392F2BA75C698AB
                SHA-512:DE9226064680DA6696976A4A320E08C41F73D127FBB81BF142048996DF6206DDB1C2FE347C483CC8E0E50A00DAB33DB9261D03F1CD7CA757F5CA7BB84865FCA9
                Malicious:false
                Reputation:low
                Preview:..............h.......(....... .............................................................................................................................................................................................................y.y...|.|.............................................................................................................................................................................................................................................,.+".!,.+.........................................(.'......................................................................................=.<..........................................S.RC.BG.F.............................j.h.........H.G..............................y.wj.hi.g..........................................j.h.....................................G.......................................G..........

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Rotate5.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                Category:dropped
                Size (bytes):894
                Entropy (8bit):2.5083713071878764
                Encrypted:false
                SSDEEP:
                MD5:3B4861F93B465D724C60670B64FCCFCF
                SHA1:C672D63C62E00E24FBB40DA96A0CC45B7C5EF7F0
                SHA-256:7237051D9AF5DB972A1FECF0B35CD8E9021471740782B0DBF60D3801DC9F5F75
                SHA-512:2E798B0C9E80F639571525F39C2F50838D5244EEDA29B18A1FAE6C15D939D5C8CD29F6785D234B54BDA843A645D1A95C7339707991A81946B51F7E8D5ED40D2C
                Malicious:false
                Reputation:low
                Preview:..............h.......(....... .................................................................................................{.{...~.~.......................................................................................}.}.........................................................).(#."2.1..........................................).(...................................................................................................=.<..........................................N.ME.DN.M..........................................M.L.......................................................................................e.c..........................................z.xl.jm.k........................................r.p........................................................................................................................G.......................................G..........

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Rotate6.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                Category:dropped
                Size (bytes):894
                Entropy (8bit):2.5043420982993396
                Encrypted:false
                SSDEEP:
                MD5:70006BF18A39D258012875AEFB92A3D1
                SHA1:B47788F3F8C5C305982EB1D0E91C675EE02C7BEB
                SHA-256:19ABCEDF93D790E19FB3379CB3B46371D3CBFF48FE7E63F4FDCC2AC23A9943E4
                SHA-512:97FDBDD6EFADBFB08161D8546299952470228A042BD2090CD49896BC31CCB7C73DAB8F9DE50CDAF6459F7F5C14206AF7B90016DEEB1220943D61C7324541FE2C
                Malicious:false
                Reputation:low
                Preview:..............h.......(....... .................................................................................................... ............................................$.$ ..0./...........................{.{............ ...........<.;..........................................C.BA.@O.N...............{.{...~.~..................G.F..................................................................................................._.]..........................................n.lg.en.l..........................................p.n...............................................................................................................................................................................................................................................................................................................G.......................................G..........

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Rotate7.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                Category:dropped
                Size (bytes):894
                Entropy (8bit):2.4948009720290445
                Encrypted:false
                SSDEEP:
                MD5:FB4DFEBE83F554FAF1A5CEC033A804D9
                SHA1:6C9E509A5D1D1B8D495BBC8F57387E1E7E193333
                SHA-256:4F46A9896DE23A92D2B5F963BCFB3237C3E85DA05B8F7660641B3D1D5AFAAE6F
                SHA-512:3CAEB21177685B9054B64DEC997371C4193458FF8607BCE67E4FBE72C4AF0E6808D344DD0D59D3D0F5CE00E4C2B8A4FFCA0F7D9352B0014B9259D76D7F03D404
                Malicious:false
                Reputation:low
                Preview:..............h.......(....... ....................................................................................................G.F..........................................H.GG.FX.V..............................).(.........G.F.........i.g..................+.*%.$5.4...............n.ln.l{.y.................. .......................u.s............................................................................................................................................................~.~...~.~.................................................................................................................................................................................................................................................................................................................................................G.......................................G..........

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Rotate8.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                Category:dropped
                Size (bytes):894
                Entropy (8bit):2.513882730304912
                Encrypted:false
                SSDEEP:
                MD5:D1C53003264DCE4EFFAF462C807E2D96
                SHA1:92562AD5876A5D0CB35E2D6736B635CB5F5A91D9
                SHA-256:5FB03593071A99C7B3803FE8424520B8B548B031D02F2A86E8F5412AC519723C
                SHA-512:C34F8C05A50DC0DE644D1F9D97696CDB0A1961C7C7E412EB3DF2FD57BBD34199CF802962CA6A4B5445A317D9C7875E86E8E62F6C1DF8CC3415AFC0BD26E285BD
                Malicious:false
                Reputation:low
                Preview:..............h.......(....... ....................................................................................................g.e..........................................g.eg.ew.u..............................F.E.........g.e..............................E.DA.@P.O..........................................:.9......................................................................................&.%.........................................+.* ..+.*..................................................................................................................................................{.{.......................................................................................~.~...{.{..............................................................................................................................................G.......................................G..........

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Save.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                Category:dropped
                Size (bytes):1150
                Entropy (8bit):4.824239610266714
                Encrypted:false
                SSDEEP:
                MD5:7D62E82D960A938C98DA02B1D5201BD5
                SHA1:194E96B0440BF8631887E5E9D3CC485F8E90FBF5
                SHA-256:AE041C8764F56FD89277B34982145D16FC59A4754D261C861B19371C3271C6E5
                SHA-512:AB06B2605F0C1F6B71EF69563C0C977D06C6EA84D58EF7F2BAECBA566D6037D1458C2B58E6BFD70DDEF47DCCBDEA6D9C2F2E46DEA67EA9E92457F754D7042F67
                Malicious:false
                Reputation:low
                Preview:............ .h.......(....... ..... .....@........................................................................................klT.de..UV..RS..OP..MM..JJ..GG..DD..AA.x;<.x;<.r99.n67..........kl......D$.G2!...............VMH..>3..=6..91.r99..........op.........q[K.G<4..xh...........s..A5..B<..=5.x;<..........uv...........q[K.....G<4..........tg..KC..ID..B<.}>>..........{|.............q[K.q[K.q[K.q[K.vbR.}j[..VT..OL..ID..AA...............................yz..qr..kl..]\..VT..PL..DD.....................c`..^V..XK..R?..M4..G(..A...;...]\..VT..GG................fg.................................;...]\..JJ................mn..................................A...gg..MM................vw..................................G(..qr..OP..................................................M4..yz..RS..................................................R?.g33..UV....................................................XK..XY..XY..................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\Setup.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 12 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                Category:dropped
                Size (bytes):36710
                Entropy (8bit):5.3785085024370805
                Encrypted:false
                SSDEEP:
                MD5:3D25D679E0FF0B8C94273DCD8B07049D
                SHA1:A517FC5E96BC68A02A44093673EE7E076AD57308
                SHA-256:288E9AD8F0201E45BC187839F15ACA79D6B9F76A7D3C9274C80F5D4A4C219C0F
                SHA-512:3BDE668004CA7E28390862D0AE9903C756C16255BDBB3F7E73A5B093CE6A57A3165D6797B0A643B254493149231ACA7F7F03E0AF15A0CBE28AFF02F0071EC255
                Malicious:false
                Reputation:low
                Preview:..............(...............h...............h...V... .............. .............. ..........N...00......h...."..00..........^)..00...........8........ .h....T.. .... ......Y..00.... ..%...i..(....... ....................................................................................................w......x......................x..ww...........h...............................w.....w.x..........x................xwvwg.................................................................(....... ...................................jO:.mS?.qWD.v\I.|cP..kX..q_..sa..yg..{j...p..nh..pj..uo..|u..xq..|r..|u..rx..zy..|w.}.y...q...d...y...{......S...]..d..i..r..|...j..j...y...e...k...l..q...y...~...v...y..s..s..m...m...l...n...k...t...l..........................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\SysReqMet.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                Category:dropped
                Size (bytes):1150
                Entropy (8bit):5.038533294442847
                Encrypted:false
                SSDEEP:
                MD5:661CBD315E9B23BA1CA19EDAB978F478
                SHA1:605685C25D486C89F872296583E1DC2F20465A2B
                SHA-256:8BFC77C6D0F27F3D0625A884E0714698ACC0094A92ADCB6DE46990735AE8F14D
                SHA-512:802CC019F07FD3B78FCEFDC8404B3BEB5D17BFC31BDED90D42325A138762CC9F9EBFD1B170EC4BBCCCF9B99773BD6C8916F2C799C54B22FF6D5EDD9F388A67C6
                Malicious:false
                Reputation:low
                Preview:............ .h.......(....... ..... .....@..........................................M...........S...........................................q.......................z...................................;........q.c.P.K.|.}............C....................................;.!......................................................Ry,.*w..!.............-.........................................6b..8v................ .+.@............#....................4u..;a..............H.<.........=.C.............................&y..x.e.................$}......................................<.).........\.A............}..................................[.R.}.n.Z.C.y.Y.k.L............. q..............................t.s............r...k.........]{G..............................................y.`.z.h.a.N.e.P...............................................~.q._.J...............................8....................t.p..................?..................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\SysReqNotMet.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                Category:dropped
                Size (bytes):1150
                Entropy (8bit):5.854644771288791
                Encrypted:false
                SSDEEP:
                MD5:EE2C05CC9D14C29F586D40EB90C610A9
                SHA1:E571D82E81BD61B8FE4C9ECD08869A07918AC00B
                SHA-256:3C9C71950857DDB82BAAB83ED70C496DEE8F20F3BC3216583DC1DDDA68AEFC73
                SHA-512:0F38FE9C97F2518186D5147D2C4A786B352FCECA234410A94CC9D120974FC4BE873E39956E10374DA6E8E546AEA5689E7FA0BEED025687547C430E6CEFFABFFB
                Malicious:false
                Reputation:low
                Preview:............ .h.......(....... ..... .....@....................................../..F..........!....n....d..................................;.............,+..AB..UV..XZ...1.....S......................U.....................EE..\[..rr......NP.....^..............<s.....................!.$)..AC..jj..ww..{{..57.....4........01.................H..........N?8;..[[..ba..`_..TU....L.......bj]^..QP.........:..........)N#&..>=..GG..HI..IJ..EE..!#......24..mm..hh..,.............+N........)(..*-.....{-...-,........ SPS..zy..qr....qq......0NCE..33..%%........ZJ...."$..0/../1....?qRU............W}..)A]^..rr..qq..Y[...._z........CE..RQ..AC....8`79.........SU..ab......||..ef....ey...........QZ[..ZZ..=?.....(...d....................pr.....H............IK..jj..fg..*,..........]_..................[y.......(..:VQS..{z..ut..ab....'H...........?................||..ef..jk..................$%d....................W....................................*,n.............................HI......................WY

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\stop.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                Category:dropped
                Size (bytes):10134
                Entropy (8bit):6.016582854640062
                Encrypted:false
                SSDEEP:
                MD5:5DFA8D3ABCF4962D9EC41CFC7C0F75E3
                SHA1:4196B0878C6C66B6FA260AB765A0E79F7AEC0D24
                SHA-256:B499E1B21091B539D4906E45B6FDF490D5445256B72871AECE2F5B2562C11793
                SHA-512:69A13D4348384F134BA93C9A846C6760B342E3A7A2E9DF9C7062088105AC0B77B8A524F179EFB1724C0CE168E01BA8BB46F2D6FAE39CABE32CAB9A34FC293E4A
                Malicious:false
                Reputation:low
                Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@......................................................................................................wwx...........w....w.........x....x.........x.y.......................p..............x.........q.......p.........q.................xy...........q.......................p.............y..................x.y..............y.y.............yyy.........S........x..........yy.............x.yyyx......................Q.8.........x..............y....qy.p...y.....x.....p........y....9.....y....yy..yx.......y..yyyw..p.....y.yyyyy................x.p........y.yy..........x...x............x.................wwx.....................?...................................................................................................?............(....... ..................................................................................................ww.....w..........xx..x........x....p........xy

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Graphics\warn.ico

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                Category:dropped
                Size (bytes):10134
                Entropy (8bit):4.3821301214809045
                Encrypted:false
                SSDEEP:
                MD5:B2B1D79591FCA103959806A4BF27D036
                SHA1:481FD13A0B58299C41B3E705CB085C533038CAF5
                SHA-256:FE4D06C318701BF0842D4B87D1BAD284C553BAF7A40987A7451338099D840A11
                SHA-512:5FE232415A39E0055ABB5250B120CCDCD565AB102AA602A3083D4A4705AC6775D45E1EF0C2B787B3252232E9D4673FC3A77AAB19EC79A3FF8B13C4D7094530D2
                Malicious:false
                Reputation:low
                Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@................................................................................................................................................................wwwww.....wwww...................3333333333338...{....3s.....x...{....0G;.............0.;...7.........33....8.....{...33..............0....7...............8.......{....;.............0.;.............0...8...........4...............wu;.............ww;.............ww;?...........;ww;.............7w................................8.............{...................................................................................................................................................................?...?..................................................?...?.........(....... ........................................................................................................333333;...............8.........;........

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\ParameterInfo.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (314), with CRLF line terminators
                Category:dropped
                Size (bytes):8968
                Entropy (8bit):3.5907064103424333
                Encrypted:false
                SSDEEP:
                MD5:66590F13F4C9BA563A9180BDF25A5B80
                SHA1:D6D9146FAEEC7824B8A09DD6978E5921CC151906
                SHA-256:BF787B8C697CE418F9D4C07260F56D1145CA70DB1CC4B1321D37840837621E8F
                SHA-512:ABA67C66C2F3D9B3C9D71D64511895F15F696BE8BE0EEDD2D6908E1203C4B0CF318B366F9F3CD9C3B3B8C0770462F83E6EEA73E304C43F88D0CBEDF69E7C92B3
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .S.e.t.u.p.V.e.r.s.i.o.n.=.".1...0.".>..... . .<.U.I. .D.l.l.=.".S.e.t.u.p.U.i...d.l.l.". .N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. . .x.8.6. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .S.e.t.u.p.". .V.e.r.s.i.o.n.=.".1.0...0...3.0.3.1.9.". ./.>..... . .<.C.o.n.f.i.g.u.r.a.t.i.o.n.>..... . . . .<.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . . . .<.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h. .N.a.m.e.=.".c.r.e.a.t.e.l.a.y.o.u.t.". ./.>..... . . . .<./.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . .<.U.s.e.r.E.x.p.e.r.i.e.n.c.e.D.a.t.a.C.o.l.l.e.c.t.i.o.n. .P.o.l.i.c.y.=.".U.s.e.r.C.o.n.t.r.o.l.l.e.d.". ./.>..... . . . .

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):78152
                Entropy (8bit):6.011592088917562
                Encrypted:false
                SSDEEP:
                MD5:006F8A615020A4A17F5E63801485DF46
                SHA1:78C82A80EBF9C8BF0C996DD8BC26087679F77FEA
                SHA-256:D273460AA4D42F0B5764383E2AB852AB9AF6FECB3ED866F1783869F2F155D8BE
                SHA-512:C603ED6F3611EB7049A43A190ED223445A9F7BD5651100A825917198B50C70011E950FA968D3019439AFA0A416752517B1C181EE9445E02DA3904F4E4B73CE76
                Malicious:true
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.................j.}.....].v.....h.w.....\.H...v.e.|.......B.....h.~.....Y.|.....].~.....m.~.....l.~.....k.~...Rich............PE..L......K.........."......f...........+............@..........................P............@...... ..................pu..x...Tp..<.......................H....@...... ................................(..@............................................text....e.......f.................. ..`.data................j..............@....rsrc................v..............@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\SetupEngine.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):807256
                Entropy (8bit):6.357664904941565
                Encrypted:false
                SSDEEP:
                MD5:84C1DAF5F30FF99895ECAB3A55354BCF
                SHA1:7E25BA36BCC7DEED89F3C9568016DDB3156C9C5A
                SHA-256:7A0D281FA802D615EA1207BD2E9EBB98F3B74F9833BBA3CB964BA7C7E0FB67FD
                SHA-512:E4FB7E4D39F094463FDCDC4895AB2EA500EB51A32B6909CEC80A526BBF34D5C0EB98F47EE256C0F0865BF3169374937F047BF5C4D6762779C8CA3332B4103BE3
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................&......&.......R.....z.....O.....{......B...........O.....~.....J.....K.....L....Rich...........................PE..L......K.........."!................Y...............................................;.....@.....................................h....................:..X...............................................@............................................text............................... ..`.data...8...........................@....rsrc................f..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\SetupUi.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):295248
                Entropy (8bit):6.262127887617593
                Encrypted:false
                SSDEEP:
                MD5:EB881E3DDDC84B20BD92ABCEC444455F
                SHA1:E2C32B1C86D4F70E39DE65E9EBC4F361B24FF4A1
                SHA-256:11565D97287C01D22AD2E46C78D8A822FA3E6524561D4C02DFC87E8D346C44E7
                SHA-512:5750CEC73B36A3F19BFB055F880F3B6498A7AE589017333F6272D26F1C72C6F475A3308826268A098372BBB096B43FBD1E06E93EECC0A81046668228BC179A75
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..bI...I..WI...I..cI..I..ZI...I...IG..I..WI...I..fI...I..RI...I..SI...I..TI...IRich...I................PE..L......K.........."!................................................................yq....@..........................................P...............j..P....`..0?..................................`z..@............................................text............................... ..`.data....Q.......4..................@....rsrc........P......................@..@.reloc...T...`...V..................@..B........................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\SetupUi.xsd

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, ASCII text, with very long lines (335), with CRLF line terminators
                Category:dropped
                Size (bytes):30120
                Entropy (8bit):4.990211039591874
                Encrypted:false
                SSDEEP:
                MD5:2FADD9E618EFF8175F2A6E8B95C0CACC
                SHA1:9AB1710A217D15B192188B19467932D947B0A4F8
                SHA-256:222211E8F512EDF97D78BC93E1F271C922D5E91FA899E092B4A096776A704093
                SHA-512:A3A934A8572FF9208D38CF381649BD83DE227C44B735489FD2A9DC5A636EAD9BB62459C9460EE53F61F0587A494877CD3A3C2611997BE563F3137F8236FFC4CA
                Malicious:false
                Reputation:low
                Preview:<?xml version="1.0" encoding="utf-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns="http://schemas.microsoft.com/SetupUI/2008/01/imui".. xmlns:imui="http://schemas.microsoft.com/SetupUI/2008/01/imui".. targetNamespace="http://schemas.microsoft.com/SetupUI/2008/01/imui".. elementFormDefault="qualified"..attributeFormDefault="unqualified"..>.... <xs:annotation>.. <xs:documentation>.. Copyright (c) Microsoft Corporation. All rights reserved... Schema for describing DevDiv "Setup UI Info".. </xs:documentation>.. </xs:annotation>.... <xs:element name="SetupUI">.. <xs:annotation>.. <xs:documentation>specifies UI dll, and lists of MSIs MSPs and EXEs</xs:documentation>.. </xs:annotation>.. <xs:complexType>.. <xs:sequence>.. <xs:choice>.. <xs:element ref="UI" minOccurs="1" maxOccurs="1"></xs:element>.. <xs:element ref="Strings" minOccurs="1" maxOccurs="1"></xs:element>..

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\SplashScreen.bmp

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PC bitmap, Windows 3.x format, 200 x 200 x 8, image size 40000, resolution 3779 x 3779 px/m, cbSize 41078, bits offset 1078
                Category:dropped
                Size (bytes):41078
                Entropy (8bit):0.3169962482036715
                Encrypted:false
                SSDEEP:
                MD5:43B254D97B4FB6F9974AD3F935762C55
                SHA1:F94D150C94064893DAED0E5BBD348998CA9D4E62
                SHA-256:91A21EBA9F5E1674919EE3B36EFA99714CFB919491423D888CB56C0F25845969
                SHA-512:46527C88F0AED25D89833B9BE280F5E25FFCEAE6BC0653054C8B6D8EBE34EBA58818A0A02A72BD29279310186AC26D522BBF34191FBDE279A269FC9DA5840ACC
                Malicious:false
                Reputation:low
                Preview:BMv.......6...(...................@.......................{7...>...h?..D...N...K..........xE..._#..q..T...X...Q...[..._...c...j....>.!....f...v...r...."..v....0....... ..........4..I.........[...}..............j.............................................................................................................i......................@>1.......................................................o...u...u...z...z...~............................................................................................................................................................................{...~.................................................................................................................yw`......................................................................................................................................................//'...........................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\Strings.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):14246
                Entropy (8bit):3.70170676934679
                Encrypted:false
                SSDEEP:
                MD5:332ADF643747297B9BFA9527EAEFE084
                SHA1:670F933D778ECA39938A515A39106551185205E9
                SHA-256:E49545FEEAE22198728AD04236E31E02035AF7CC4D68E10CBECFFD08669CBECA
                SHA-512:BEA95CE35C4C37B4B2E36CC1E81FC297CC4A8E17B93F10423A02B015DDB593064541B5EB7003560FBEEE512ED52869A113A6FB439C1133AF01F884A0DB0344B0
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". ..... . . . . . . . . .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.S.t.r.i.n.g.s.>..... . . . .<.!.-.-. .R.e.f.l.e.c.t.i.v.e. .p.r.o.p.e.r.t.y. .p.a.g.e. .-.-.>..... . . . .<.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>.#.(.l.o.c...i.d.s._.c.a.p.t.i.o.n._.f.o.r.m.a.t._.1.s.).<./.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>..... . . . .<.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>.#.(.l.o.c...i.d.s._.i.s._.r.e.a.l.l.y._.c.a.n.c.e.l.).<./.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>......... . . . .<.!.-.-. .S.y.s.t.e.m. .R.e.q.u.i.r.e.m.e.n.t.s. .p.a.g.e. .-.-.>..... . . . .<.S.Y.S.R.E.Q.P.A.G.E._.R.E.Q.U.I.R.E.D._.A.N.D._.A.V.A.I.L.A.B.L.E._.D.I.S.K._.S.P.A.C.E.>.#.(.l.o.c...s.y.s.r.e.q.

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\UiInfo.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):36342
                Entropy (8bit):3.0937266645670003
                Encrypted:false
                SSDEEP:
                MD5:812F8D2E53F076366FA3A214BB4CF558
                SHA1:35AE734CFB99BB139906B5F4E8EFBF950762F6F0
                SHA-256:0D36A884A8381778BEA71F5F9F0FC60CACADEBD3F814679CB13414B8E7DBC283
                SHA-512:1DCC3EF8C390CA49FBCD50C02ACCD8CC5700DB3594428E2129F79FEB81E4CBBEEF1B4A10628B2CD66EDF31A69ED39CA2F4E252AD8AA13D2F793FCA5B9A1EAF23
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.U.I.>......... . . . .<.R.e.s.o.u.r.c.e.D.l.l.>.S.e.t.u.p.R.e.s.o.u.r.c.e.s...d.l.l.<./.R.e.s.o.u.r.c.e.D.l.l.>..... . . . .<.S.p.l.a.s.h.S.c.r.e.e.n.>..... . . . . . .<.H.i.d.e./.>..... . . . .<./.S.p.l.a.s.h.S.c.r.e.e.n.>......... . . . .<.L.C.I.D.H.i.n.t.s.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . . . . .<.R.e.g.K.e.y.>.H.K.C.U.\.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.V.i.s.u.a.l.S.t.u.d.i.o.\.9...0.\.G.e.n.e.r.a.l.<./.R.e.g.K.e.y.>..... . . . . . . . .<.R.e.g.V.a.l.u.e.N.a.m.e.>.U.I.L.a.n.g.u.a.g.e._.f.a.k.e.<./.R.e.g.V.a.l.u.e.N.a.m.e.>..... . . . . . .<./.L.C.I.D.H.i.n.t.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . .

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\header.bmp

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PC bitmap, Windows 3.x format, 49 x 49 x 24, image size 7254, resolution 2834 x 2834 px/m, cbSize 7308, bits offset 54
                Category:dropped
                Size (bytes):7308
                Entropy (8bit):3.7864255453272464
                Encrypted:false
                SSDEEP:
                MD5:3AD1A8C3B96993BCDF45244BE2C00EEF
                SHA1:308F98E199F74A43D325115A8E7072D5F2C6202D
                SHA-256:133B86A4F1C67A159167489FDAEAB765BFA1050C23A7AE6D5C517188FB45F94A
                SHA-512:133442C4A65269F817675ADF01ADCF622E509AA7EC7583BCA8CD9A7EB6018D2AAB56066054F75657038EFB947CD3B3E5DC4FE7F0863C8B3B1770A8FA4FE2E658
                Malicious:false
                Reputation:low
                Preview:BM........6...(...1...1...........V.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\sqmapi.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):144416
                Entropy (8bit):6.7404750879679485
                Encrypted:false
                SSDEEP:
                MD5:3F0363B40376047EFF6A9B97D633B750
                SHA1:4EAF6650ECA5CE931EE771181B04263C536A948B
                SHA-256:BD6395A58F55A8B1F4063E813CE7438F695B9B086BB965D8AC44E7A97D35A93C
                SHA-512:537BE86E2F171E0B2B9F462AC7F62C4342BEB5D00B68451228F28677D26A525014758672466AD15ED1FD073BE38142DAE478DF67718908EAE9E6266359E1F9E8
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................................................Rich...................PE..L....IE...........!.........$.....................l.........................@......R.....@.........................D.......$...d....................... (... ......P...8............................\..@.......t.......D............................text............................... ..`.data...............................@....rsrc...............................@..@.reloc....... ......................@..Ba.IE8....IEC....IEP....IEZ.....IEe....IEP...........msvcrt.dll.ADVAPI32.dll.ntdll.DLL.USER32.dll.KERNEL32.dll...............................................................................................................................................................................................................................................

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\vc_red.cab

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Microsoft Cabinet archive data, 4186145 bytes, 19 files, at 0x44 +A "F_CENTRAL_atl100_x86" +A "F_CENTRAL_mfc100_x86", flags 0x4, number 1, extra bytes 20 in head, 354 datablocks, 0x1503 compression
                Category:dropped
                Size (bytes):4192089
                Entropy (8bit):7.999755784501758
                Encrypted:true
                SSDEEP:
                MD5:6C59FECF51931FB4540E571AE0310098
                SHA1:DB5B0E9F7D20D2B1CCD61320ECCA7A60E118619B
                SHA-256:08E4D5BAD48C0203FDF02FDC28794F820DFB1D4480BDCAC562E7BC6E15FFAAD3
                SHA-512:D9CC7C6EF54105C981AACAAFDE890019AF766B53417E765FA7636C3B8A4400CE6F987CCEF1A54B4521412A8E45C011476C065CEBC892688AEED1B027E3E761BA
                Malicious:false
                Reputation:low
                Preview:MSCF....!.?.....D...........................!.?.8...........Y...b...H.........r<.I .F_CENTRAL_atl100_x86.HAB.H.....r<.I .F_CENTRAL_mfc100_x86.P....\D...r<.I .F_CENTRAL_mfc100chs_x86.P.....D...r<.I .F_CENTRAL_mfc100cht_x86.P...0wE...r<.I .F_CENTRAL_mfc100deu_x86.P....rF...r<.I .F_CENTRAL_mfc100enu_x86.P....IG...r<.I .F_CENTRAL_mfc100esn_x86.P... CH...r<.I .F_CENTRAL_mfc100fra_x86.P...p>I...r<.I .F_CENTRAL_mfc100ita_x86.P....1J...r<.I .F_CENTRAL_mfc100jpn_x86.P.....J...r<.I .F_CENTRAL_mfc100kor_x86.P...`.K...r<.I .F_CENTRAL_mfc100rus_x86.P.B..sL...r<.I .F_CENTRAL_mfc100u_x86.P9........r<.I .F_CENTRAL_mfcm100_x86.P;..PV....r<.I .F_CENTRAL_mfcm100u_x86.Pm........r<.I .F_CENTRAL_msvcp100_x86.P.........r<.I .F_CENTRAL_msvcr100_x86.P...@.....r<.I .F_CENTRAL_vcomp100_x86.P3........r<.. .FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8...W..:..[..... '.."S`$..n...W..de`e. .(.$.gV...2..X@A..ra*NR<cq|...{.`.p.M.. .).JM....q..........Q.......?.........2..nL......U.f#[v..#--

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\vc_red.msi

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2010 x86 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319., Template: Intel;0, Revision Number: {F035AD1C-45C3-4166-865F-C2F7CD4958B1}, Create Time/Date: Fri Mar 19 16:11:58 2010, Last Saved Time/Date: Fri Mar 19 16:11:58 2010, Number of Pages: 200, Name of Creating Application: Windows Installer XML (3.5.0626.0), Security: 2, Number of Words: 2
                Category:dropped
                Size (bytes):155136
                Entropy (8bit):6.337010677866242
                Encrypted:false
                SSDEEP:
                MD5:CD2B99BB86BA6A499110C72B78B9324E
                SHA1:7A288418B36E681093B33DC169E4D27C2EE33EDD
                SHA-256:41F6B61E0C070C86E32D8777629DFC8E860848865FEFA0BA7D69E9FEF0A3B174
                SHA-512:17174B8F0186F05BE1E20215AAFD64797EC4F831A0D3E0E97ADE3F0A25CB6F78D1D8BF568DFEA1B2DE2ADD3A9D64AAA5B4319F7927301D5D73BBAB1B0EAAE3D5
                Malicious:false
                Reputation:low
                Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                C:\9f205d7d8f8ebe3c20c6094cd41758f8\watermark.bmp

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe
                File Type:PC bitmap, Windows 3.x format, 164 x 628 x 24, image size 308978, resolution 2834 x 2834 px/m, cbSize 309032, bits offset 54
                Category:dropped
                Size (bytes):309032
                Entropy (8bit):6.583379857106919
                Encrypted:false
                SSDEEP:
                MD5:1A5CAAFACFC8C7766E404D019249CF67
                SHA1:35D4878DB63059A0F25899F4BE00B41F430389BF
                SHA-256:2E87D5742413254DB10F7BD0762B6CDB98FF9C46CA9ACDDFD9B1C2E5418638F2
                SHA-512:202C13DED002D234117F08B18CA80D603246E6A166E18BA422E30D394ADA7E47153DD3CCE9728AFFE97128FDD797FE6302C74DC6882317E2BA254C8A6DB80F46
                Malicious:false
                Reputation:low
                Preview:BM(.......6...(.......t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Config.Msi\3ed843.rbs

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:modified
                Size (bytes):26207
                Entropy (8bit):5.434746556672082
                Encrypted:false
                SSDEEP:
                MD5:C96B99E5E39CE3912461135AFA60924D
                SHA1:4C4BF00CC73756F75804FB43367F586AAC6ADF6E
                SHA-256:33D2BAF1222CA1089ADE988EC1341317C33DD99B86B8CC1DB1F58BBEAF6643BA
                SHA-512:DE655956B73326EE61F49E918A10C12C16255A971271F4EA2AE41489BD31DBA44EA9E8F30F2DF0523DC30AE5E976B43D77A0EA9E7AED65341D59AE6AE4A287D1
                Malicious:false
                Reputation:low
                Preview:...@IXOS.@.....@...W.@.....@.....@.....@.....@.....@......&.{196BB40D-1578-3D01-B289-BEFC77A11A1E};.Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319..vc_red.msi.@.....@ov...@.....@........&.{F035AD1C-45C3-4166-865F-C2F7CD4958B1}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{8453C4E7-26E8-3408-B3A4-5940CA95BC60}&.{196BB40D-1578-3D01-B289-BEFC77A11A1E}.@......&.{1414BD84-D9A5-3EE5-AA73-118D7C072370}&.{196BB40D-1578-3D01-B289-BEFC77A11A1E}.@......&.{E2F46933-FF4F-46E0-B997-F64D2C6D4FA1}&.{196BB40D-1578-3D01-B289-BEFC77A11A1E}.@......&.{529D0A60-398C-38A2-97EF-82FAFA798A06}&.{196BB40D-1578-3D01-B289-BEFC77A11A1E}.@......&.{9983C931-37BE-3C6E-AD32-8B6E789B6881}&.{196BB40D-1578-3D01-B289-BEFC77A11A1E}.@......&.{E822F933-C70D-3CF4-A92D-7263B8ACCF30}&.{196BB40D-1578

                C:\Config.Msi\3f51e8.rbs

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):14057
                Entropy (8bit):5.486492275315072
                Encrypted:false
                SSDEEP:
                MD5:94C1CB729FC8B7318D698B28ACFC3123
                SHA1:95F84C1AD1A5573F26400BC0665630A3A1270E89
                SHA-256:E0B47D81F03E37A3663293EB3BAC8584C91128531183D3036A0284B99CD52D0A
                SHA-512:E9F9C3AC78DF2B04E26167E109C04FDCCAB5562B1D20C554D5ACF8815DF1832C310606DC8370230043CF07B15900EE494C4C203597ADEBFD3720C2DCE641B412
                Malicious:false
                Reputation:low
                Preview:...@IXOS.@.....@...W.@.....@.....@.....@.....@.....@......&.{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}:.Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005..vc_runtimeMinimum_x86.msi.@.....@.R...@.....@........&.{E9934153-EAB1-4DA6-AA72-86C8BB1EDF2C}.....@.....@.....@.....@.......@.....@.....@.......@....:.Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{FE80AAC7-9373-345B-8C89-01D4359338F8}&.{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}.@......&.{0835C947-D6D2-4E52-AF14-0231D04E88EA}&.{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}.@......&.{74260D9F-D644-423B-B2D4-0291EA4BA8BE}&.{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}.@......&.{63B83B20-1AB9-4F49-B0B2-4489724CA96C}&.{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}.@......&.{E08DC543-ADA7-466B-B629-CE908DD9BDE3}&.{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}.@......&.{1A7754D3-744B-439A-B284-BD7A1C24FCFA}&.{

                C:\Config.Msi\3f51ec.rbs

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):20505
                Entropy (8bit):5.348896189127148
                Encrypted:false
                SSDEEP:
                MD5:41D93E2DE12012BB98A888CC6C528CB3
                SHA1:EFEE961BDC01DF0589E250986BD76E5C7C917D9C
                SHA-256:72E2CAB60C5BC2F2F5628BF3BE4E5C01A295F4D7CA3113989B13CF2F10094506
                SHA-512:1408EE8030E8B9B96C18409F244028A8F2114369E8ED048D9FD9E4BB866D1AD7C063B8126AF6B24CA1DEBD0CD5073D5A9486E72613707E9C73A0D586A0CB98FB
                Malicious:false
                Reputation:low
                Preview:...@IXOS.@.....@...W.@.....@.....@.....@.....@.....@......&.{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}=.Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005..vc_runtimeAdditional_x86.msi.@.....@.R...@.....@........&.{5703FD24-BF2D-4D14-AB2F-E415A0361E63}.....@.....@.....@.....@.......@.....@.....@.......@....=.Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{1D481A21-C43F-38B9-B0D1-E090FD2D2643}&.{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}.@......&.{7EA36934-F736-408F-BD04-A2A710E04773}&.{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}.@......&.{B5B46CD9-9426-401F-9C3B-646807EFE00B}&.{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}.@......&.{D4263C2B-DA4A-4000-A8E0-4BE8E46A9A3C}&.{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}.@......&.{271E5C92-3536-4282-9ABF-449A91B8C2D7}&.{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}.@......&.{8E4244B1-6F8F-4EA0-AC6A-346DE7C

                C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):799568
                Entropy (8bit):6.390606039798855
                Encrypted:false
                SSDEEP:
                MD5:AAC7ED76E8DE83F80D866EFE99121F2A
                SHA1:3A7AE94AE160FEE6F539CA0AA12FAFF2C19F84F2
                SHA-256:6C45957E8BFE773FC4F9055F8E1F88C4C7105C23B039526B07FB1921410F7574
                SHA-512:78DED5095F3081847D39DCC5A3F5447583962BBFD8A7DB72FC139872B05067E756AC8BA9F55A383861DEFA9FBB52EF0CE310F385577418B79713A9A4727D338A
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4.yp..*p..*p..*y.D*t..*.._*q..*..Y*h..*..m*..*..l*9..*y.T*s..*p..*..*..i*i..*..\*q..*..]*q..*..Z*q..*Richp..*........PE..L......K.........."!.....t...................................................`............@.................................z..(.......................P..............................................@...................Dx.......................text....s.......t.................. ..`.data....K.......&...x..............@....rsrc...............................@..@.reloc..............^..............@..B........................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\Castle.Core.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):450352
                Entropy (8bit):5.9031713784043705
                Encrypted:false
                SSDEEP:
                MD5:DD2776F142A24D69A9E146157948331A
                SHA1:D23B605E76A31B0F1DBEFBC5839DAE1C4E6E0A25
                SHA-256:8EEA0862DCC6157158E70056F6D172C673D371C87BC3AEC5587742CBA47C8BE7
                SHA-512:8218DA6AD2651B1477963EECDC5BCEB82B1C1FC026E3DC7CF2E3F74272D424F3BFFB8D8A46D62822C7D19026BB81A82C0E8413CF7C8F5012C649CDE15203E6AB
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............j.... ........... ....................... ............`.....................................O.......................0...........@...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................J.......H.......`E..............h...X.............................................{....*..{....*V.(......}......}....*...0..;........uJ.....,/(.....{.....{....o....,.(.....{.....{....o....*.*. .... )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0...........r...p......%..{...........M.....M...-.qM........M...-.&.+...M...o.....%..{...........N.....N...-.qN........N...-.&.+...N...o.....(....*..{....*..{....*V.(......}......}....*...0..;........uO.....,/(.....{.....{....o....,.(.....{...

                C:\Program Files (x86)\Syslogd\Castle.Windsor.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):361944
                Entropy (8bit):6.024459060024021
                Encrypted:false
                SSDEEP:
                MD5:93B6DD60283887CCBE6370F83834F1EF
                SHA1:4C3D5E0C868A7AD46750BECFB0DCE4B022D19CA7
                SHA-256:6549DE1D2764C6DD7EAD7C741EDC647D3073EF80CAD465E208292EFF6B0E2F81
                SHA-512:F95B3499BA5BA7B06DD37F48913766BA5F36CF8BB654D5DD788BE7A025EEF7BB7ED57D11896E7089D2DF47594FD76D2A50B1215C4C8EB6F39AD53012B60D5132
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7............." ..0..\..........~{... ........... ....................................`.................................+{..O.......T............f..............Lz..T............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...T............^..............@..@.reloc...............d..............@..B................_{......H................................y........................................{<...*..{=...*V.(>.....}<.....}=...*...0..;........u1.....,/(?....{<....{<...o@...,.(A....{=....{=...oB...*.*. ...W )UU.Z(?....{<...oC...X )UU.Z(A....{=...oD...X*.0..b........r...p......%..{<......%q.........-.&.+.......oE....%..{=......%q4....4...-.&.+...4...oE....(F...*b.o.....s.....((...o#...*f.o......s.....((...o)...*..o.....5...(G...s.....((...o#....5...*b.o.....s.....((...o...+*b.o.....s.....((...

                C:\Program Files (x86)\Syslogd\DEPInc.bat

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):104
                Entropy (8bit):5.088862915545457
                Encrypted:false
                SSDEEP:
                MD5:7367A66874D7264B1B3E90F3BB95F335
                SHA1:98A07CF218C83669AA5472741907BA6D7E8B036B
                SHA-256:D58EE67FE80ADCD0B7A130590C65246A61FB70DB7F2AF77C96A3D580A3311507
                SHA-512:E89F2D38F6D811E5C7456BDECE03D9FF4784A220AA273E780EB623F313B4B873415540642618A0571769B87F4092AE829A042B9CA7B438CA8BFACE39660D8A09
                Malicious:false
                Reputation:low
                Preview:..@Echo Off..rundll32 sysdm.cpl, NoExecuteAddFileOptOutList C:\Program Files (x86)\Syslogd\Syslogd.exe..

                C:\Program Files (x86)\Syslogd\EntityFramework.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):4991352
                Entropy (8bit):6.097816081905885
                Encrypted:false
                SSDEEP:
                MD5:FFDCF232D0BB2FFF78721FB347641A76
                SHA1:54C76A2FA61E6DF1AE4C9DF65435A38482C2CB71
                SHA-256:FF42BCA704605E187ABB45523868B15128D6AF1C28AD40A4579D507D34A953B2
                SHA-512:89DF103556CFBD955283BEE551576134F9A7B0D121E12CF6DF4E9F4028075B2C4FF9D22886CFD21B10D0A0D6E640DB784B74D42EBAC4A45CCB9CE9C725A1FDF1
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0...K...........K.. ... L...... .......................`L.....<hL...`...................................K.O.... L.$.............L.x#...@L......~K.T............................................ ............... ..H............text.....K.. ....K................. ..`.rsrc...$.... L.......K.............@..@.reloc.......@L.......L.............@..B..................K.....H.......T0....).........l.A.....d~K.......................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. dL.. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..X........r...p......%..{)............-.&.+.......o2....%..{*........z...-.&.+...z...o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*...0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. ...z )UU.Z(,....{4...o0...X )UU

                C:\Program Files (x86)\Syslogd\KiwiSyslog-9-FreeTool.lic

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with very long lines (4092), with no line terminators
                Category:dropped
                Size (bytes):4092
                Entropy (8bit):5.784685264980888
                Encrypted:false
                SSDEEP:
                MD5:18D7EE6777CB518A3FC86A4F992A4F4A
                SHA1:9B12C451BEF3D8ECBCEC18D0167F22BEB886CCB4
                SHA-256:91E26F5E9E63FB8D14C951EDC06BA246CC56964785615ECBADC885FADD2C33A5
                SHA-512:32596F1724A05A24041A43B0F4B3D3B51A9841EC670CF4261186A9F0B9E97572055925D2C5482776B252C80FEF023E03E6AEF29665C0662E29A9177C15278BFF
                Malicious:false
                Reputation:low
                Preview:AgMKS2l3aVN5c2xvZwE5JUtpd2kgU3lzbG9nIFNlcnZlciB2OSAtIEZyZWV3YXJlIE1vZGUAJzAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMAEIg/8/N/R1KMor/z839HUoyisAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwggtQBgkqhkiG9w0BBwKgggtBMIILPQIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBoIIJqDCCBL8wggQooAMCAQICEEGRoVo5eN/PSWVmOB1MdcIwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDcxNjAwMDAwMFoXDTE0MDcxNTIzNTk1OVowgbQxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDQxLjAsBgNVBAMTJVZlcmlTaWduIENsYXNzIDMgQ29kZSBTaWduaW5nIDIwMDQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+vO68fu+D6+A3T/sDEDi+CNKMfZ36kn8ZDMJr7kJSjN7THEgTJerBY3r5UWXu06o79fCUnCv78mbUJNr39Z9uGTk2vNCjdggeIickbDiRJ+KESa4biqH9JYIsEDDocaso6HdKUfHszfjwVNRvwONtCo/Z2GSNY7ItTif2hQ7+beMpmeKFR3wt

                C:\Program Files (x86)\Syslogd\KiwiSyslogLicensor.exe

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):135520
                Entropy (8bit):4.678227492923417
                Encrypted:false
                SSDEEP:
                MD5:F5CB66B8707C8A98C1834C777A3438DA
                SHA1:1DA9DB264F3FFDC1C7A18B8BDE1B8485A1FF281A
                SHA-256:F2CFE23FE1977691C0BA604DE7DF1A175B39A4833E83C2783B1FF93E51F482FA
                SHA-512:AD3B127FC064A382CB7B6547CA266A7AC33F1A003FAE3C852CBDFB599345EC38728C16CB26F6FBFEF0BF73A0A60AFF1E0B5629E646B1C3B7CD19C66DF199D5B6
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.d..............0......j........... ........@.. .......................`............`....................................O........g..............`....@....................................................... ............... ..H............text........ ...................... ..`.rsrc....g.......h..................@..@.reloc.......@......................@..B........................H....... ....'...........V..pL............................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*.~....*..(....*Vs....(....t.........*.rk..p.....r...p. ....(.........(....o....o................*..(......}.....(.....(......(....*j.o ....{....o!......("...*2.{....o#...*...0..........s$.....r...po%...&.{....-C..r...p~....(&....(........(......r...pr...p(.......r...p(....8.....{....o'...r[..po(...,'...{....o'...r[..prc..po)....(....8.....

                C:\Program Files (x86)\Syslogd\KiwiSyslogLicensor.exe.config

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                Category:dropped
                Size (bytes):1316
                Entropy (8bit):4.917267213639678
                Encrypted:false
                SSDEEP:
                MD5:BD08EEF34540F67784BE97FC39919A57
                SHA1:CE19431820A03161637E080948E789F97BD74866
                SHA-256:7C5252440EE0C664FF7BD8090A248A8794433236B9EC1C7C685B0DDD8CFDC0D8
                SHA-512:2483D5DBDF03E901F10F2A4ED993C26635C78FF48631F541B15A1FAE38401BA364673360F3AF17ACFE56558ABE3D35799890D2F1EEF54DDDA64CBC099F1DEA28
                Malicious:false
                Reputation:low
                Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="log4net" type="System.Configuration.IgnoreSectionHandler" />.. </configSections>.. <runtime>.. </runtime>.. <log4net>.. <appender name="ConsoleAppender" type="log4net.Appender.ConsoleAppender">.. <layout type="log4net.Layout.PatternLayout">.. <conversionPattern value="%date %-5level %logger - %message%newline" />.. </layout>.. </appender>.. <appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender">.. <file type="log4net.Util.PatternString" value="${ALLUSERSPROFILE}\Application Data\Solarwinds\Licensing\SolarWindsLicensing_Kiwi_Syslog_Server.log" />.. <encoding value="utf-8" />.. <appendToFile value="true" />.. <rollingStyle value="Size" />.. <maxSizeRollBackups value="10" />.. <maximumFileSize value="10MB" />.. <staticLogFileName value="true" />.. <layout type="log4net.Layout.PatternLayout">..

                C:\Program Files (x86)\Syslogd\Kiwi_bp.gif

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:GIF image data, version 89a, 3 x 10
                Category:dropped
                Size (bytes):824
                Entropy (8bit):0.5626143952641689
                Encrypted:false
                SSDEEP:
                MD5:6B476279D96576E9F7768ACDE399A3FD
                SHA1:612794EEAA3E86D617F3D1D5DF3E8D7F78FE1282
                SHA-256:AEADCE0826CE8C4F24FC2580751A975B4A9D5B4CF6CA45D2A85023D78D1F2C5B
                SHA-512:982380082F1F0E9D5E1E337DA5630199E25072CFA7C4D1C907931E00D4FD195FE455895716817F540374E7C42BDAE5578D683C9E1AE70412D9DC216DE38E98B3
                Malicious:false
                Reputation:low
                Preview:GIF89a........3..mL..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............80.@... T.........;

                C:\Program Files (x86)\Syslogd\Kiwi_logo.jpg

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 540x164, components 3
                Category:dropped
                Size (bytes):22520
                Entropy (8bit):7.9052721707778115
                Encrypted:false
                SSDEEP:
                MD5:D877D748AAFAF8C1E62AD36C0E8AF5FF
                SHA1:44B7441533293036118F33EFC090108769C81077
                SHA-256:DE85DB07DC9817CCCE7CBE2666CCD422C9025339B21B6D2C6890A874D54C4167
                SHA-512:161B314DF225C0F76197DD59103B1605052FDAB0A37C9CA85C0E8E5B1F53D45C0B207F696CAE28F787FF31D943AE4EAEB2174E9DC856FAD90AB9D60E5894321E
                Malicious:false
                Reputation:low
                Preview:......JFIF.....H.H.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...3@\(..9...J..'46.....".n.RF...<s.._. .5.b.O8..I........r.0.u1.Q...K.5.B.i{:1ro.W....2E5e..A...|..O.(..4.x.m3Q.]G.#....[-....x......JV.v..i.7M...?.B.....i........=.] .....a...=.eG..y..o..i.......y...;t.._.....n....%l..q..z..=z..........<Go..k.%.....F...._...rI...x..3..-.R4pxj

                C:\Program Files (x86)\Syslogd\MIBs\KiwiCurrentMIBs.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF, CR line terminators
                Category:dropped
                Size (bytes):232114
                Entropy (8bit):5.062937783126549
                Encrypted:false
                SSDEEP:
                MD5:1A788A288A8B3F741802EC7A591368E5
                SHA1:2B955C28D5B272DB781355734B00E1D87A92DF15
                SHA-256:3ACCA2BBB1CA105426BD3872F42F2143F4664DBEB6E2EF35E34D6D61A13363A9
                SHA-512:DBA721E2F1555B97775AB81AF72D3BB526C454EEAB853A3320D0BB0EE4342524988E8134D2FFBE146E88AD9C9A1013FC48B444166B9DA15B113ACCC8475ED886
                Malicious:true
                Reputation:low
                Preview:MIB_Module_Name.Object_Count..<BODY><PRE>RMM2-MIB.32..A100-R1-MIB.12..A2000R-TRAP-MIB.39..A3COM0004-GENERIC.27..A3COM0017-STACK-CONFIG.29..A3COM0019-RMON-REMOTE-POLL.18..A3COM0021-PORT-SECURITY.5..A3COM0024-EVENT-EXTENSION.4..A3COM0025-STACK-UNIT-TYPES.62..A3COM0026-IF-EXTENSIONS.9..A3COM0027-RMON-EXTENSIONS.6..A3COM0028-ALARM-PEAK.3..A3COM0032-MODEM-CONTROL.3..A3COM0034-PROBECONFIG-EXTENSION.4..A3COM0040-GENERIC-BRIDGE.1..A3COM0042-VLAN-CLIENT-MIB.7..A3COM0046-CHASSIS.36..A3COM0048-EMBEDDED-SCRIPTS.21..A3COM0049-SECURITY.26..A3COM0054-BRASICA2-SPECIFIC.18..A3COM0073IGMP-SNOOP.15..A3COM0074-SMA-VLAN-SUPPORT.4..A3COM00xx-BRIDGE-EXT-MIB.35..A3COM0304-RESILIENTLINKS.2..A3COM0341-MIB-SUMMARY.6..A3COM0352-STACK-CONFIG.8..A3COM0353-SWITCH-EXTENSIONS.24..A3COM0381IGMP-SNOOP.13..A3COM0418-MIB-SUMMARY.7..A3COM0420-SWITCH-EXTENSIONS.14..A3COM0432-ALERT.14..A3COM0435-EVENT-EXTENSION.1..A3COM0436-ALARM-EXTENSIONS.3..A3COM0437-SMART-AUTO.6..A3COM0442-MIB.45..A3COM0481-SECURITY.18..A3COM0483-SWITCHI

                C:\Program Files (x86)\Syslogd\MIBs\KiwiMIBDB.dat

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:data
                Category:dropped
                Size (bytes):7559125
                Entropy (8bit):6.219704538875789
                Encrypted:false
                SSDEEP:
                MD5:0C7AE662D0EC30D813774A6E6A746518
                SHA1:D32107C8C7302A47AF60D11F932C1EA04ADCE3C4
                SHA-256:F44341255B5AB3E038AF93EF568FE6905959B343A1CBBFFF14474D2173F93226
                SHA-512:7E35B86ABFEA245210B8B4353BD807608B7E527E28FC90447FC68AF3A1950F0A6957AF26C989797F22C44BCE4098690D450D1C750570BCE7ED01FAAEB9D57600
                Malicious:false
                Reputation:low
                Preview:K1W1....K1W1....k......aXn..33E.>.....lE.6=.?.F.6.......[.J.xR.3.....VO.t...?i.F........U...J.=.....@...\&)...+.....DT\..nF.".3.....Le.vX.*%.3.....}...k3..".9......I...J&.0......O.F...C.=......$...]]..-......M...e.0..,......2s...yV.4.......\\9>=...9.....wZ*.P...\.5.....'.|...+.m.3......{tn9{g*2.8......*....T...j.......&6..u...8.....[Tk.^.&..6......^..uK.Wr.1............i.F........9....I.1.......6<V...p..........S.V.RV.-......~.fI\..0.5.....+..R....m..........7..P.9.0.........>..aQ.,......}.....C<.........).3.[r.8......w..jAB.E.E.....|..+....F........a....c7J.,.......t..7.g8.0.....Jk...=9.`.3.....oO.....,.:........z...-.&......."..|.G.(........^...H3.~.....\.p...)%,. ............(.".............U./........g.;:U./.....).*_....,.(......E.c.&;...5...../H..}?..K.$......`,\<..].........N@M..Yn.8.............E.).......fV.$5.7./.......L.<..r.*....!Mi...<./.0...."..bH. `.=.5....$2G7..G..q.7....$.N....p.$....$.....H.;o......%\x..N..zn.(....'...=..\.;.,....(@.y..1..#.5....)..

                C:\Program Files (x86)\Syslogd\MIBs\kiwi-enterprises-V2.mib

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1496
                Entropy (8bit):5.341073140291364
                Encrypted:false
                SSDEEP:
                MD5:361910E8D892361393FBEB966EA91602
                SHA1:170BB71B8894DFCDF8197945E729A62E20D2AA3F
                SHA-256:D96CDAC306AAC4DFEA6E41ECFCD48345064497CA09FD9E3D77BE508146111C60
                SHA-512:E38F12F30BF5B92B3B0E53040D69B2F4156E9CF745980CBD6A1A21684A937ACB6B62EB6EF98E6B12F5B73ADF516C83D20C47886B0873A27D9F3986B4A0F4872E
                Malicious:false
                Reputation:low
                Preview:--..-- .. Kiwi Enterprises MIB ..-- ..-- ...Kiwi Enterprises..-- ... P.O. Box 5138..-- ... Greenmeadows..-- ... Napier 4145..-- ... New Zealand..--..-- .. support@kiwisyslog.com..--..--..-- 1. Introduction..--..-- This MIB document describes the SNMP traps sent by Kiwi Syslog Daemon...-- The definitions contained herein rely upon the Structure of Management..-- Information (SMI), RFC1155. It is presented in a format described in ..-- RFC2737, the Entity MIB (Version 2) document...--..-- This document applies to all versions of Kiwi Syslog Daemon...--..-- 2. Version History..--..-- v1.00.000 - 20/06/2007 - Mike Kuzman..-- v1.00.001 - 11/02/2008 - Mike Kuzman..-- v1.00.002 - 12/02/2008 - Mike Kuzman..-- v1.00.003 - 15/01/2019 - Mike Kuzman..--..-- 3. Object Definitions....KIWI-ENTERPRISES-MIBv2 DEFINITIONS ::= BEGIN....IMPORTS...enterprises,.. .OBJECT-TYPE,...NOTIFICATION-TYPE....FROM SNMPv2-SMI...SnmpAdminString....FROM SNMP-FRAMEWORK-MIB;....kiwi-enterprises.OBJECT IDE

                C:\Program Files (x86)\Syslogd\MSWINSCK.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                Category:dropped
                Size (bytes):126800
                Entropy (8bit):5.913880880387853
                Encrypted:false
                SSDEEP:
                MD5:DD88F733968EE8719592005217E7AF81
                SHA1:1612DD52A4DABABE215E4C1E557776A644A5EA24
                SHA-256:88BD7C766E8052330A8F343518F23A5BDAE3F9C97A1AAFDB85714C7C0270D94E
                SHA-512:4CEFDB779F816D8A9F19C8F54C91292591EB43CA8714C8505CC7603F089736A57B5E7BC5D83AFC0412ED0D660E5FE7CA32733B9CE6D4A9152AF0870C2944660E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V.\J...........#........................0.....".................................,....@.........................P ......l........@..Lh..............P............................................................................................text............ .......... .....U. ..`.data...:....0.......0..............@....rsrc...Lh...@...p...@..............@....reloc..p........ ..................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\Microsoft.Bcl.AsyncInterfaces.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):26752
                Entropy (8bit):6.512503595653532
                Encrypted:false
                SSDEEP:
                MD5:970B6E6478AE3AB699F277D77DE0CD19
                SHA1:5475CB28998D419B4714343FFA9511FF46322AC2
                SHA-256:5DC372A10F345B1F00EC6A8FA1A2CE569F7E5D63E4F1F8631BE367E46BFA34F4
                SHA-512:F3AD2088C5D3FCB770C6D8212650EED95507E107A34F9468CA9DB99DEFD8838443A95E0B59A5A6CB65A18EBBC529110C5348513A321B44223F537096C6D7D6E0
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$:............" ..0..4...........S... ...`....... ....................................`..................................S..O....`...............@...(...........R..T............................................ ............... ..H............text....3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............>..............@..B.................S......H........'..P*..................,R........................................(....*..(....*^.(.......1...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(.......2...%...}....*:.(......}....*..{....*z.(......}.......2...%...}....*V.(......}......}....*..{....*..{....*:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{

                C:\Program Files (x86)\Syslogd\Microsoft.Data.ConnectionUI.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):16768
                Entropy (8bit):6.555535159225647
                Encrypted:false
                SSDEEP:
                MD5:2F2FBED3E83E84ACF432A7D8D600A2BC
                SHA1:F87D35E9FA6F0791020033687E832A48BCC0B77C
                SHA-256:F073E575C9696A36D796C558D23DD61255E21D704AEF037C97C83CB6A8814D5E
                SHA-512:E808F8972375DBF47A96B286EB108E0A6BE169CC88AAC6921B7727D486585856E40C67877D38654F1B105CE929E713AEDD5943B19E5263060C542BCA5048DA3C
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q ..........." ..0.............j3... ...@....... ...................................`..................................3..O....@..@................#...`......H2..8............................................ ............... ..H............text...p.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................K3......H.......P ......................H1......................................BSJB............v4.0.30319......l.......#~..L.......#Strings............#US.........#GUID... .......#Blob...........G..........3..............................................................,.....................................................\...............7.....+.............~.....~.....~.....~...m.~..._.~...|.~...T.~.....~...D.~.....~.....w.....w.........................-.............L...............

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.Abstractions.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):30848
                Entropy (8bit):6.457901257027944
                Encrypted:false
                SSDEEP:
                MD5:AEDD72E5081B78E4915234A46B9A6282
                SHA1:17A7352924C82A4F32A5702276488EA4E162061F
                SHA-256:4B80B254466D86F4D34A9F115B648371841E1BA38B0FDCB921A97321FC83FD77
                SHA-512:72328957EE42D93BB16EB08F73FAA6B5C4F0BAC5E8142970D525CFC33D475F881D91D8A68004030433C170735142BA5366DCF0284135DA675795889BB1023028
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...nH............" ..0..D...........c... ........... ....................................`..................................c..O....................P...(...........b..T............................................ ............... ..H............text....C... ...D.................. ..`.rsrc................F..............@..@.reloc...............N..............@..B.................c......H........)...4...........^..X....b........................................( ...*..( ...*^.( ......2...%...}....*:.( .....}....*:.( .....}....*:.( .....}....*:.( .....}....**.-..(....*..s!...z.~....*...0..........(....,..*..(.....o"......&...*...................0...........(.......(#...-..,..*.*.(....,.r...p......%...%...($...*..(%...*.(....,.r...p......%...%...%...($...*...(&...*.(....,!r...p......%...%...%...%...($...*....('...*..,&(....,..r...pr...p.($...((...*..()...*.*.(.

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.FileExtensions.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):29832
                Entropy (8bit):6.503466001633427
                Encrypted:false
                SSDEEP:
                MD5:D5CF5C61BA6897EF8A6B8375838D8E7F
                SHA1:95FBB3EFEE5095FDF66C125A520268F3CB426B47
                SHA-256:E2392555F04919963ECF2512CDAA55A9838759E22DFAA8F5A4FC05EC0BF8C4AF
                SHA-512:B5115D23E8AA3EE119929E0452DC6098E88AD0F93BD9FDD4B4A68876EE31D93A16D278767915B4E050E99E1BF70D02863A733A4C053FD0003A292C105C4E1049
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....B............" ..0..B...........a... ........... ..............................O.....`..................................a..O....................L...(...........`..T............................................ ............... ..H............text....A... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B.................a......H........)...1...........[..8....`........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r..

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.Json.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):29312
                Entropy (8bit):6.495433507230333
                Encrypted:false
                SSDEEP:
                MD5:DDCCF90CAD01FBAAA236FF0A6B54DC5C
                SHA1:561FEE6114212CEF194DF0A05D92AFDBF3FF723F
                SHA-256:EFC7ECF514F88852F1D67BAFA16206C07E0862CA8801B7A94F7E87456AD2C22C
                SHA-512:2EEBD22BB41A4B885478904EAFEB8D40DE5BB459A5CD2F7D31CC78731F16A8EE8F736FF230B2CCDEB23A4A5B5958E1B4D748D8CDC50FDE601FC264C34BC37C84
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|M..........." ..0..@..........._... ...`....... ..............................Sk....`.................................;_..O....`..l............J...(..........4^..T............................................ ............... ..H............text....?... ...@.................. ..`.rsrc...l....`.......B..............@..@.reloc...............H..............@..B................o_......H.......().../...........X.......]........................................(....*^.(.......8...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....( ...*..(!...*.*.(....,.r..

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Configuration.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):42616
                Entropy (8bit):6.362175629513462
                Encrypted:false
                SSDEEP:
                MD5:C7A5D4162FFB59288ACD50FDE970614E
                SHA1:6340EC94970E0625B2E52D6785219421D56591DF
                SHA-256:8B2C284484A14BC71AC83C101CE81878FE07446AE2D0E3967E31A4EEC66FF3C0
                SHA-512:4061EA372D8D96D3A932CE128BC5A732D147327CF03ED8CC71DB3247ABF7990EAC44E335754054FAED845B364F48BF3E470ABB75E87206697410390C49FD0BD0
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e............." ..0..t............... ........... ....................................`.................................-...O....................~..x(..........0...T............................................ ............... ..H............text....s... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B................a.......H........9..@S...........................................................(....*^.(.......<...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o ......&...*...................0...........(.......(!...-..,..*.*.(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r..

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.DependencyModel.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):84096
                Entropy (8bit):6.187490382145379
                Encrypted:false
                SSDEEP:
                MD5:38874FBA46E8F99A096256073CC9E19A
                SHA1:46FE7A34E9CE7FE74016AC5660EB07C257B51894
                SHA-256:B0E87EACBF82DC1F928DDCB8EE47E259CD1104DBAF4AB3618608C79B3ACCB4B4
                SHA-512:96B515170F5B10CC2476A424429E71AA9B859896C7B61036CBEF9BBA8B01902C567FA5D60E789B4368C7388620F5CB93EE1986DCDB07962E638F31C3235ED290
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Hl............" ..0.............z.... ...@....... ....................................`.................................%...O....@............... ...(...`......$-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................Y.......H........k...............&.......,........................................(#...*..(#...*^.(#......J...%...}....*:.(#.....}....*:.(#.....}....*:.(#.....}....*:.(#.....}....**.-..(....*..s$...z.~....*...0..........(....,..*..(.....o%......&...*...................0...........(.......(&...-..,..*.*.(....,.r...p......%...%...('...*..((...*.(....,.r...p......%...%...%...('...*...()...*.(....,!r...p......%...%...%...%...('...*....(*...*..,&(....,..r...pr...p.('...(+...*..(,...*.*.(.

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileProviders.Abstractions.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):25720
                Entropy (8bit):6.435390172570584
                Encrypted:false
                SSDEEP:
                MD5:68DCC5A1E81898F52D7AFFBE6E9C786C
                SHA1:783BB97AAAB8CDAF092CD89E352F1D1F62E87A40
                SHA-256:7734CEFDFF62CC8C91A59EEC98CC1DDE5B76F5A8BB67A17F29BDE4420F9E4436
                SHA-512:45F464D1165319EF9254D097ED98F64E0F44276119AA217A409CC1EEC48A20F76D50C69C4A531D5CADEC5FE487699D1D5BEE462D70B15E754C1E84F0890D1894
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..0..........jN... ...`....... ...............................`....`..................................N..O....`...............<..x(...........M..T............................................ ............... ..H............text...p.... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............:..............@..B................KN......H........%..<$..........@I..@....L........................................(....*^.(.......'...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(...

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileProviders.Physical.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):47232
                Entropy (8bit):6.386054449164043
                Encrypted:false
                SSDEEP:
                MD5:4E2A89BFCC0501ED82CFEEEDFCA9D037
                SHA1:63B957AF638E971CE6493531A32902D3531B73E9
                SHA-256:B4A4DA080A4EB5E86F872CF825517766E7E8A6DDF7CC74C4636352815212A3BE
                SHA-512:CCA0E00D250F6DADA6463033EE380D5D121CC1DEEEFD74E9B9FDB9D733C0884AD5DA77E984BEC585AC477322D8B3915320347747E4D4FB85B988162DFD1A2978
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.q..........." ..0.............n.... ........... ....................................`.....................................O.......p................(..............T............................................ ............... ..H............text...t.... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B................O.......H.......L<...a............................................................(....*..(....*^.(.......N...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...( ...*.(....,!r...p......%...%...%...%...(....*....(!...*..,&(....,..r...pr...p.(....("...*..(#...*.*.(.

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.FileSystemGlobbing.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):48760
                Entropy (8bit):6.3492034623491955
                Encrypted:false
                SSDEEP:
                MD5:EB01DB8D0439FE416F1855F8DA40DBDC
                SHA1:8E95CF97445645B169996C3FE4D3A01ADBCE8CE5
                SHA-256:85B905B3D4163789F6F2B1697501E1101E41299FF90EE14E9D741E80BCBAF4D6
                SHA-512:379406558E17CCA78221673C5457A107AB36AA4A319BA6B82FF8DB329C06EEEB07DE0740A9A93FE6DB340D54FA0CB63DD8D5EEB2F9BFF4D2BDA987139CADD8F5
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<............." ..0.................. ........... ....................................`.................................W...O.......H...............x(..........P...T............................................ ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........E...^..............H............................................(....*..(....*^.(.......:...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s ...z.~....*...0..........(....,..*..(.....o!......&...*...................0...........(.......("...-..,..*.*.(....,.r...p......%...%...(#...*..($...*.(....,.r...p......%...%...%...(#...*...(%...*.(....,!r...p......%...%...%...%...(#...*....(&...*..,&(....,..r...pr...p.(#...('...*..((...*.*.(.

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Logging.Abstractions.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):47632
                Entropy (8bit):6.181211124770121
                Encrypted:false
                SSDEEP:
                MD5:98DFEDBF77E0C9143386FD8D7D42A323
                SHA1:A497FE8B43210A58AE75360385F4046D9109A6CC
                SHA-256:8C7763FCE381531DDA9E9D6B533599E789F705DA613AC711B7C82F8C08185BB4
                SHA-512:D11FD3DC0423D7A0C76B90AB81DCB63BFD82040D00385E2045DE9FC321C37470ADB7A20F2A25D1B00FED8F5C0D8B6F1883961F31C2865F58F8D07ACEB6115DAE
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u|............" ..0................. ........... ....................................@.................................u...O........................$..........h...T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......$C..4c..........X.............................................."..s....*&...(....*2...(.......*>..}......}....*..{....*..{....*.0...........(....%-.&.(.......(....*B.(......(......*...0.. ........-..*.%.u....,..........(....*.*..(....*6.......(/...*......(-...*......(....**....(,...*6.......(/...*......(-...*......(....**....(,...*6.......(/...*......(-...*......(....**....(,...*6.......(/...*......(-...*......(....**....(,...*6.......(/...*......(-...*......(....**.

                C:\Program Files (x86)\Syslogd\Microsoft.Extensions.Primitives.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):47232
                Entropy (8bit):6.290612031588469
                Encrypted:false
                SSDEEP:
                MD5:72DB6FF0A92724CB156A6E8FBC559AE6
                SHA1:C50DE610D1DB4E2A83F21D6F2F23DCFC2B6C9C22
                SHA-256:DC997827664EE67DA9D93C08E012F4F77AFB166236B06C8371D9379F7CFD4215
                SHA-512:BD963BC3B33840EF7E2450AE4B41BFC6302EF356BAC50E69CF1D3C9323508CFD30B8C3FF5754AC9D2C8B86677530C5440F88EBB6B954A498D0EBEA741EDAA824
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'............." ..0.................. ........... ....................................`.................................K...O.......l................(..........T...T............................................ ............... ..H............text........ ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B........................H....... A...Z...........................................................()...*..()...*..()...*^.()......B...%...}....*:.().....}....*:.().....}....*:.().....}....*:.().....}....*.~....*..0..........(....,..*..(.....o*......&...*...................0...........(.......(+...-..,..*.*.(....,.r...p......%...%...(,...*..(-...*.(....,.r...p......%...%...%...(,...*...(....*.(....,!r...p......%...%...%...%...(,...*....(/...*..,&(....,..r...pr...p.(,...(0...*..(1...*.*.(....,.r...p..

                C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.Data.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):247176
                Entropy (8bit):5.998975731080433
                Encrypted:false
                SSDEEP:
                MD5:F6BA5DEBB4CB3AF16F989AB2F52FD7F3
                SHA1:DB9B69FBD5539208563A43218A2C7DC344630A5C
                SHA-256:CC7815DC5E066DB5C1B5846A75BBCB11B666D267A31D69577AE64EFDE7D374D3
                SHA-512:00DF702E94E67642D4ECD087517223B88747F6F0F9C8413CBEA5E02D892DDF0C04B761A99FA9BD6BAB1C4D073C599DD7C6F763AF872E8E10AF4874BEED068A67
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............N.... ........... ..............................`.....`.....................................O.......@................#..........,...8............................................ ............... ..H............text...T.... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................0.......H...........`...........T.......,.......................................:.([.....}....*..{....*..0..".........3..*.u......,..(.....o....3..*.*2.|....(\...*^.s..........s.........*..(]...*.s^...z.s^...z.s^...z.s^...z.s^...z"..o....*6.......(....*:........(....*..(].....}......}......}.......}.......}.......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(]...*.s^...z.s^...z.s^...z.s^...z.s^...z...0..%...............

                C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.OLE.Interop.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):136792
                Entropy (8bit):6.27392206788036
                Encrypted:false
                SSDEEP:
                MD5:4895FC886B5D33D6F004E6D5702D9438
                SHA1:CC0401E466F105196B56D8A432C60CD0D5060DE1
                SHA-256:FCEAF0D124E2DA44CC60808414863142D1BB38FFA08BB67DBC33E2F453BCAD31
                SHA-512:6DC3041604E8F3AED3B6C2A04A877CA4F9F91437499B1294CE27C9950F470A31EE779F5C96CD18B88C6A5AECF5423C60B5C2CC3E85F7A59259689A5E301EF3BA
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..J...........!......... .......... ........>I. ..............................\P....@.....................................K.......P...............XF........................................................... ............... ..H............text....... ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.Shell.Interop.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):266008
                Entropy (8bit):6.132716185250674
                Encrypted:false
                SSDEEP:
                MD5:EAC1FD535EFF13B35B09D587D625EF1B
                SHA1:F6AFBF7830E4BB04C3D1AF67E1A70892CE41CE06
                SHA-256:52DD34CF681505AB03A48A5CE591ABF1953D4261E01F2BCACD1B80045FE26E83
                SHA-512:2212BBAD1E51D31CA0083477A5CA781FFAEA42DC2D6BBA0A2FB8721B5A6E3D70C2180AE94E5800A6B8BA4434C1FA6DC9B3057303D1146A8DCEB74A8EB982A0A5
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... G...........!......... ........... ........@.. ...............................b....@.................................L...O.......P................?........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\Microsoft.VisualStudio.TextManager.Interop.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):122648
                Entropy (8bit):6.087954790460377
                Encrypted:false
                SSDEEP:
                MD5:19C5F181F7C88E32BC7BC39BE564D3C2
                SHA1:59E72D0EEE1D498968D22435D95C8BB3ACE45E8A
                SHA-256:10DB092C47FCFBDCF506C6AB658B03963DCADE3CD3105CC22131CDCA1B426767
                SHA-512:938A33517C3284F783DD7C594A3EB0979A77663CB4AD342AF2920FDBD2C92DE4FDBCDD474A74CC47FBF657B8A6313B3193B6647810AF049D1CF80B3AEE840BE0
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P..J...........!......... ......>.... ........LI. ..............................N.....@....................................W.......P............................................................................ ............... ..H............text...D.... ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\Newtonsoft.Json.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):711952
                Entropy (8bit):5.967185619483575
                Encrypted:false
                SSDEEP:
                MD5:195FFB7167DB3219B217C4FD439EEDD6
                SHA1:1E76E6099570EDE620B76ED47CF8D03A936D49F8
                SHA-256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
                SHA-512:56EB7F070929B239642DAB729537DDE2C2287BDB852AD9E80B5358C74B14BC2B2DDED910D0E3B6304EA27EB587E5F19DB0A92E1CBAE6A70FB20B4EF05057E4AC
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O......................../.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                C:\Program Files (x86)\Syslogd\PcapDotNet.Base.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):33080
                Entropy (8bit):6.308747900562333
                Encrypted:false
                SSDEEP:
                MD5:20F9A92B9470345A36A53C5D5A9EA864
                SHA1:66670A37F897B0785B672E93745460141C10E11D
                SHA-256:7BCD4120BDAF77E80DFA14C37347C36B724CDBFF5B9031A4AA85307D51BCACF4
                SHA-512:5CA2B18F29FB5B097978ADEBF659CBEB3357FBC9F24C588641B6B783B72C98091947C4EAC2E4615A23B896E0612423FB0EBEA7D42F5919496D375B18B6422331
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...fL@W...........!.....Z...........y... ........... ....................................`.................................py..K....................b..8...........8x............................................... ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............`..............@..B.................y......H........5..0C..................P ...........................................n........K..#&.y/.....I2...v@i..j-...N.6.Yk?m.-./..].Yv..X...+...G5...sU...@.....s..Bn..g]...F.V8m...;.O...........B ..$..-..*.*F.(.....b.(....`.*J..(.....b.(....`.*N...(.....b.(....`.*V....(.....b..(....`.*^......(.....b..(....`.*f........(.....b..(....`.*n..........(.....b..(....`.*...b.`.*>....(....(....*R..(......(....(....*V..........(....(....*r....(............(....(....*....0..,...........

                C:\Program Files (x86)\Syslogd\PcapDotNet.Core.Extensions.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):12288
                Entropy (8bit):4.981582677824196
                Encrypted:false
                SSDEEP:
                MD5:08D59D69F1F1CC1306A5276F8D24D20B
                SHA1:90A4BCD9B48854D46F7E0DC9AD05D7A538A4619D
                SHA-256:2F486E4529507C4E8092580640C67D6322F2D464A840408FC4A5A3731543891F
                SHA-512:D434850F096B629EC6A91A5A699CD8F0616A56CA7053FDECEEC6F0D916FDE644072757E2B8F4F2AED411520E86F18E3017480F8C54CB7E896954EA1539BFA6AD
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L@W...........!.....&...........D... ...`....... ...................................`..................................C..K....`.. ............................B............................................... ............... ..H............text....$... ...&.................. ..`.rsrc... ....`.......(..............@..@.reloc..............................@..B.................C......H........%......................P .......................................d.......]..8.r.\..W.j.+.8jD......|H.V......0.cZJ.P`.].r.U.)[sY7.,@.M.AyI....L#.o.C....O:...hw5x8.SVr..... ......!ce..!.0..g........-.r...ps....z.o......r#..p.o....-.(....rM..p..........o.......r#..p..(....s....z.o....r#..po....o....*..0..Q........(.....~....r...p.rb..p(....o......rz..po....u......-.r...ps....z.....,..o .....*.........".#E........(!...*J.o"....{....(#...*..0..7.......s......-.r..

                C:\Program Files (x86)\Syslogd\PcapDotNet.Core.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):92992
                Entropy (8bit):6.234658216770715
                Encrypted:false
                SSDEEP:
                MD5:A6A1A2D37BE0EC796DC23A232776968B
                SHA1:2DF3DDD339ABD3317F8C3573C377BEF1ABA18FEA
                SHA-256:441175D996A12E02088F24669E36F36F6AE35950256C9A7C678F5248AB764A3C
                SHA-512:0E50D9404C57652EC177743106A75A485F2696CE21512242538AE289975F440B9B79F9B4D2E79C9E0D6BB62857BC3492C357083004FEC30B1623EA44AD47597F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...D...D...D.......D.....D.......D......D......D......D......D.. ?...D...E...D.......D......D.......D.Rich..D.................PE..L....L@W...........!.....^..........^m.......p.......................................V....@.................................\F..x....................L..@............r..............................`s..@............p...............s..H............text....].......^.................. ..`.rdata..4....p.......b..............@..@.data...H....`.......D..............@....rsrc................F..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\PcapDotNet.Packets.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):503080
                Entropy (8bit):6.101229981544049
                Encrypted:false
                SSDEEP:
                MD5:722C498B7BBEAEE9C1809B015B068342
                SHA1:D1FD97E05F3B0E3B4951B0B357E893C428C09702
                SHA-256:2FE0C65FEFAFF88EB6EF1C27D5AF16B26048CEEA4505CB7FF295A5568BB3AF96
                SHA-512:CB4C41154A80C9E189DD39C2FBA3346AF198536875EA0BF4A176B9A84706F2B8EB2325DEFF825B74550856433DFB0AE21BF271345E5410C4F6B7E6EABC91669F
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...iL@W...........!................^.... ........... ....................................`.....................................W.......................(........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................@.......H........%...}..................P .........................................f.Q.D..f......UN@5.@.n..^j...Hf.f..l...]{NMZ.u..........FQ|....w..ZB..=.Bg|.\..Nj.....^.`.....8...c...R...UaLh.....c..*...0..............u....*6..u....o....*.0..$........o.......(.....o.........u...o....a*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*. ....*.(....s....*r.(....o.....(....o....(g...*...0..5.........-.r...ps....z..u..

                C:\Program Files (x86)\Syslogd\Readme.htm

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):7860
                Entropy (8bit):5.100397778452854
                Encrypted:false
                SSDEEP:
                MD5:583378D68278E95A2E860F6F2CB60ED5
                SHA1:7571A881A496CFEA4AF17214CAD7544838CBEE8C
                SHA-256:7E17F1175AA9C44857E6791F935ECC703D03A5A435109512522D872F29ECC5A4
                SHA-512:1C512E594778C8A0B3196797A707CA34B8E89A0DF07798FFDB592F4C6FBACAA29E1F8A386ECA28024862938FF39CBC8FC1DE8B26EA0B922CEF1AA1C52D4F307E
                Malicious:false
                Reputation:low
                Preview:<?xml version="1.0" encoding="iso-8859-1"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<title>Kiwi Syslog Daemon Readme</title>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />..<style type="text/css">..div{...font-family: Arial, Helvetica, sans-serif;...font-size: 12px;...width: 800px;...color: #333333;..}..h1{...color: Black;..}....h2{...color: Black;..}..h3{...color: #006699;..}....h4{...color: Red;..}..hr{...color: Gray;...height: 1px;..}....a{...color: #0033CC;...text-align: left;...text-decoration: none;...}....a:link,a:visited{...color: #0033CC;...text-decoration: underline;...}..a:hover{...color: #FF0000;...text-decoration: none;. ...}...hand {...pointer: hand;....cursor: hand;.....}..ul{...list-style: square;....list-style-image: url(Kiwi_bp.gif);....}..li{...padding-right: 2px;...margin-right: 2px;..}..</style>..</hea

                C:\Program Files (x86)\Syslogd\RestSharp.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):192304
                Entropy (8bit):6.277091636774502
                Encrypted:false
                SSDEEP:
                MD5:BE34F9F312AE8F8EEB42697C8056F832
                SHA1:E60A0BFEFCC7A393EC705B5075893D94786E3982
                SHA-256:7355F6DD917F751D84B60BB46467283F70BD84D87F95D0E44EBC7AA27E61B7B6
                SHA-512:407D06795BEAD3EC3E0D3B366423CAA0314CC24DF99A345EDE2FE42F49566DF04BD65FB03A9E92426D3363D745DA662CD3CF3056E15DBCBE0E4B40C6FC9D53D2
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....j..........." ..0.............6.... ........... .......................@.......G....`.....................................O.......................0.... ..........T............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........d...................|.........................................(2...*^.(2..........%...}....*:.(2.....}....*:.(2.....}....*:.(2.....}....*....0..a.........(.....o....oe....o\....o....o~..... ...%..oR....%..o!....(........o........(......(......(....*....0..S.........(.....o....oe....o\....o....o~..... ...%..oR....%..o!....(........o........(....*..0..y.......s.......}9.....}:..... ...%..{9...oR....%..{:...o!...........s3...(...+(...+..o6...,"r...p........s7...(...+

                C:\Program Files (x86)\Syslogd\Scripts\Script_AlertOnMissingMessages.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):2328
                Entropy (8bit):4.768586421955557
                Encrypted:false
                SSDEEP:
                MD5:BE9E043608C9D6EC24FA91FC6DA6F304
                SHA1:A00F7062F03213FA51D25AEE92AA3370A74E34DA
                SHA-256:66C234957638F7F2E53871BD593974E5AC78B3112EEC8C7D6427766232936AAB
                SHA-512:D366A87C912EDF716FBEB72DD777F73B348FD28A9DCA7D72535F6AB133F104204C974DBE2BCEA60ED1FF8D5EFF40F4F5C0579549C30544F770B2D3566FB0137B
                Malicious:false
                Reputation:low
                Preview:Function Main()....' This script will watch a list of sending hosts for incomming messages..' If the host has been silent during the hour, an e-mail will be sent...' The notification is sent on the hour..' Enable the KeepAlive input and have it send a message every 60 seconds.....Dim MySplit..Dim MyLineSplit..ReDim MySilentHost(1)..Dim X..Dim C..Dim MySendTo, MySendFrom, MySubject, MyMsg....Main = "OK"....If Fields.VarInputSource = 3 then .. With Fields .. ' Check to see if the minutes are "00" (on the hour).. If Mid(.VarTime,4,2) = "00" then .. . MySplit = Split(.VarGlobal01, "|").. ' Loop through store and find any addresses that have not been active (contain :0).. For X = 0 to Ubound(MySplit)... MyLineSplit = Split(MySplit(X), ":").. ' Add the IP address to the notification list .. If MyLineSplit(1) = "0" then .. C = C + 1.. If C > Ubound(MySilentHost) then ReDim Preserve My

                C:\Program Files (x86)\Syslogd\Scripts\Script_ContainsTest.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):246
                Entropy (8bit):4.706873908425281
                Encrypted:false
                SSDEEP:
                MD5:94A2192FFB9B5BC627336A43347841D0
                SHA1:B9F4CC7F4D5CC8D9E8CB02730DC881634C6525E9
                SHA-256:318A5146BD7061A1CBC773F58297BB26CBE5951F9B269100CC3F0A8EA7CC4631
                SHA-512:B27504E2E2D8B3A006A3BBA290E35706D128E5F6526617AEA103DE6D40B569CF80D8F2DBE44C312C55B279BB8CFB9638345B4AB8046514E368927B3D87AA53DC
                Malicious:false
                Reputation:low
                Preview:Function Main()....' The fields are available via the Fields object....If instr(Fields.VarCleanMessageText,"Test") = 0 then Fields.ActionQuit = 1....' Set the return value to indicate that the script ran correctly....Main = "OK"....End function..

                C:\Program Files (x86)\Syslogd\Scripts\Script_CountLinkFailures.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):233
                Entropy (8bit):4.806398999572642
                Encrypted:false
                SSDEEP:
                MD5:B7B78BCBF049AFA549C5AD3B2A948914
                SHA1:B3A265EF0AE5D2964E1297B2972E13FA6F9A787F
                SHA-256:A7BC4198F798857568B948450C0369D3AB9117E89E1A1A0D967F2BD89DC82DB7
                SHA-512:85039CC005582F6329DC06BDF3933A2D83F4DD324A22BC94A315B28F4D41928B03611711B66979CA41B3D99C252A52D938536CC91DDE8291B64244553B355711
                Malicious:false
                Reputation:low
                Preview:Function Main()....If Instr(lcase(Fields.VarCleanMessageText),"link down") > 0 then .. If lenb(Fields.VarStats01) = 0 then Fields.VarStats01 = 0.. Fields.VarStats01 = Fields.VarStats01 + 1..End if....Main = "OK"....End Function..

                C:\Program Files (x86)\Syslogd\Scripts\Script_Example.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):3533
                Entropy (8bit):4.957416522617283
                Encrypted:false
                SSDEEP:
                MD5:54199C663207D1757B473F606338C6ED
                SHA1:E78AB10701D0FA2EF4CEABCDB77BBEACE80FDD29
                SHA-256:A3FB9E9DD614A60FAA4205F4327B1201E8E88B4CD530C605A091BFDAA6C5565F
                SHA-512:F2394A89DEBF6E06B03597EE78C3B0C0B10AE94B79B037D3766C614FD507F1C4E8BDCABFB3DF27A3686A6DCB480B21E77B50CAF1A5A0DB8060D0300DE24D4236
                Malicious:false
                Reputation:low
                Preview:Function Main().... ' Replace instances of "cat" with "dog" within the message text field.. Fields.VarCleanMessageText = Replace(Fields.VarCleanMessageText, "cat", "dog")...... ' Set the return value to indicate that the script ran correctly.. Main = "OK"....End function......' -------------------------- Extra Info --------------------------------..' ....' Here are some examples of the fields that can be accessed and modified..' More information can be found in the help file. ....' Note: This extra info is not required for the script to run and can be removed......' // Common fields..' VarFacility..The facility value of the message. Ranges from 0 to 23..' VarLevel..The level value of the message. Ranges from 0 t 7..' VarInputSource.The input source of the message. 0=UDP, 1=TCP, 2=SNMP..' VarPeerAddress.The IP address of the sending device. If the message has been forwarded, this value contains the original address...' VarPeerName..The host name of the sending device. (DNS l

                C:\Program Files (x86)\Syslogd\Scripts\Script_Example_JScript.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1057
                Entropy (8bit):5.024451532624873
                Encrypted:false
                SSDEEP:
                MD5:4A75874714705E65F5F710E62DA185EE
                SHA1:B252215EA41229CEB7856180B06958E64D88D85B
                SHA-256:CAE0D9F4871CF9ECF7FFCB51F81483ED627428550FB3989C7A8C9A99A15F8825
                SHA-512:A8F25D03CE5E3491DF787773C8872CF8E755546F061452607F6B8C83775AC813555013BD7916FC7D07A19E4EE68582E7309A516C60B4E6F1CF81D447D03A87AD
                Malicious:false
                Reputation:low
                Preview:function Main() {.. .. // This script uses the following message as the sample Fields.VarRawMessageText.. // "Logon/Logoff From Vpn123: 2019 Dec 04 09:13:49.680 EST -5:00 %IKE-6-25: RPT=92: 192.168.1.20: Group [KIWIGROUP] User [joeuser] in ID Payload: Address 192.168.1.10, P".. // .. // Ensure that the Fields read/write permissions are set as below when testing..... //.. // Read | Write.. // Common fields X |.. // Other fields X |.. // Custom fields X | X..... var strSource = VarRawMessageText;.. var iStart = strSource.indexOf("Group [");.. var iEnd = strSource.indexOf("]", iStart);.. VarCustom01 = strSource.substring(iStart+7,iEnd); .. var iStart = strSource.indexOf("User [");.. var iEnd = strSource.indexOf("]", iStart);.. VarCustom02 = strSource.substring(iStart+6,iEnd); .. iStart = strSource.indexOf("ID Payload: Address ");.. iEnd = strSource.indexOf(",", iStart);.. VarCustom03 = strSou

                C:\Program Files (x86)\Syslogd\Scripts\Script_Example_PerlScript.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1368
                Entropy (8bit):5.0200681828668685
                Encrypted:false
                SSDEEP:
                MD5:D4558807408AFE1D61F07A5D39875F79
                SHA1:16576C45904F1339261E427228E1BBAC1CC43981
                SHA-256:187A8D42DB207C5560387AC319BEEAC09507A51E13B64F6A4C957B8A20EBF93B
                SHA-512:2D5DFB8BDEF13A2C6C47740B457F80A7E4C41A0C46E22CF731DC56D33B035A42861FC51E52E1C08E3F867CD92EC252D452393905E0AFB5E4C48F42FB1712D4B3
                Malicious:false
                Reputation:low
                Preview:sub Main{ .... # This script uses the following message as the sample Fields.VarRawMessageText.. # "Logon/Logoff From Vpn123: 2019 Dec 04 09:13:49.680 EST -5:00 %IKE-6-25: RPT=92: 192.168.1.20: Group [KIWIGROUP] User [joeuser] in ID Payload: Address 192.168.1.10, P".. # .. # Ensure that the Fields read/write permissions are set as below when testing..... #.. # Read | Write.. # Common fields X |.. # Other fields X |.. # Custom fields X | X..... # Gather message text information from Fields objects.. $source = $Fields->{VarRawMessageText}; .. $istart = index($source, "Group [");.. $iend = index($source, "]");.. $group = substr($source, $istart+7, $iend - ($istart+7));.. # Assign value to Fields.VarCustom01 .. $Fields->{VarCustom01} = $group;.. $istart = index($source, "User [");.. $iend = index($source, "] in ID Payload");.. $User = substr($source, $istart+6, $iend - ($istart+6)); .. # Assign v

                C:\Program Files (x86)\Syslogd\Scripts\Script_Example_Python.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1002
                Entropy (8bit):5.096616679301125
                Encrypted:false
                SSDEEP:
                MD5:16DF4157107AC43D33D50FCB4BC94A2F
                SHA1:8769B8F46E9B2D36FA7DA3D73993ADA3DD32C92F
                SHA-256:9901088658768C99D0C3E653FE6E4A5856A651D9680798C4162A4D8F24D5E254
                SHA-512:923A2F53782957B7AAB012128F375DEB6D8DF5D8A7C75A3CFCFF4FD60474644FEA753416D4BABCAEEFEFCB38CB52AC49AA56BDF464FB3441204BCA962CEA8DCA
                Malicious:false
                Reputation:low
                Preview:def Main():.....# This script uses the following message as the sample Fields.VarRawMessageText.. .# "Logon/Logoff From Vpn123: 2019 Dec 04 09:13:49.680 EST -5:00 %IKE-6-25: RPT=92: 192.168.1.20: Group [KIWIGROUP] User [joeuser] in ID Payload: Address 192.168.1.10, P".. .# .. .# Ensure that the Fields read/write permissions are set as below when testing..... .#.. .# Read | Write.. .# Common fields X |.. .# Other fields X |.. .# Custom fields X | X......strStatus = "OK"....strSource = Fields.VarRawMessageText... .iStart = strSource.find("Group [").. .iEnd = strSource.find("]",iStart+7).. .Fields.VarCustom01 = strSource[iStart+7:iEnd]...iStart = strSource.find("User [").. .iEnd = strSource.find("]", iStart+6).. .Fields.VarCustom02 = strSource[iStart+6:iEnd]...iStart = strSource.find("ID Payload: Address ").. .iEnd = strSource.find(",", iStart+20).. .Fields.VarCustom03 = strSource[iStart+20:iEnd]...return strStat

                C:\Program Files (x86)\Syslogd\Scripts\Script_Example_RubyScript.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1013
                Entropy (8bit):5.108649415071481
                Encrypted:false
                SSDEEP:
                MD5:3CB33615E5B29D49E7FA73D967E5602E
                SHA1:490C9253E411A72A0CF79ED3558BB1898145334E
                SHA-256:815C88457C70963A3F6A82EAC888C8ED19CDDD1E37989AEFD74CC4B607DA0738
                SHA-512:643C179F5780025D1D7B1BAA2DA6A611CCDEB6B6DA0A96A8F113A0E4B155CB949988A6CC5A0958EDCA909811C4D03CEFC6C72BABA6832A6044FDFD6E4D373C91
                Malicious:false
                Reputation:low
                Preview:def Main()......# This script uses the following message as the sample Fields.VarRawMessageText.. .# "Logon/Logoff From Vpn123: 2019 Dec 04 09:13:49.680 EST -5:00 %IKE-6-25: RPT=92: 192.168.1.20: Group [KIWIGROUP] User [joeuser] in ID Payload: Address 192.168.1.10, P".. .# .. .# Ensure that the Fields read/write permissions are set as below when testing..... .#.. .# Read | Write.. .# Common fields X |.. .# Other fields X |.. .# Custom fields X | X.......strStatus = "OK"....strSource = Fields.VarRawMessageText... .iStart = strSource.index('Group [').. .iEnd = strSource.index(']'). ....Fields.VarCustom01 = strSource[iStart+7..iEnd-1]...iStart = strSource.index('User [').. .iEnd = strSource.index(']', iStart)...... .Fields.VarCustom02 = strSource[iStart+6..iEnd-1]...iStart = strSource.index('ID Payload: Address ')... .iEnd = strSource.index(', P')... .Fields.VarCustom03 = strSource[iStart+20..iEnd-1]....return(st

                C:\Program Files (x86)\Syslogd\Scripts\Script_Example_VBScript.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1153
                Entropy (8bit):4.904973476608746
                Encrypted:false
                SSDEEP:
                MD5:C7D804D60C27FB7C7680534A497A3626
                SHA1:747E66246FB0275C863D1E86AE9B09A4438E51B2
                SHA-256:902C1FA2B8349B86D3ABA81600D18AEA7667096FE74F1E333F9E95F848D3D3F9
                SHA-512:E53B0907402AAED3EC002932D65B09372045083E75445702FC655108DF8D3500585394096F1F931708FF04A3898D26E4DEA414654F30268188D459E5B6D7A3AF
                Malicious:false
                Reputation:low
                Preview:..Function Main().... ' This script uses the following message as the sample Fields.VarRawMessageText.. ' "Logon/Logoff From Vpn123: 2019 Dec 04 09:13:49.680 EST -5:00 %IKE-6-25: RPT=92: 192.168.1.20: Group [KIWIGROUP] User [joeuser] in ID Payload: Address 192.168.1.10, P".. ' .. ' Ensure that the Fields read/write permissions are set as below when testing..... '.. ' Read | Write.. ' Common fields X |.. ' Other fields X |.. ' Custom fields X | X..... strSource = VarRawMessageText.. intStart = InStr(1, strSource, "Group [").. intEnd = InStr(1, strSource, "]").. strGroup = Mid(strSource, intStart + 7, intEnd - (intStart + 7)).. VarCustom01 = strGroup.. intStart = InStr(1, strSource, "User [").. intEnd = InStr(intStart, strSource, "]").. strUser = Mid(strSource, intStart + 6, intEnd - (intStart + 6)).. VarCustom02 = strUser.. intStart = InStr(1, strSource, "ID Payload: Address ").. intEnd = InStr(i

                C:\Program Files (x86)\Syslogd\Scripts\Script_Linksys_Logging.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):2569
                Entropy (8bit):4.9227609250837885
                Encrypted:false
                SSDEEP:
                MD5:6157B8380DC4F9741D488E77C003FBD3
                SHA1:95072BDE268D84DB80CA258FBAE57835D5EF12DA
                SHA-256:AE7D303E92AA51C874A32DF385AD901482E19BAF170C99446F866DE2C86AA836
                SHA-512:7AD59FEF1D4F8E9EF9B2F4D735995A4F45C2712F831712108BB77F991A93802C07545E79B7B6A346EEDEC1A0E27826868E9A23786D5A95026317B8162EFF00F4
                Malicious:false
                Reputation:low
                Preview:Function Main()....' This script will determine if the message received is an SNMP ..' trap. If it is then it will log it to a particular log file ..' based on the whether it is inbound or outbound.....' Note: This script requires Read access to "Other fields" variables...' Ensure that the Fields read/write permissions are set as below.....'..' Read | Write..' Common fields X |..' Other fields X |..' Custom fields | X....Dim sTemp..Dim s ..Dim e..Dim fso..Dim OutputFile..Dim MsgHeader..Dim sPriority....Const ForReading = 1..Const ForWriting = 2..Const ForAppending = 8....' Directory path and file names to log to..Const FilePath = "C:\Program Files\Syslogd\Logs\"..Const iFile = "inboundTraps.txt"..Const oFile = "outboundTraps.txt"..Const eFile = "allOtherTraps.txt"....' Check to ensure that the message is a SNMP trap..' If it isn't then exit the script..If Fields.VarInputSource <> 2 Then.. ' Set the return value to indicate the script.. ' ran successf

                C:\Program Files (x86)\Syslogd\Scripts\Script_Log_snare_events_to_odbc.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with very long lines (405), with CRLF line terminators
                Category:dropped
                Size (bytes):3801
                Entropy (8bit):5.228963192905767
                Encrypted:false
                SSDEEP:
                MD5:DB6E3759F7EC2F1DA6FAAAED08C2C837
                SHA1:1529F4D28C036B70C0E115019F1193908ECA49F2
                SHA-256:67BBC01FBEF5C10B120CB21C0AB1EA0EBFFD061C4F83775D397096F702F68D79
                SHA-512:D5D209526EF85B4D95C3F8B0924D6FCD5A8A401E0002299A7DC7BEDAD7C66ADD874E6E96D82DC6F04ECB5C23461A316E4DB152AB72B54EE046E2AEF274CA368D
                Malicious:false
                Reputation:low
                Preview:Function Main()....Main = "OK"....' Note: This script requires Read access to "Other fields" variables...' Ensure that the Fields read/write permissions are set as below.....'..' Read | Write..' Common fields X |..' Other fields X |..' Custom fields | ..'....' This script will parse Snare events and write the data to the specified database...' The database table must already contain the following text fields.....' MsgDateTime,MsgPriority,MsgHostname,EventLevel,EventSource,EventID,EventUsername,EventComputer,MsgText....Dim MyFields..Dim MyDSN..Dim MyTable..Dim SQLcmd....MyDSN = "DSN=KiwiSyslog;"..MyTable = "Syslogd"..MyFields = "MsgDateTime,MsgPriority,MsgHostname,EventLevel,EventSource,EventID,EventUsername,EventComputer,MsgText"....' SQL command to create the table:..' CREATE TABLE Syslogd (MsgDateTime DATETIME,MsgPriority TEXT(30),MsgHostname TEXT(255),MsgText MEMO,EventLevel TEXT(255),EventSource TEXT(255),EventID TEXT(255),EventUsername TEXT(255),Even

                C:\Program Files (x86)\Syslogd\Scripts\Script_Log_to_file.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1027
                Entropy (8bit):4.847717086511533
                Encrypted:false
                SSDEEP:
                MD5:BE9A602557C626D76CBEF596FFD5EF3E
                SHA1:1823E6E590B6BD17B1DAD5BDC7BF3D53513D63D3
                SHA-256:2A9CD4F29587E31919F3A78D14FBF6201891EAC23BCE8AF5CD504B657D82DEE2
                SHA-512:A71FA411FA6902409AAA2FDB4A06B31C2C38AD4828991AF66EA05706A4DC4DDDD253B7CE44EF6A24DFCA2ADF901C9E5B87E6174A4E3A01E08BD112EAB36DB947
                Malicious:false
                Reputation:low
                Preview:Function Main()....Main = "OK"....' Note: This script requires Read access to "Other fields" variables...' Ensure that the Fields read/write permissions are set as below.....'..' Read | Write..' Common fields X |..' Other fields X |..' Custom fields | X..'....' This script will write to the specified filename using a tab delimited format...' AutoSplit syntax values can be used in the filename if you want...' To have the filename contain the current hour of the day, use %TimeHH..' Example: Filename = "C:\Program files\Syslogd\Logs\TestLog%TimeHH.txt" ....Filename = "C:\Program files\Syslogd\Logs\TestLog.txt"..MsgPriority = "Local7.Info"..MsgHostAddress = Fields.VarPeerAddress..' Use the date and time from the current message..MsgDate = Fields.VarDate & " " & Fields.VarTime..MsgText = "This is a test message from the scripting action"....Data = MsgDate & vbtab & MsgPriority & vbtab & MsgHostAddress & vbtab & MsgText....Call Fields.ActionLogToFile(Filena

                C:\Program Files (x86)\Syslogd\Scripts\Script_Log_to_odbc.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1436
                Entropy (8bit):5.096022404272513
                Encrypted:false
                SSDEEP:
                MD5:99D73F71D162BF3D295DD96CFFEDFE99
                SHA1:0799577770D161B24D0DD60CB56309817C73687D
                SHA-256:F35BACA872BA8887ECA042645180CFF3CE05B5F90691E4E6FA2B467A7B6A4F74
                SHA-512:99BA21330F0BE64C7B13D69019478403600FBBD8FBB1C8FA94391FAEF67C203C1D2A4A91802EB38800FCD071A324E04FAE3BCB6C3030C63DE45B571BB0B74294
                Malicious:false
                Reputation:low
                Preview:Function Main()....Main = "OK"....' Note: This script requires Read access to "Other fields" variables...' Ensure that the Fields read/write permissions are set as below.....'..' Read | Write..' Common fields X |..' Other fields X |..' Custom fields | ..'....' This script will write data to the specified database.....Dim MyFields..Dim MyDSN..Dim MyTable..Dim SQLcmd....MyDSN = "DSN=KiwiSyslog;"..MyTable = "Syslogd"..MyFields = "MsgDate,MsgTime,MsgPriority,MsgHostname,MsgText"....' MS Access DB SQL INSERT command example: ..' INSERT INTO Syslogd (MsgDate,MsgTime,MsgPriority,MsgHostname,MsgText) VALUES ('2004-08-08','13:26:26','Local7.Debug','host.company.com','This is a test message from Kiwi Syslog Daemon')....With Fields.. ' Construct the insert statement.. SQLcmd = "INSERT INTO " & MyTable & " (" & MyFields & ") VALUES (" & _.. Quote(.VarDate) & "," & Quote(.VarTime) & "," & _.. Quote(.ConvertPriorityToText(.VarPriority)) & "," & _..

                C:\Program Files (x86)\Syslogd\Scripts\Script_Lookup_PIX_message.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):2064
                Entropy (8bit):4.891490963874249
                Encrypted:false
                SSDEEP:
                MD5:D61CC4C127A6679D67D0FA0624B79603
                SHA1:C9F35D429B9B803BB47AC5DD1CB2607A64076253
                SHA-256:BEEFA0C55D09CA5677AC1E16409A1C4971C00A21E73041D5739B955B214F5129
                SHA-512:E3DE2F132C885C1F9D4BE207E29DA920E112484D077E8D0E09E652B968658A5CF5A7BA6DC7EF8240E12BA8354AFF3A26C267F5929B9FEC318573B50602BA5E43
                Malicious:false
                Reputation:low
                Preview:Function Main()....' Set the return value to OK..Main = "OK"....' By default, skip to the next rule, don't take the actions that follow..' If we exit the function before we get to the end, the default 'skip to next rule' ..' will be used...Fields.ActionQuit = 100....' Example of a PIX message..' %PIX-4-209004: Invalid IP fragment.......Dim M ' Message..Dim E ' Explanation..Dim A ' Action....' Copy message to local variable for speed..M = Fields.VarCleanMessageText....' If message length is too short, exit function..If Len(M) < 15 then exit function....' Grab the first 15 chrs..M = Left(M,15)....' Check the message is a valid PIX message..If Mid(M,1,5) <> "%PIX-" then exit function....' Add any additional checks you want to perform here....' Grab the important part ("4-209004")..M = Mid(M,6,8)....E = ""..A = ""....Select Case M.. Case "4-209004".. E = "An IP fragment is malformed. The total size of the reassembled IP packet exceeds the maximum possible size of 65,535 bytes".. .A

                C:\Program Files (x86)\Syslogd\Scripts\Script_ParseSnapGearSrc.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1606
                Entropy (8bit):4.8876230647050605
                Encrypted:false
                SSDEEP:
                MD5:9789A1272830E9DC4282035DB47920B7
                SHA1:E673F2D1A61CFAB4C0BD80B905B3523C32FC63B3
                SHA-256:6D071F0792449701DAB65A40EF41C1D15C7A02E42B76FAC4B1719ADF5B096E91
                SHA-512:DEFF68A75C3648566FBCE4E8460B22908AE6A330A278B1796C7DB7C840F0D2C3F0AA144370C4DF626AAEF6BCF7E7519C57277CCCFE1B3470EDD08E43E22BF50B
                Malicious:false
                Reputation:low
                Preview:Function Main() ....' This script will parse a SnapGear router log file and pass the source IP and hostname..' to custom variables. These values can then be passed to other actions.....' SnapGear uses the Linux based Klogd which is common to a lot of network appliances..'..' Ensure that the Fields read/write permissions are set as below.....'..' Read | Write..' Common fields X |..' Other fields |..' Custom fields | X..'..'..' SnapGear message looks like this.....' gateway klogd: Default - dropped: IN=ppp0 OUT=eth0 ..' SRC=24.172.65.55 (rrcs-midsouth-24-172-65-55.biz.rr.com)..' DST=168.100.181.126 (dhcp-126) LEN=92 TOS=0x00 PREC=0x00 ..' TTL=112 ID=21470 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=19690....' We want to find the source IP address and hostname and pass them to custom variables....Main = "OK" ......Dim S..Dim E..Dim B..Dim MyIP..Dim MyHost..Dim MyMsg..Dim MySubMsg....With Fields.. ' Clear any existing values.. MyIP = "".. MyHost = ""..

                C:\Program Files (x86)\Syslogd\Scripts\Script_ReplaceText.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):241
                Entropy (8bit):4.731709420956153
                Encrypted:false
                SSDEEP:
                MD5:7B2D7C61F6B867734BFE5BAE090D9757
                SHA1:80F928116E9BE20445C99046D8AA8C2800660A26
                SHA-256:514DE177D0DDFE45BD053D1008E20C8D6AAB6E04DB311A5C46E7C543FFBB372C
                SHA-512:32938EDECACE378DAEA610FCABC05B1A27F0A1285FDB6BFB0E5E32C323BA28437D02E63DA5795C98976CA3F273D082077EF6773860E029C8171D30F58A9C1E42
                Malicious:false
                Reputation:low
                Preview:Function Main()....' Replace cat with dog within the message text field..Fields.VarCleanMessageText = Replace(Fields.VarCleanMessageText, "cat", "dog")....' Return OK to tell syslog that the script ran correctly...Main = "OK"....End Function

                C:\Program Files (x86)\Syslogd\Scripts\Script_Send_Email.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1440
                Entropy (8bit):4.869361460717827
                Encrypted:false
                SSDEEP:
                MD5:694E9A2DF3EF5586F0053CC381D7C1E3
                SHA1:BCA6AD855DD057046AF1853CA200CC7B7C8BBD69
                SHA-256:F7E1104C931527AAA9AF220F365618142307A40CE48480190AE014A884B674DC
                SHA-512:6A9F0304A08276C73CFD03CDF3B452C99A0407ADE1399B9C4D10CC570680E884457D48EC7443F1A0D0366B6B6323182055B6E701DC3ADD28FD16929F38C2A0E8
                Malicious:false
                Reputation:low
                Preview:Function Main()....'** Fields.ActionSendEmail(MailTo, MailFrom, MailSubject, MailMessage [, MailImportance, MailPriority, MailSensitivity] )..'** Function: Sends an e-mail to the addresses specified..'** Return value: None..'** ..'** Importance, Priority and Sensitivity E-mail Delivery Option parameters are optional...'** ..'** E-mail Delivery Options..'** These parameters allow for the importance, priority and sensitivity flags of the e-mail message to be specified. ..'** The e-mail recipients will recieve the messages with the various importance/priority/sensitivity levels set accordingly. ..'** ..'** MailImportance: 0 - Unspecified (Default) ..'** .. 1 - High..'** .. 2 - Normal..'** .. 3 - Low..'** ....'** MailPriority: 0 - Unspecified (Default)..'** .. 1 - Normal..'** .. 2 - Urgent..'** .. 3 - Non-Urgent..'** ..'** MailSensitivity: 0 - Unspecified (Default)..'** .. 1 - Personal..'** .. 2 - Private..'** .. 3 - Confiden

                C:\Program Files (x86)\Syslogd\Scripts\Script_Send_Syslog.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):499
                Entropy (8bit):4.8121209290725595
                Encrypted:false
                SSDEEP:
                MD5:2126353A8996CBBE68696618AC89D617
                SHA1:F4A3CA54ACEDCC28F8B641FBA6C6743D07D0EAA4
                SHA-256:0D28EEB4EFC27B2D72413CE79F19FC2E0F31C8CC6954AEFD1FBE01A4D63E7903
                SHA-512:3E4DA6A9E3FBAC5099DA64459BD673F04668FED0CA677EB6ED322A4B188C9D4C38FED7FEDC9115DFF10E780F8BF78B6817F4FCB173CAFBAF4B7681091EC12B0E
                Malicious:false
                Reputation:low
                Preview:Function Main()....Main = "OK"....Dim Hostname, Priority, Port, Protocol....Hostname = "10.0.0.1" ' Remote syslog host..Priority = 190 ' Local7.Debug..Port = 514 ' Use the standard syslog port..Protocol = 0 ' 0=UDP, 1=TCP....' Construct the syslog message by adding <PRI> value to the front of the text..Message = "<" + Cstr(Priority) + ">" + "This is an example of a syslog message"....Call Fields.ActionSendSyslog(Hostname, Message, Port, Protocol)....End function..

                C:\Program Files (x86)\Syslogd\Scripts\Script_SplitMessageInfoFields.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):3790
                Entropy (8bit):5.004948364682309
                Encrypted:false
                SSDEEP:
                MD5:B3014DDF182CE6496BD1E0D44D3FD13C
                SHA1:BC4BC40D5DCA6A6F366E9E2CD3C3B1BA6176AB1F
                SHA-256:8C05D7D0E851DAE0ECB6F623312692FD3B1722119E59A764F7F55B67E14635E4
                SHA-512:AC2D5176047E3597C9199E41AAC5BD9708F3719D1EA46035F3486A33A58F3E5E1C763F1A5DF37402081CFF6205C17D4ECE1DBBB5F1DFAE43EF141E5A695658C2
                Malicious:false
                Reputation:low
                Preview:Function Main()....' // This script will split the space delimited message text into separate custom fields....' // Dim the variables..Dim SplitData..Dim Max....' // Split the data into an array based on the " " (space) delimiter..SplitData = Split(Fields.VarCleanMessageText," ")....' // Find the number of fields..Max = Ubound(SplitData)..If Max => 0 then Fields.VarCustom01 = SplitData(0)..If Max => 1 then Fields.VarCustom02 = SplitData(1)..If Max => 2 then Fields.VarCustom03 = SplitData(2)..If Max => 3 then Fields.VarCustom04 = SplitData(3)..If Max => 4 then Fields.VarCustom05 = SplitData(4)..If Max => 5 then Fields.VarCustom06 = SplitData(5)..If Max => 6 then Fields.VarCustom07 = SplitData(6)....' // Set the return value to indicate that the script ran correctly..Main = "OK"....End function....Function Info()....' // Common fields..' VarFacility..The facility value of the message. Ranges from 0 to 23..' VarLevel..The level value of the message. Ranges from 0 t 7..' VarInputSource.The

                C:\Program Files (x86)\Syslogd\Serilog.Settings.Configuration.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):82432
                Entropy (8bit):5.962487886517889
                Encrypted:false
                SSDEEP:
                MD5:443989ACD2DA8A49EB7A2ABE0D71E916
                SHA1:9229067C9F7C436654F59E2A85C8488A9A91ACAE
                SHA-256:DD5DBAA446E297063EC58D4A2C427494510022CCE1CDF2FC53B0472D7FB211AA
                SHA-512:73FF774FE3D65B363D62FB8B384475B600F3ECE0F5BE204E78BF1E0C4C7D85386A80888E65A3FB8B24A1B75CD13241A10AF01F353BDED0544E1A34CE7ECA0C3B
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._:..........." ..0..8...........V... ...`....... ...............................5....`.................................OV..O....`..............................`U..T............................................ ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H.......Hq.......................T........................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. X..& )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*..{"...*..{#...*V.(......}".....}#...*.0..A........u........4.,/(.....{"....{"...o....,.(.....{#....{#...o....*.*.*. %... )UU.

                C:\Program Files (x86)\Syslogd\Serilog.Sinks.File.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):33280
                Entropy (8bit):5.665095862444878
                Encrypted:false
                SSDEEP:
                MD5:C25357A7950DCFC7F85EE9D593CB1A24
                SHA1:6A533712852465AB3C11B5C76004312D6482F07F
                SHA-256:5B70DC2EECEB1963F9C3690C1CC8FFA793B280E903FA9A31780E6A7BB0BDFCF9
                SHA-512:30CA628B17B2A51BD9974FE1380CAF728E7826C2BB552E4BC5AC15BE8F819E908FC1744932DB23734FEC64E0F2C758372D8C49D019407EFDFB076133C6DF70C6
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^.H..........." ..0..x............... ........... ....................................`....................................O......................................T............................................ ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B........................H........=...V..................P.........................................(!...*^.(!......G...%...}....*:.(!.....}....*:.(!.....}....*..(!...*..(!...*..(!...*..{....*:.(!.....}....*..(!...*..{....*:.(!.....}....*..{....*^.(!......H...%...}....*:.(!.....}....*..{....*..{....*z.(!.....}.......H...%...}....*V.(!.....}......}....*..(!...*..{....*:.(!.....}....*..{....*:.(!.....}....*...0..,.............................................(....*.0..*...................................

                C:\Program Files (x86)\Syslogd\Serilog.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):136704
                Entropy (8bit):6.056526312723789
                Encrypted:false
                SSDEEP:
                MD5:35B1B9F1538CBDAB039F4A79826041FE
                SHA1:579E87E72FE76E62089631BF8A01DFBAB2AF5226
                SHA-256:5C2F34412502F6C5A5AA9226B71F4809AA73BF90F46C79FAEB97172955178B26
                SHA-512:006BF743A27D7D0CB5038483FBC4C98F293F9815F58C92FF29DD4DCEBB8931079C49C393DE6F805041D8200AF8791473CFA398BC603F3055BBF45C32A1EB48D0
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...BHX..........." ..0..............+... ...@....... ...............................g....`..................................+..O....@.......................`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......\....w..................T*........................................{+...*..{,...*V.(-.....}+.....},...*...0..A........u........4.,/(.....{+....{+...o/...,.(0....{,....{,...o1...*.*.*. ... )UU.Z(.....{+...o2...X )UU.Z(0....{,...o3...X*...0..b........r...p......%..{+......%q.........-.&.+.......o4....%..{,......%q.........-.&.+.......o4....(5...*..{6...*..{7...*V.(-.....}6.....}7...*.0..A........u........4.,/(.....{6....{6...o/...,.(0....{7....{7...o1...*.*.*. .T.2 )UU.

                C:\Program Files (x86)\Syslogd\Skins\B-studio.skn

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):397115
                Entropy (8bit):4.804849205962185
                Encrypted:false
                SSDEEP:
                MD5:18941028D9F35A42F97D8581CAD3C01D
                SHA1:B73AAD3251C5084FE90C87888F2401BD87A0CBEB
                SHA-256:50B2E12B33BEFC0D7AF7DC84450403A81E1F230B51DBE0601F3390520C592713
                SHA-512:499A2E10EAF44128D4D496DB66DB51776B3832DD6A2BA8E8360E177FA05F1F9E9F8A2421600EE8ED48DDBDA0695E0503DCEA6682FF2703C3D824A300D00F5208
                Malicious:false
                Reputation:low
                Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                C:\Program Files (x86)\Syslogd\Skins\Green.skn

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):331997
                Entropy (8bit):3.1905521711450637
                Encrypted:false
                SSDEEP:
                MD5:7B97EB405A6A4CF4C15A38EED999C1CB
                SHA1:AA62638FAAE343C276173061A90F7639FC4D1D17
                SHA-256:7C73D799A672F23D4145009BD92D96D6777ED11C16CE899C361DA0B8730DA8F3
                SHA-512:FE2ABEE9D03EC8F7D3C35AA65A475B88DE2B86038F6AFA9803E20103F11E045089BAD48ECCEA09D5987968807B74243DB312444B68F2F7BDD2D4C9D32858E655
                Malicious:false
                Reputation:low
                Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                C:\Program Files (x86)\Syslogd\Skins\Media.skn

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):242199
                Entropy (8bit):3.9022630478632956
                Encrypted:false
                SSDEEP:
                MD5:486F901B766F08C1AA6B498A8D994077
                SHA1:0CE21EB658AAF590EAA521925557A7F27E88887D
                SHA-256:939CD6A0944790741A1AB66C0FBFE0825DD0F7F37F6AD60E4A9D95C3536286C0
                SHA-512:CE24B5B4E20FB29A867297F54872F9F85596FFCAA4D872DAD8CD6B2F15F0DBE29611DC2250F9A4C3BD0EC3009546902AE6F8525636D2B8C037D08B99C6329929
                Malicious:false
                Reputation:low
                Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                C:\Program Files (x86)\Syslogd\Skins\Syslogd_Texture_Aqua.gif

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:GIF image data, version 89a, 10 x 33
                Category:dropped
                Size (bytes):1014
                Entropy (8bit):3.2207484839717995
                Encrypted:false
                SSDEEP:
                MD5:D9EBA9935AB13D353A80FDF2700A0977
                SHA1:DB03903FC629E6F4B6AF41B08814EABEF67B5E7E
                SHA-256:69DAC1D5D4CC8647BC47C871A1AB9029E83A6B4F1BE8D976FEC198E77CA4A539
                SHA-512:B579D3F240C19DDE1CD311F542130C6C1540ED2118FE13247858E5679657D74B02A86A69B9D74A82C251DBDA66BB351C81A93E05DE409E828B5F03A6C6285A4A
                Malicious:false
                Reputation:low
                Preview:GIF89a..!.......Z..c..k..s..s..{..{.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................,......!........H0....7(\......"J.( ....h..q#...>....@.!..@.....+..y@..8g*@.SAO...4.9t.....6`..i.I.Dm. ....&`......`.j.J..... .-..-Z.e1...V....2`...C....r..7.......p8..#...x... Dt.l....1O.2...Pg.P!....&.=;..

                C:\Program Files (x86)\Syslogd\Skins\Syslogd_Texture_Muscle.jpg

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 70x70, components 3
                Category:dropped
                Size (bytes):1499
                Entropy (8bit):7.563833026697645
                Encrypted:false
                SSDEEP:
                MD5:15E5EA56917B56E7FCF1DCB9EC4C3304
                SHA1:BDD0AF4463D2DED66F490A132FF8191E1201ED7C
                SHA-256:9E6EA66E40E3C90507A82EAA7E9739FFEDA0FDF959B6726E071F794EDC8A7BA6
                SHA-512:488362CCA5340FFC627D91CFDD5DA2270EF7BBE9502D6CE7278F8CD797EFEE4780477F50A34B905FD97AF381E4CC318F90729B0B110D118B06DEFD028D93E9D0
                Malicious:false
                Reputation:low
                Preview:......JFIF.....`.`.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......F.F.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..3r..F.<TN[..G........w>...!.o.v.?..\.8....~L.{....N8A.ri...P..........Kd7.O..G..y....G."..c.U$...l.S.L..E..}.My!...=.!UT.....0;9...(5]..2.}.q.T.I.\..8..q....`r...).A..Y3G...D.%...$....Is'.......y3......Q.@?.9..rB....]6G.G..Z..... ..?...o....1V.x"...<.V.lK.<....z...A-....AI&..|.......o.......qb...6..?.=!......m...D`.<.@I...T.tT.8...ri+.X.;H..I..e..c......l

                C:\Program Files (x86)\Syslogd\Skins\Syslogd_Texture_Paper.gif

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:GIF image data, version 89a, 150 x 150
                Category:dropped
                Size (bytes):14181
                Entropy (8bit):7.818615120474352
                Encrypted:false
                SSDEEP:
                MD5:9032EC92E9F25624771051E63A71F625
                SHA1:E3D958C65A4549BD187CCDEFC8BE015D40B3739C
                SHA-256:391AD83E22465D365CDC760F0AB9AD9FEB4C36BBC817A54B7C0C01E812006887
                SHA-512:A73A391D0084D7C57ECC6DD20DD57EB226014ED4C221ECE88BC0F1B77EB3B2A43C52EC125F1298F53E7B3553F2B55F5DFCACDB10803EBE08257B42E816F90288
                Malicious:false
                Reputation:low
                Preview:GIF89a........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................,............_p..../..9h..../........._..p../zP4B. ...{pD).H..y.P............L`. $.Oz(.a...6&....$..*C..aD.G.Orj4.....6....B../L,..d"...ml.J.!P.$E.d.QoH.3.2-9s..'<....BT.EA..J#....1.k...lLH..@W.PD...q.K.

                C:\Program Files (x86)\Syslogd\Skins\Syslogd_Texture_Random.jpg

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 400x245, components 3
                Category:dropped
                Size (bytes):3439
                Entropy (8bit):7.016179059402628
                Encrypted:false
                SSDEEP:
                MD5:F9199C25D50ED341558F08275DFFF2D0
                SHA1:F5A5B4F3BE16731D10DA1781095AF5565988C7EC
                SHA-256:49160AE0B0B65F9B05DC79927E526514A53B6A08A322B71FC3597DD1EE4C9CED
                SHA-512:7288326BF7116AD5B8CFECB8D6F0080052A15CF9C5EE08F80B82F1970E776639B05A9082989AB791FE50247D24236EFE742A459324720859297B71BD88129F5A
                Malicious:false
                Reputation:low
                Preview:......JFIF.....`.`.....4Photoshop 3.0.8BIM.........`.......`......8BIM................8BIM'.................8BIM.......H./ff...lff........./ff...............2.....Z...........5.....-..........8BIM.......p................................................................................................................8BIM..............Adobe.d.........................#....#"....."................................................................................................................"..........?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.......................?...].&..3IFS..X..".QJ.(.."..H&N...S..R.$.!%,T..T..X..H...IH...H.(I.*.....$...v.Q...4I,..8A..3..3.S..I9+.$.I.,.xJ.R.I:JY)I1))yIFR...S..R.%...$.E..H%.$.I.. ....e2

                C:\Program Files (x86)\Syslogd\Skins\Syslogd_Texture_Wallpaper.jpg

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 128x128, components 3
                Category:dropped
                Size (bytes):3531
                Entropy (8bit):7.660940980031219
                Encrypted:false
                SSDEEP:
                MD5:34285EA6105A4FADAAD947B2A32B5E0F
                SHA1:9406AC8AC7B363C709C5D212A1896B9AD6DA4532
                SHA-256:A21FA1B0D4B266F100063911D19817D4CFCEE6BD02FC70B26DDD3B86DD2949AB
                SHA-512:3C3FA627F488B2C96DA638BACD2CA2BF0D4042E5C79153F1D3EA60A96BF427A13070E0183C550653EC7797A06DEF2EC858692C54592CFA1795E224432D80730D
                Malicious:false
                Reputation:low
                Preview:......JFIF.....H.H.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..U.....q..?..7...G....{.......Y.. ..q...I8.O........E^.f.....55G..........=3.........a......1s.g........|..V..?O.I'..a.(....`?..).!=.m.........=...).6..8.....cGx.8.i............&..i.vg?..)...#..@I....QG..?.T.i...4.Dp.=C.....).`..!y..>Q..I......E"....*?.....9.>.P?......z.:......&M..F..'?...........(..._......L..g...?....)?.Q..g.... =.F..G...\.9.u...g

                C:\Program Files (x86)\Syslogd\Skins\Winaqua.skn

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):96585
                Entropy (8bit):3.126965902124727
                Encrypted:false
                SSDEEP:
                MD5:D502EE617050EDBA7D5B0EACDA6D1899
                SHA1:76F0F2B8E89EBB54CE6E6E05DA71956EE0E770ED
                SHA-256:26C04853302DCD0AA6C868DED29438CF5B7B173E2FFC822A4B3F90DC78B98693
                SHA-512:DE443D87F0A2313334227B88F594A8F930F2DD34CD705E52C1388CECF8B8332C5D0FE3825C09087D70478B47A6F03F223071F77539634482967B48B3A0C7D7F6
                Malicious:false
                Reputation:low
                Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                C:\Program Files (x86)\Syslogd\Skins\platinum.skn

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):348561
                Entropy (8bit):3.3655077959832145
                Encrypted:false
                SSDEEP:
                MD5:04BE67298AE42A3F493A81692A00AB2E
                SHA1:9A9E63706566C951977AC8860E073B9700FF46EB
                SHA-256:E094D5EADA67F49B58F48C1596B2AB8833B49A9196EC25BBC88F82A79273D7E7
                SHA-512:83ECCD4642A93B20465484217E2B8351065AB36F3CCBBD23B9C3C5A51280B574F10829EE80650DD6E86D0426FA918FA78BA5C830DD47296BE61EFF06A08DBC44
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................~................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                C:\Program Files (x86)\Syslogd\SolarWinds.DatabaseConnectionStringBuilder.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):56176
                Entropy (8bit):6.167330514615338
                Encrypted:false
                SSDEEP:
                MD5:B3D24607F0B948645CE0CBC1E1372B94
                SHA1:BB09E1C5A95A8FE2E36C14174097CE09B6859887
                SHA-256:1E3BF73049260B2917F26B0451D7268CF1512E79136FE5239ED4D2CF08478D1B
                SHA-512:36F361424EC2D7EC38FC1869874B33234A939794A235ABB67858AB71C9C86414E399B6EBE2AAF1EB68B94C90F721CB981A2E07088E35FE3A381449DE9210C042
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... ......L.....`.....................................O.......................p...............8............................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........3...+..........|_..pp..........................................2.{....o....*....0..l........(.....(.....s.....=.;s+...%.o....}.....{.....o.....s....}.....{.....{....o.....{....o.....(.....{....o....*..(....o.....{....o.....{....o.....(....o....*f.{....o......( ....(!...*:..( ....(!...*z.,..{....,..{....o".....(#...*...0..o............($...s%.....s&...}.....s&...}.....s&...}.....('....{.....8 ....s(...o)....{....r...po*....{.....|..s+...o,....{......o-....{....r%..p()

                C:\Program Files (x86)\Syslogd\SolarWinds.LicenseManager.msi

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: SolarWinds License Manager, Author: SolarWinds, Keywords: Installer, Comments: This installer database contains the logic and data required to install SolarWinds License Manager., Template: Intel;1033, Revision Number: {C072EB45-1B14-4B12-A38F-8913D26754B7}, Create Time/Date: Tue Oct 11 18:21:38 2022, Last Saved Time/Date: Tue Oct 11 18:21:38 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                Category:dropped
                Size (bytes):3895296
                Entropy (8bit):7.667272165466163
                Encrypted:false
                SSDEEP:
                MD5:9EF8813BF23182828597A141A38D915C
                SHA1:852A093CF3246DC8A4A51FCC13CD0EC46175166F
                SHA-256:485D854570179FD23BACD6B0B87D34D794022F00B89779C64119DC51AD8A5736
                SHA-512:487C166AE163231E449F0E4BB1481179A30FE7AB7BD869EE536349D33C4D88E8AFDF4CC8B7F11DD8DD1B878CC6164BA7FCC1EBF13A5FF739CA5801D436DB2663
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.Gen4.UI.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):294232
                Entropy (8bit):6.728274201535322
                Encrypted:false
                SSDEEP:
                MD5:8389DE103BB51DC8BE9DA2195C013988
                SHA1:75C6CF47B4EDE7617F62086B2C2585DDB73111A2
                SHA-256:6100D5A67209727981FA3C36C351D9D1CDC6890FF15F8EA6532E4502CE4FFA80
                SHA-512:7A6154210D6AC7672DA0A0EBBE6855C083340EAC5B518032BE9B24EB5D640BB94AB3E17F12DC7EE86DA0970E97EB95331602CF3B38FA508C46A3D6277B7C9DCA
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..T...........r... ........... ...............................!....`.................................Pr..O....................^..X...........`q..T............................................ ............... ..H............text....R... ...T.................. ..`.rsrc................V..............@..@.reloc...............\..............@..B.................r......H............<..........xI...&..`p........................................{....*..{....*..{....*..{....*..(......}......}......}.......}....*....0..q........u........d.,_(.....{.....{....o....,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o ...*.*.*....0..b....... ..t. )UU.Z(.....{....o!...X )UU.Z(.....{....o"...X )UU.Z(.....{....o#...X )UU.Z(.....{....o$...X*...0...........r...p......%..{.......%q.........-.&.+.......o%....%..{.......%q.........-.&.+.....

                C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.Gen4.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):395600
                Entropy (8bit):6.189893463913144
                Encrypted:false
                SSDEEP:
                MD5:47DA99E3A949247F7EBA4D1FCE4CA3D8
                SHA1:BF02BEC21BC147E8F3BE7098F8003C7E654E5889
                SHA-256:D16B9289B08E781D1FFF693ED26C4AFFDA6FEB9B26C03CD019E5CC1E54BA0C61
                SHA-512:B4EB0780D841953CE27463B6FB46C71EE72956A9415E7DC25E2948F95879CBA0C3118BC84F499A28AC589C2457DFDC471B2BC09F94FDA467B481F8A1788B3E27
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0)............" ..0.................. ... ....... .......................`............`.................................V...O.... ..................P....@......l...T............................................ ............... ..H............text...(.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......h...................X...l.........................................{1...*..{2...*V.(3.....}1.....}2...*...0..A........u........4.,/(4....{1....{1...o5...,.(6....{2....{2...o7...*.*.*. .f3 )UU.Z(4....{1...o8...X )UU.Z(6....{2...o9...X*...0..b........r...p......%..{1......%q.........-.&.+.......o:....%..{2......%q.........-.&.+.......o:....(;...*..{<...*..{=...*..{>...*r.(3.....}<.....}=.....}>...*..0..Y........u........L.,G(4....{<....{<...o5...,/(6....{=....{=...o7...

                C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):18240
                Entropy (8bit):6.434615735825778
                Encrypted:false
                SSDEEP:
                MD5:7CAE57B7D3CCA7CF8BD9C81D27CBC9E5
                SHA1:F74048B2888D84EDACFA8C99F6621ED8AC8C8B0D
                SHA-256:483F38F7DF34E13A408D383EEF8CC0AFE2AEE44F098F61489B45A4D65561DAD7
                SHA-512:9DC7A43FA9C7CA84FE77C0240DC8074B8D0D22AEEF3847BFC65781EDAB584AF2CB29433D53A7DE05306293F8C3C1D205BBD430FF3AF57D6E07DCEEC236D90B5F
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1<.d.........." ..0.............j<... ...@....... ...............................F....`..................................<..O....@...............(..@....`.......:............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B................L<......H.......D#......................`:.......................................0............r...p....(.......jo.....-.(.....o.....+"..3.(.....o.....+...3.(.....o......o......+.....#...r...p(....(.......X....i.Y1..o....*..(....*:.(......}....*2.{....o....*2.{....o....*^.(.....s....(....}....*...0.............( ...&.{....o...+..s"....o#...(...+...,....o%....3r..(&...r...p(....('...,..{....(&...r...p(....(.....+1(&...rC..p(....('...,..{....(&...rC..p(....(......o(...s....*...{....o...

                C:\Program Files (x86)\Syslogd\SolarWinds.Licensing.KiwiSyslog.COMWrapper.tlb

                Download File
                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                File Type:data
                Category:dropped
                Size (bytes):4836
                Entropy (8bit):4.372966576658058
                Encrypted:false
                SSDEEP:
                MD5:3408C1CA807FFF1A70580AD24F584F14
                SHA1:5EEBCB004EA5C5A8B29ED07BA744BEB6EB84903E
                SHA-256:792B193617F031144F77D3C14B49A971341CB62BB191DA58495142EDABE7B944
                SHA-512:AB7A653CB683479954CFE17E9FB22E9728F1E1A4F7A10E52D48ADC151DA905F0F257843920711B706D797B32551F7079411EDC64BF5FEE68B3BB75AC3EB0DB92
                Malicious:false
                Reputation:low
                Preview:MSFT................A...................................d........... ...................d.......,...........X....... ...........p...L...........|...................8...........................................<...............................................................h... ...............................8...........................................................4!..P...........................................@............................. .....................%!..........................................H.......................................................4!..........................................`...@...0......................... .....................%!..........................................x.......T...................$........... ...............%!..................................................x...................0...........@............... !......................................................................<...........................%!..............................

                C:\Program Files (x86)\Syslogd\SolarWinds.Logging.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):42304
                Entropy (8bit):6.068435664873011
                Encrypted:false
                SSDEEP:
                MD5:1E93AFCC62CE7708E937F618AAF2A444
                SHA1:6050291D5DEFD5CF083194186645F4B92BD6E043
                SHA-256:E56AA88B4A2F7EE51D817919610D560C147B35941AD1F24381BE96BE92E0B1B3
                SHA-512:BCBCB17DC62BB92858C1F577E423C450C9A61E9C4A6BEB4B1465C8779125422F575EA6CA3BD9A7E033CF73CFDAD4563B55804A5A18D39BFDE61D87F1CDC62216
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$&............" ..0..|..........R.... ........... ...............................*....`.....................................O.......................@...........(...T............................................ ............... ..H............text...X{... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B................3.......H.......|F..,S..........................................................V!..e4^....s!........*:.(......}....*V.(......}......}....*..s....*"..s....*..{....*..{....*..("...*"..(#...*&...($...*..0...........-.*.o%...u......9....s&.....o'.....o(...o)...(...+o+....+#.o,..........o-...o......~....o/....o....-....,..o......~0...o1....~0.....o2....o3.....+...(4.......(5.....(6...o/.....(7...-...........o.......o1.....&..*...(....9./h..........)....................s.........*.0..J...

                C:\Program Files (x86)\Syslogd\SolarWinds.Npcap.Net.x86.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):39296
                Entropy (8bit):6.503979096975552
                Encrypted:false
                SSDEEP:
                MD5:67ABF46758A40E8FED16D31FF565BFE5
                SHA1:37AB99E58E49057DD01CAEBE161F555A1BDF0253
                SHA-256:5CD2BFF2B2FC7767138580623C87B97FF59BD7E3B836C9A7F79DE9CFCB2C00B2
                SHA-512:F6C91AD886D9FCAE9EDAA044C5932FD3608787FE311D9FD311AE6DC03B43B0F5F73B6DCEBC2E3EC2E2655D977D684C7C80EA411F03E4A172BFB0F7D08F160135
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..b............... ........... ..............................i\....`.................................T...O....................j.../..........l...T............................................ ............... ..H............text....`... ...b.................. ..`.rsrc................d..............@..@.reloc...............h..............@..B........................H........2...L...........................................................(....r...p(....(....&(_....(....&*v.(......%-.&r...ps....z}....*....0...........-.r5..p(.....*.{.....(]...o......-.rs..p.(]...(....(.....*.{.....o......-.r...p.(]...(....(.....*. ..... ....o.......o......o.......,..o......*......t.........2(.....(....*....0...........{.....o......-.rT..p.r...p(....(.....*.,....( ...-..o&....(..........%.s!...%.o,...s"...o#...%.o0...s"...o$....%..o4...(X...-ys%...%.(U...o

                C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.BulkInsert.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):24416
                Entropy (8bit):6.077727265244365
                Encrypted:false
                SSDEEP:
                MD5:F26C8E8BE776D2DCC20C6CAA11208071
                SHA1:412DFC113147C1B9A912858B619BC874CD9365DE
                SHA-256:38246D85EBCE038698708F1BFB875F91B58CE59F6CD03E4DAA9E8A9438CD3C54
                SHA-512:304BF92DAEF3F0B19DAB9548D92A18D333B376B3A88308A192154004F1C8B8C52CDFBF1FE70D9AD5C31B93C08F68BF3ECF47C1B1A818EF7EE0E634D77E2E58D3
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d.............!..0..6...........T... ...`....... ...............................!....`..................................S..O....`...............@..`............R..8............................................ ............... ..H............text...$4... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B.................S......H........'..0+............................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. .'.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*...o....}......o ...}......o!...}......o"...}......o#...}....*.0..h............($... 4...o%...(...+.'...~'...~(.....)...s*...(

                C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):56664
                Entropy (8bit):6.177632706701294
                Encrypted:false
                SSDEEP:
                MD5:FF4FB3D06D1959F6D4D76EE7659D38F0
                SHA1:EC41B5811735865B06C2E80A85B8D1D11DD1A00C
                SHA-256:29D9F23C1EB508934185E15892C184FA619A308691D307E6F62AB22922C5E099
                SHA-512:7553847E4F9B32913E595F16B4ED45D1F2BE279A54F82E8C386BF95AEBAC6C6AB1B876A5B6CB54C24F5C370C8B316D877DDBCF67E1C21D099BD29900E0584762
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-?.d...........!..0.................. ........... ....................... ......P.....`.................................X...O.......................X........... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......tF..t...............8............................................0...........s....}.....s....}......d}.....(....(....r...p(....o....o.....{......P...(....o.....{.......S...(....o.....{.......T...(....o....*...0..........~....-x.......(....~....-Y.(....o ...(!...}.....{....o"...s#...o$...,..{....o"...(%...+..(%.........~....r...po&......,..('....~....rA..po(...*.........ju.......0..........~....-.rg..ps)...z.......(....~....r...po(...~.....q..........(*...o&....(....o

                C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.dll.config

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (381), with CRLF line terminators
                Category:dropped
                Size (bytes):3273
                Entropy (8bit):5.148562422367887
                Encrypted:false
                SSDEEP:
                MD5:EFF53AE7AF57624A9A99B9B88961AF21
                SHA1:B73CC32C018F7E1CCF34F6003852A36852A18D58
                SHA-256:6676734718DAE300781E2F9F243DD3FE3C7D268518CC617648D7B870E70BB4F3
                SHA-512:1B81F0673FAD846D692A17BED43397B1B1FBECD7DDC3B56E31823523147B6D48763C14DFDDE73CE10D43B8E9DEB7BEC65CFA2E931BB7FE138151B0AA5ACF8D1B
                Malicious:false
                Reputation:low
                Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. </configSections>.. <appSettings>.. <add key="TcpReceiveTimeout" value="100" />.. <add key="UdpReceiveTimeout" value="10" />.. <add key="FixMacAddressesValue" value="true" />.. <add key="MacAddressOidStartsWith" value="1.3.6.1.4.1.9.9.215.1.1.8.1.2.;1.3.6.1.4.1.9.9.513.1.1.1.1.1.;1.3.6.1.4.1.9.9.513.3.2.;1.3.6.1.4.1.9.9.599.1.3.1.1.8.;1.3.6.1.4.1.9.9.599.1.3.1.1.1.112.20.166.95.71.;1.3.6.1.4.1.11.2.14.11.5.1.66.1.7.;1.3.6.1.4.1.14179.2.1.7.1.1.;1.3.6.1.4.1.14179.2.1.8.1.1.;1.3.6.1.4.1.14179.2.6.2.27.;1.3.6.1.4.1.2079.1.2.1.4.1.3.1.3.1694594843." />.. </appSettings>.... <log4net>.. <appender name="LogFileAppender" type="log4net.Appender.RollingFileAppender">.. <file type="log4net.Util.PatternString" value="%property{ProcessName}.log" />.. <appendToFile value="True" />.. <rollin

                C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.Engine.tlb

                Download File
                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                File Type:data
                Category:dropped
                Size (bytes):28468
                Entropy (8bit):5.080168591880652
                Encrypted:false
                SSDEEP:
                MD5:64C756E0A014620D71214255597C9B2D
                SHA1:2CF92DDD855564794CDB7DEF30CE078CA4155E38
                SHA-256:2109AC9643FE3119FBAD2583C34F4F1B496BEE5993ED2D948670F8753B2FE571
                SHA-512:2EBBA8FF305AC0839A0F652CDEEAD897059F4A16A3E11247FB6D82E086574A20825A152A2117F0EFE8456C53E735CA5568E13A5E05FDFAE44874A15128A098FC
                Malicious:false
                Reputation:low
                Preview:MSFT................A...........................a.......,+.......... ...................d.......,...........X....... ...........L...........x.......@...........l...........4...........t...H...............p...........d...............................L...............,...............,...X+...........................<..............................t=..............0B..............................................%!..8C..............................................................................................4!..8C......................................H...@.............................T.....................!"...F......................................`.......8............................................... !...G......................................x.......X...................$...........................!"..`G..............................................p...................0...........................!"...H..................................................................<...................

                C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.ForwardSyslog.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):19304
                Entropy (8bit):6.253518289233063
                Encrypted:false
                SSDEEP:
                MD5:9EC4DF5A590ED83F05875C011F969485
                SHA1:B825A5D6F9F2864A9A9FAD0529D4C7D40B736416
                SHA-256:27F68DE18CE73A1BF64FD3AE61E456B851C398D499724D8057F050CFFA33516A
                SHA-512:93785FF886F9B706466F7DDEC75D3A19513A010B989C1C29C062F5BD71FC5E36F9826A5138619E77A892D393589E036A343BEA9D755749AB0F1FD580D20C618B
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i............!..0.."...........@... ...`....... ..............................Y[....`..................................?..O....`...............,..h............>..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................?......H........$.. ............................................................0..B........(....}.....(......{....o...+}.......~....r...p.o....r...p.s....z*...........$.......0............i./.rO..pre..ps....z.....(....-.rO..pr...ps....z...~....(....,...+......(....-.rO..prX..ps....z.....(....-.rO..pr...ps....z.....(....-.rO..pr|..ps....z.....i.1......(....-.rO..pr...ps....z.....i.1......(....-.rO..pr...ps....z.........(....*...0..w........../.rM..prg..ps....z.../.r...prg..ps....z..

                C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.ForwardToLoggly.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):18264
                Entropy (8bit):6.3710973423593
                Encrypted:false
                SSDEEP:
                MD5:E91A356EFF6EE0D27669B7C03741282D
                SHA1:AE24A895A3D8E033D4E80AE97313D174103401B1
                SHA-256:F0976DDADD2330AC1C7F4B27C0EA6AA154AD590517CA90B796101EDDE1DB2CFE
                SHA-512:8609CCB661101B2C90686F44EB9DB21FBE23F5E72F1618D7A8D27A17AE59BDD00BC23DD6A9B76EC5270DCD87BE73A0C2C7FEF0CB2C5167126AFE2E548BAEF6F4
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....P?............!..0..............=... ...@....... ..............................90....`..................................<..O....@...............(..X....`.......;..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................<......H........$..d...........................................................b.r...p.r...p(.....(....*~.r...p.r...p(.....(......(....*....0..Q.......s......o.....+..o.......o....o....&.o....-....,..o......r9..p.o......(....(....&*........... -.......0..%........(....s......o....rO..p.o....(..............(..... ..(....,...(.......rS..p( ....+(~....r}..p.(!...o"...(#......rS..p( ......."...%.r...p.%..o$.......(%....%.r...p.%...%.r...p.(&...o'...&..o(...()...-..o*...+..o(...o'...&...

                C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):38232
                Entropy (8bit):6.109146677924038
                Encrypted:false
                SSDEEP:
                MD5:3F98AB30C2A6BD844101F111026BD094
                SHA1:48113BD0FF74B5A169B5ACB96D64B394786007B0
                SHA-256:DC03948DE691569B9A0DF5F2B0B72B58D0D495E5F90C91ABF8B839E9B632180F
                SHA-512:D897D5B4EB5FFA17F2915638F31308B54C74AC7644F7D8AFCE6D0EA9216BD9999C36D7B76B6BD844F8DA44EEBE384F51B65A074AAE093B5A60AF7E336A3F8FB4
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....On............!..0..l............... ........... ..............................^.....`.....................................O....................v..X...............8............................................ ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B.......................H.......(/...Y...........................................................0...........(........+.......{.....o....a}......X....i2.*..{....*j.-..*..3..*.{.....{......*..-..*..3..*.o.....(....(....,..*..t....(....*..{....*"..}....*..{....*"..}....*..-..*..3..*.(.....o....(....,..(.....o....(....*.*..-..*..3..*.o.....(....(....,..*..t....(....*..(....o.... ....Z.(....-..+..(....o....a*..(....*:.{......o....*..0..[.........(.......(....,..*...(......{.......o....-&.(....u......-..

                C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.tlb

                Download File
                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                File Type:data
                Category:dropped
                Size (bytes):11760
                Entropy (8bit):4.3565997954296085
                Encrypted:false
                SSDEEP:
                MD5:7806A165B49145BBAB97EC6412A4E6F2
                SHA1:5FB4F1FA8AA8F3C8BDA502FBD131283438E01E3B
                SHA-256:0EF2523472A7152B23588C6A042A9E68FB2BF4EAF7DBC4E92A68559AF7734555
                SHA-512:295CB72D0B2CD868DA2843F80C4C97F565E45E2139EAF857FD114F90290B606270416F8ACB3E4CF42B451602B73DCDDEC3B69B088E24F14728743CBECE0E7657
                Malicious:false
                Reputation:low
                Preview:MSFT................A...........................S...^...p.......`... ...................d.......,...........X.......d... ...............................8...........l...................................h...........<...............<...............................................................d...0...............l...........................................4!......................a.......................@...................................................4!..d&..................!...................H...@...................................................%!...,......................................`.......4...............................................%!...,......................................x.......L...................$........... ...............4!...,..........................................@...h...................0.....(.....................%!..D-..................................................................<...........@...............4!..D-......................................

                C:\Program Files (x86)\Syslogd\Sounds\Alarm.wav

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
                Category:dropped
                Size (bytes):8550
                Entropy (8bit):7.063268158423366
                Encrypted:false
                SSDEEP:
                MD5:EB84FE6DB12F8BAF2603046305FFF9C5
                SHA1:BE00C7062956D52B70A47D0FE8C27893D629FFE7
                SHA-256:E339FAE3EF962AF1C15BD0BD9882CDFF191124DFF49F99ADD84817A5154DBE91
                SHA-512:5A636F9FD0861F42E3804637F628E2860000C07D2026964D8E75905822E95D611C38CE88FE776DE1B6F35935C7FC9C8623E58F78BEB8C776FABC9C10FFA41A05
                Malicious:false
                Reputation:low
                Preview:RIFF^!..WAVEfmt .........+...+......data9!.....................................................................................................................................FS..tz.}..F&gG:..X.....A.tC)..C|....R..R...Aq....h.vg...[\.....Y}.s..G......1.5A.A.....Y.|g...[^.....O.#_.D.....=..X"..Pp....[..d.I.....>..X#..Sp....U.&Y.J.....F..b...\k....J.2G.L....h.vw.|.t[........O&..U}....Y.%R.P..}.._..p...qb..}..14.M&..Y.....V..I.V.....p.vv.n.a.....I(._..._.....U.4D..[....}.k|"_.a.....^.}k...zj.....F,.X...ky.....,C.F/..b.....X.4C..^.....j.#[.a..}..j.ys.n.g..y..S#.g...yp..z..@4.U"..m}..}../D.I+..g....&R.;8..e.....[.4D..d.....e.)P.e.....|.ny"[.g..|..t.st.d.h..y..h.|p.m.h..v..\#.j.w.m..v..R).b...|q..t..J/.^...yt..t..F4.X...ty..v..A7.U...s|..v..>;.P ..s}..w..;>.M"..q...w..;>.M"..s...y..:A.L#..s...w..;C.L%..q...w..8C.J&..p...y..8A.L%..s...w..;@.L%..s...v..==.P"..v}..v..@:.R ..wz..t..D5.U...yy..s..I1.Y....v..q..M..\...s..p..U(.a...q..p..Y%.b.y.p..p..\#.

                C:\Program Files (x86)\Syslogd\Sounds\Alarm1.wav

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
                Category:dropped
                Size (bytes):7090
                Entropy (8bit):7.335537470588271
                Encrypted:false
                SSDEEP:
                MD5:2585F2AE73EC24CAEDB3E53028ACF931
                SHA1:59F8E5E22C2BF482A7E6698E3094F0A6D2258E57
                SHA-256:E1EF2C6C425D05477F6561362D89590CE7B67812C845146CF47497ADAB6BD52C
                SHA-512:D12FD5C5B51A81FF2DB6DEE24E2C07C215C9F9C18FE008DDE1B6A56F1E511276255244AB1CE9B0E434405AF7A6C4ED20E83C314788F20133AFD7DD922620CB55
                Malicious:false
                Reputation:low
                Preview:RIFF....WAVEfmt .........+...+......data.........x..~...}..rmyeesdi.hRz..w.....}........._JXP\shq.gKs..........~...zyzaQS<G^V`x[Lx...............qomTSdKEUN[vbY}..............soxbXcRKQDPmYQr..............sw|f\cGBIEVt_Sj............z..jmraZcKRR>O{j\r..............ov{`\fJNO=Ipfax..............rso\]`KVU>Fk`^u...............fgfSX\GWX?IhXYu..............ppkT[bLXYBD\IJp..............e^PAPXAPYC=V@<_.............aUK?QV=NV=8VG>c..............f\QDXV=LQ?:VGEg..............l`MCVO8MP>@_GAe..............k`PCTK6GH8@cLDg............neSEUM6FH:?bM@]............j`K<JF/BC8>`K=\............icJ8D?)<>3:aQBd..............qlO>KC)@@5:^OAf.............kdH:KC*AC8=^J<b............neJ=NE.CC7<]J>d.............pgOEWN5JJ>>^LBc.............g_KBTI-?@46WH?a.............e[IBTI-@@48\PDf.............jaNG[O/BA15\ODd............j`NEWL,DB04[LAc..............j`OHYK+BB/6^OCe.............h_PH[N1HF29`RGi.............e\NDVJ+@>-2YK@b............i\MFWL0GE29^PEf..............fZKCUJ-B?+2XLB

                C:\Program Files (x86)\Syslogd\Sounds\Aoo-gah.wav

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:RIFF (little-endian) data, WAVE audio, MPEG Layer 3, mono 11025 Hz
                Category:dropped
                Size (bytes):9690
                Entropy (8bit):7.806736394919223
                Encrypted:false
                SSDEEP:
                MD5:10A1429C4D425335E8B4705313A643B7
                SHA1:57A7F76F9DACA22BE9B8D1DE69B7F65015F20200
                SHA-256:154CF0F90F11BA5B845F14792C26651B62A74631E5836A6A535DF728DEB2C6B8
                SHA-512:FD293C0E00AA55F35872D7DE174A896E10863DF0EAF37C64AEC7E770598A04306B4263B47F95530E8171859AA3AC1F2F96581D1D506D2A05208BBBDDE8BE1642
                Malicious:false
                Reputation:low
                Preview:RIFF.%..WAVEfmt ....U....+......................q.fact....c...data.%....0....Q..L`..vV.[..............p$...`.;...`LG\ ....4...V..LC....n;..........0..$...s.LwH..E...KVp$.*K'..[.... `h........V...3.s..y."..+E...8.7....(e.... .- B..].h@......8...*aW>`\a`0..q...,...9H.-I.E+....h.f...o@..}.....MF..0@...................V..1..0...BF...X.... ....r0....}..\.....i@P...s.M2.]f.R.,..y......Q.hnXT8$...8..r.La..M..u...../.............?g...X.:.......5.......8x.}.D#..S.!7~7....m.... ...."...0.T.;^.&H.y<....$...R...U..MZ^<p\.h..x..w..+a...^...va...~......... ...-F.0...-.R..w.....g..0........ED.X.T(^.i.Y18\B.'.r&y.3...d5..V..EM...VTR...0..H...v.J7.n...MT.z.bZP6.~........>C.C=. DT.r8.k..c/{...5.g...=.....`o...f0.....5?....J.....z... .F.....3.D.T_..U.Yd...$..lU.....K|f..P.w$.....4.FQv.(.".,.....F...k.\.......oX........H.:.+.C....0.=..&....x.H....E._......}.s`.;MT.......U.E)kw.GI.".....E"^.S....<.07+c.....F...W.MVj........NJ..\.k.F{._.X.M.Pi....6.M.....M...ud.4j..YA.b....(z

                C:\Program Files (x86)\Syslogd\Sounds\Squeak.wav

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
                Category:dropped
                Size (bytes):1654
                Entropy (8bit):6.685515958840267
                Encrypted:false
                SSDEEP:
                MD5:80C9239A02D79034FFE91FE0B0DBEFFF
                SHA1:4978DF288F97470E33DA47F22625F3598E7C6DC0
                SHA-256:4119BB9B2B940AA21D2850680B69BEC9EC7218BDABA38E2C7F4A059FD7B4475C
                SHA-512:4FC143FCDF480AAF41A13B22ACD3BF884FA6F8AB93F86FA4554EFF24FBDD529F7F1C575EE437D18B244D16AC1A9C10A2421238E08F88196D437EDFB477B44AFE
                Malicious:false
                Reputation:low
                Preview:RIFFn...WAVEfmt ........"V.."V......dataI.....pgfhjlho..........vh]agipom.........pbffiginn..........cccW\fjq..........pXZbmoilw..........d]ahgdmtz.........p[[\\^dj|........|cXZ^dfjx..........d[db`gkp..........f^d^_gip.........v\\]Y^jlw.........aM`ifjqu.........t^\_dnhi.........pX^cbnnl.........o\gnfcfv.........l`imggfp........|cafcjjh.........h^jfeppt......qd^_k........}ZZl`\dc|........iV_`[Z]v........nYac\Wa.........adj`^^c........{cmmadhq........laklfep........gVgn`bn........nRXjgbm........s_\`Y]l........oZ\b[Wg........iWalYOg........aVag\bx.......u`^g]Tf........h]`bRX........jY\dWVx.......lfg`PNh.......waZi_C_.......qih`^Xk.......rgfpcb.......snvmf\v.......ZYenjl.......ZN\XSe.......lXXMMZ.......wWc`SKa.......g`WR\t......pokXMT.......ofnf\a.......nsp_^z......mblg`r......iWig[h......xX\jcd......qR`m\X.......WJSW]......vONYNU......xKNSMa......gNVTNc......i`\NP......wNS][j......^PGHa......jPKFS......|SEGPn......]PNDZ......gRTJR......vRPRRq.....~`WSPl......^TTJ\......wNKNH\......pMRRCZ.

                C:\Program Files (x86)\Syslogd\Sounds\Twilight.wav

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
                Category:dropped
                Size (bytes):17692
                Entropy (8bit):5.635887912968745
                Encrypted:false
                SSDEEP:
                MD5:CAA1CB209455ABEE6E6B995A0B5697A6
                SHA1:07268177924C1113F214950FF19B7CC6149DA62D
                SHA-256:D6316A45785935F076FA23FED5AC1025D6A5888505E7810B839C39BCA6C16B48
                SHA-512:A7B1C0CD9AF5CB3299813D819633C9AA3A0391C601525374ACCECDD9BF0C786474E399A6B0C5067AAA017DFDEEE0E2B778E7F489A10E01269BA023B6B00102C7
                Malicious:false
                Reputation:low
                Preview:RIFF.E..WAVEfmt .........+...+......data.D..ek.xspao..rr`]{..yvdw..l`[j~..yvyp}.ZWhs{.....foh]eqv......hScsns{s....xXOk.ttpw....`[\g.|io....j^kdc{xo..{xmorrpfg..xzr\g..y|dg..vp[]s...rrv{.pV]mv...{.pny`Xgqw.....t`Yehhqyt....xQWvrkto}....`Z]o{ujw....d_j\k.ps.|..sjkjgis..u.tes}qur`s..yr`c{..}pkz..pZ_my..t..k.xY^ik{....xlh`adgtz~....hQ_nfsxo....xXUfrutn.....`c`_wzj{.}..lgldesw}.{.xkwrluhg..v}p^k.zzxfo..|i\cn...r.rw.hW_jo..|..psl]_emz|.....`[gdgwro....pS]mlspo....p`_[k.pi.....bgh`oxo{...uophmpbo..z.lawyr}pc..~|h]gs..rswr..`\efw..w..q~j\cgo{~....p^cfanxn.....`Wgjkumw....h`\_syhs....pcj]_xqs.~..xpjfkhi}.x.|fmynsx`k..|xdamy.xpqr{.t`bdi..r..lw.b_cgw.....tfdf`euuw....pV_keoto....xdZ]kwpk.....dga[oxlw.{..thgfeis||z|pnwpkvjc..xzpbkxxxxmo~.xjccgy.zy.vs.p`cch.....tmmfaagpw....z`]ibcrqu....p\\ekrqu....rib[gyrs.|{..jkhamuv.|xwstpjqrds.xwyhfvtu.ph{.xthago..u|znyxbafcw....ylrf_deoy~....j]eeaoun.....`[eemuq{....jg\_trn..y..nmj^gtq{.yyxurkkphm..z|pfsvnyxhs.xxqdemu.{xyruxpedci.....mqpefbcs.....redfaeory...

                C:\Program Files (x86)\Syslogd\StaticHosts.txt

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):551
                Entropy (8bit):4.719702555520529
                Encrypted:false
                SSDEEP:
                MD5:A0D4152223F9457E275B7F09CBFD8A86
                SHA1:AA9D951F7C0C6DA2B58EAB44C7E2364F4E05A84B
                SHA-256:2F3085C2E52B5B6D010135EC4AEC10296E1389290C34AB564AB59912E0860C16
                SHA-512:2D1E5A6E12ED12931ABF1BA22F454156E1560961F6049F5B76F589A7F6592571A5D8DE50AC040542B46A706B6FC04391A2804F7E364A8A19D3DEF820AA2E203D
                Malicious:false
                Reputation:low
                Preview:# Static DNS host file..# Each entry must consist of an IP address, a tab, then a host name..# The IP address is in the format aaa.bbb.ccc.ddd..# The host name can be any text value that you like up to 63 characters in length..#..# Comments can be on a separate line and must start with a # character..#..# Example:..# 192.168.1.1.myhost.mycompany.com..#..# NOTE: The IP address and host name MUST be separated with a tab (ASCII chr 9)..# Spaces will not be recognised as a valid separator....# Default value for localhost..127.0.0.1.localhost..

                C:\Program Files (x86)\Syslogd\Syslogd.chm

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:MS Windows HtmlHelp Data
                Category:dropped
                Size (bytes):816664
                Entropy (8bit):7.985067488311837
                Encrypted:false
                SSDEEP:
                MD5:ACC430D8E5BD744A3E331D2AF01DBE8D
                SHA1:51D539C9687DC666288D646DDD442F14C7BA639A
                SHA-256:04A6ECF2A1AB9C700680DFC5D27430005FA4942E4E8DE50E7272320B075001A1
                SHA-512:29FC811095B052A1553F3718DE072518C5FDB771203411D64932E56D84A84F61F539DFA7182D83ECEE258BF8F4344BC6B6EFBB85830F8266AC7B0EF791658C05
                Malicious:false
                Reputation:low
                Preview:ITSF....`..................|.{.......".....|.{......."..`...............x.......T@.......@...............v..............ITSP....T...........................................j..].!......."..T...............PMGL4................/..../#IDXHDR....$.../#ITBITS..../#IVB...Y.../#STRINGS....a.+./#SYSTEM..N.0./#TOPICS....$.@./#URLSTR....4.-./#URLTBL....d.P./#WINDOWS...u.d./$FIftiMain...<..h./$OBJINST...}.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...y../$WWKeywordLinks/..../$WWKeywordLinks/Property...u../_Temp.hhc...3..i./_Temp.hhk.....Y./about_kiwi_syslog_server.htm...B.&./action_email_message.htm...y.~./action_log_to_database.htm...~..l./action_log_to_nt_event_log.htm...j.../action_log_to_papertrail.htm...v..'/action_log_to_reset_flags_counters.htm...W.../action_log_to_web_access.htm.....J./action_run_script.htm.....i*/action_send_message_via_notepager_pro.htm......./action_send_snmp_trap.htm......./action_send_syslog_message.htm...w..#/action_stop_processing_message.htm......./ac

                C:\Program Files (x86)\Syslogd\Syslogd.log

                Download File
                Process:C:\Program Files (x86)\Syslogd\Syslogd.exe
                File Type:CSV text
                Category:dropped
                Size (bytes):897
                Entropy (8bit):5.136104700173289
                Encrypted:false
                SSDEEP:
                MD5:62DB50E9E94C1C63DC68A5178F24090A
                SHA1:9E12F79EB0739CC43DD6D40A9551B9169B563D9E
                SHA-256:8AF16118C5D120976D64982524CC68F97D7BBACD28882C7E26D7F38D7EF29F5E
                SHA-512:6CB35AE9A94EC9AE7018A533149BD0D1D32D575920DCF42F0CB0FD096531D3443C7F70B0C501A860A20D64839597E6192A4248DB67FAE4A763C5F719E916764E
                Malicious:false
                Reputation:low
                Preview:2023-12-21 00:14:35,334 [1] INFO SolarWinds.SyslogServer.Engine.NetworkingDeamon Reinitialize started..2023-12-21 00:14:40,095 [1] INFO SolarWinds.SyslogServer.Engine.NetworkingDeamon ReinitUdp started..2023-12-21 00:14:40,110 [1] INFO SolarWinds.SyslogServer.Engine.NetworkingDeamon ReinitUdp started for AddressFamily=InterNetwork..2023-12-21 00:14:40,126 [1] INFO SolarWinds.SyslogServer.Engine.NetworkingDeamon ReinitUdp initialized..2023-12-21 00:14:40,126 [1] INFO SolarWinds.SyslogServer.Engine.NetworkingDeamon ReinitUdp finished for AddressFamily=InterNetwork..2023-12-21 00:14:40,126 [1] INFO SolarWinds.SyslogServer.Engine.NetworkingDeamon ReinitUdp finished..2023-12-21 00:14:40,126 [1] INFO SolarWinds.SyslogServer.Engine.NetworkingDeamon Reinitialize finished..2023-12-21 00:14:40,126 [5] INFO SolarWinds.SyslogServer.Engine.Implementation.WatcherThread started for 4032828..

                C:\Program Files (x86)\Syslogd\Syslogd_TaskEngine.exe

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):515928
                Entropy (8bit):5.893820817429592
                Encrypted:false
                SSDEEP:
                MD5:60995005FCE2D6C7632D06722BDF1073
                SHA1:820F08C198C021F17F0246D2D1AC085D7AF65C6E
                SHA-256:1764B2B80D9CD1F711C1899C3BB5D0095DA14E2CC3A60D7F0930EC09BE4EE68B
                SHA-512:7B4F90172B0F03F94D8C7051C74FA8BE9B8240E70F0168003CC3B6DF3154C3682C010BD45C0BB054E2622D644C751182E9FAD883CFC5AE97EF352A21BE96ED00
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+O.E..E..E.X.K..E...L..E..H..E.Rich.E.................PE..L.....pV..................... ....................@.......................................@....................................(.......................X...................................................0... ....................................text...X........................... ..`.data...d...........................@....rsrc...............................@..@l.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\System.Buffers.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):20856
                Entropy (8bit):6.425485073687783
                Encrypted:false
                SSDEEP:
                MD5:ECDFE8EDE869D2CCC6BF99981EA96400
                SHA1:2F410A0396BC148ED533AD49B6415FB58DD4D641
                SHA-256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
                SHA-512:5FC7FEE5C25CB2EEE19737068968E00A00961C257271B420F594E5A0DA0559502D04EE6BA2D8D2AAD77F3769622F6743A5EE8DAE23F8F993F33FB09ED8DB2741
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............x#...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                C:\Program Files (x86)\Syslogd\System.Data.SQLite.EF6.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):203680
                Entropy (8bit):6.084130705592534
                Encrypted:false
                SSDEEP:
                MD5:C4F999C91E9F5040B16A137EA7D89E82
                SHA1:A29ABF6DB6301AA0827A24F361E84C8CEC548C45
                SHA-256:1813EF77CB5657DC01019445E126790D9BFBB5E310B0571F02D5D754DB7BFA31
                SHA-512:FB21C48A10AA2CDCDC04CA98A72498335EB66239141CF96334182EE4624671FA9467348820A721E2E47E47FED5408565E5E490AC7CC8AD23895F01D75A693F70
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0.............r.... ........... .......................@............`................................. ...O........................I... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................T.......H........................W..p...h........................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                C:\Program Files (x86)\Syslogd\System.Data.SQLite.Linq.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):203680
                Entropy (8bit):6.086621622251276
                Encrypted:false
                SSDEEP:
                MD5:59498A0F662DBC18D751A6AF9D0E7173
                SHA1:0F03D743971EE6FA939E386635DB7813A4D235B6
                SHA-256:9D55C1C6A194C61D0E7810F7E6260734C2E133796D3E4FB6532EEE58BD5045FC
                SHA-512:6C2DEB8EBD823644FF865879CDFD34E020598E7823CF120ADE33DAEF2314A886ECDAF52838B1954C01D5C614704E796635C7C5BBBC6FF3AFD384398DAF8C1BFC
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0.................. ........... .......................@............`.....................................O........................I... ......L................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........|...........\W..p............................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                C:\Program Files (x86)\Syslogd\System.Data.SQLite.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1547616
                Entropy (8bit):6.785630652301275
                Encrypted:false
                SSDEEP:
                MD5:6309060E327325267AEF56DC63415C9A
                SHA1:C4F2ADC88690F6DDB49D679A8ACC8EFA90BE03CB
                SHA-256:A4BCE8F401DE596D844528BB2C57C5B7C8C3C9449EDC8441570ABD346A1ECF46
                SHA-512:57264E3F9FE687B395988228E16C87E248EB0EB77B768E5939ACC79BD4E7DFECEFD504E0C8714F73CA0ECA8B830BEA4E8BE2D7A561EB83163DAC5C346B37E435
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.<y|iR*|iR*|iR*...*MiR*...*.iR*...*[iR*G7Q+kiR*G7W+jiR*G7V+siR*b;.*~iR*...*.iR*|iS*.iR*.7X+~iR*.7R+}iR*.7.*}iR*.7P+}iR*Rich|iR*........................PE..L....Z.b...........!................................................................!.....@.........................@...h4......<....p..<............~..`........d..`...T...............................@...........................4...H............text............................... ..`.rdata..J...........................@..@.data....X.......,..................@....gfids.......P......................@..@CONST...@....`......................@..@.rsrc...<....p......................@..@.reloc...d.......f..................@..B................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\System.Memory.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):142240
                Entropy (8bit):6.142019016866883
                Encrypted:false
                SSDEEP:
                MD5:F09441A1EE47FB3E6571A3A448E05BAF
                SHA1:3C5C5DF5F8F8DB3F0A35C5ED8D357313A54E3CDE
                SHA-256:BF3FB84664F4097F1A8A9BC71A51DCF8CF1A905D4080A4D290DA1730866E856F
                SHA-512:0199AE0633BCCFEAEFBB5AED20832A4379C7AD73461D41A9DA3D6DC044093CC319670E67C4EFBF830308CBD9A48FB40D4A6C7E472DCC42EB745C6BA813E8E7C6
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`.......>....@.................................`...O.... ..@................'...@......(................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                C:\Program Files (x86)\Syslogd\System.Numerics.Vectors.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):115856
                Entropy (8bit):5.631610124521223
                Encrypted:false
                SSDEEP:
                MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
                SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
                SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
                SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                C:\Program Files (x86)\Syslogd\System.Runtime.CompilerServices.Unsafe.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):18024
                Entropy (8bit):6.343772893394079
                Encrypted:false
                SSDEEP:
                MD5:C610E828B54001574D86DD2ED730E392
                SHA1:180A7BAAFBC820A838BBACA434032D9D33CCEEBE
                SHA-256:37768488E8EF45729BC7D9A2677633C6450042975BB96516E186DA6CB9CD0DCF
                SHA-512:441610D2B9F841D25494D7C82222D07E1D443B0DA07F0CF735C25EC82F6CCE99A3F3236872AEC38CC4DF779E615D22469666066CCEFED7FE75982EEFADA46396
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ....................................@..................................6..K....@..............."..h$...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                C:\Program Files (x86)\Syslogd\System.Threading.Tasks.Extensions.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):25984
                Entropy (8bit):6.291520154015514
                Encrypted:false
                SSDEEP:
                MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7
                SHA1:2242627282F9E07E37B274EA36FAC2D3CD9C9110
                SHA-256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6
                SHA-512:DA7AB8C0100E7D074F0E680B28D241940733860DFBDC5B8C78428B76E807F27E44D1C5EC95EE80C0B5098E8C5D5DA4D48BCE86800164F9734A05035220C3FF11
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ....................................@..................................V..O....`...............B...#..........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

                C:\Program Files (x86)\Syslogd\System.ValueTuple.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):25232
                Entropy (8bit):6.672539084038871
                Encrypted:false
                SSDEEP:
                MD5:23EE4302E85013A1EB4324C414D561D5
                SHA1:D1664731719E85AAD7A2273685D77FEB0204EC98
                SHA-256:E905D102585B22C6DF04F219AF5CBDBFA7BC165979E9788B62DF6DCC165E10F4
                SHA-512:6B223CE7F580A40A8864A762E3D5CCCF1D34A554847787551E8A5D4D05D7F7A5F116F2DE8A1C793F327A64D23570228C6E3648A541DD52F93D58F8F243591E32
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ...............................H....@..................................2..O....@...............$...>...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                C:\Program Files (x86)\Syslogd\install.log

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:data
                Category:modified
                Size (bytes):104230
                Entropy (8bit):3.709208771831665
                Encrypted:false
                SSDEEP:
                MD5:5A83BA9B0CB730B80E23FECE8827F957
                SHA1:1E9691C34BB857C260AA5601339CA19293690F2C
                SHA-256:3A2296F69AEB78D6110370E137BBB30748ECBEBD8C2F0BD808718E123F1CF957
                SHA-512:6063E3630918BE54849BB21E47EF1E1EFC5F753C9579EDFAF0E554400EF3B44E29E14A1E5F6C94B8627E429C4EB025AEF69C603813AF32222D40C1ACE9EA5192
                Malicious:false
                Reputation:low
                Preview:l.o.g.g.i.n.g. .s.e.t. .t.o. .1.....C.a.l.l.:. .2.9.4.6.....C.a.l.l.:. .2.9.4.6.....C.a.l.l.:. .2.9.4.6.....C.a.l.l.:. .2.9.4.6.....C.a.l.l.:. .2.9.4.6.....C.a.l.l.:. .2.9.4.6.....C.a.l.l.:. .2.9.4.6.....C.a.l.l.:. .2.8.5.1.....D.e.t.a.i.l.P.r.i.n.t.:. .U.n.i.n.s.t.a.l.l.i.n.g. .a.n.y. .p.r.e.v.i.o.u.s. .v.e.r.s.i.o.n...........S.e.t.F.l.a.g.:. .1.3.=.6.....C.a.l.l.:. .2.8.6.8.....C.a.l.l.:. .3.8.0.....D.e.t.a.i.l.P.r.i.n.t.:. .C.h.e.c.k.i.n.g. .f.o.r. .e.x.i.s.t.e.n.c.e. .o.f. .K.i.w.i. .S.y.s.l.o.g. .D.a.e.m.o.n. .s.e.r.v.i.c.e...........C.a.l.l.:. .3.1.8.9.....S.e.t.F.l.a.g.:. .1.3.=.6.....F.i.l.e.:. .o.v.e.r.w.r.i.t.e.f.l.a.g.=.1.,. .a.l.l.o.w.s.k.i.p.f.i.l.e.s.f.l.a.g.=.0.,. .n.a.m.e.=.".C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.c.5.D.0.8...t.m.p.\.K.i.w.i.S.C...d.l.l.".....F.i.l.e.:. .w.r.o.t.e. .5.3.7.6.0. .t.o. .".C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.c.5.D.0.8...t.m.p.\.K.i.w.i.S.C...d.l.l.".....C.a.l.l.:. .2.8.6.8...

                C:\Program Files (x86)\Syslogd\log4net.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):278376
                Entropy (8bit):5.663430284055471
                Encrypted:false
                SSDEEP:
                MD5:B7787345DB2ED06AF5F1782BEAC5B5EF
                SHA1:9A259DBE12134CB97770F177B5FFE7E6B93AC4C9
                SHA-256:8848EF213D2C1BBB8C94EF089ED10D0B9A68E79B7584530F0B9CC8104A1B0798
                SHA-512:23E2C4E9F889AE81A7344CAF0F564A0BEC9F39A2A26EA5F1BAEEA583C34DD1F1DBF4A39155449A4731A06EC1CCC9513817F90BCBD12331AB30A621B3E2C683C0
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p3..........." ..0...... ........... ... ....... .......................`............`.................................h...O.... ............... ..h....@......L................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.System.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):197848
                Entropy (8bit):6.111736225398689
                Encrypted:false
                SSDEEP:
                MD5:6AB3BE3AE4FDB1020B277F66D9F08BBF
                SHA1:6963E6F82C661E56FA1D3D3BC47D90323BD3007E
                SHA-256:D4044FBB4BA889AE5147BF406AFF97D3FCAE19884E1A9D82B3629F3201C899F3
                SHA-512:9C66CC4F76FFF15846E7F4EC8C001ADABC9C5C4D83A425EB76F40267688E6186FB3D92375921457F9CE66574AFF3C230DC3722E4CD7513E9403963AA3553F129
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....RG^...........!..................... ........@.. .......................@............@.....................................O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......LE..p....................D.......................................0.......... .........%.t...(.....u... .........%._...(.....`... &........%.{...(.....|... .........%.Y...(.....Z... .........%.2...(.....3... :........%.W...(.....X... .........%....(......... .........%.....(......... .........%.....(......... v........%.]...(.....^... p........%.j...(.....k...*..0..J.........(...........{[..........+.....-..r...p.+..{[...|b...{u...s....(%....+..*...0............(.....

                C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):3569368
                Entropy (8bit):5.627799527589952
                Encrypted:false
                SSDEEP:
                MD5:6E7395F6FB5B96B07C02655925A00CD8
                SHA1:1C3788AF3EEA1F01E657CCC7264A7A28DF3F00DC
                SHA-256:226523E8A2A8D45CE6F0E8BB5383BDED1EFAAF1648E6DBEC6A9C0C7EE2EF791F
                SHA-512:F394E320E155DE2687FF94A332CD6023F0BC0F894F1ACC85CA06E72E0A28C7F6D024D563E84F29CFAA66E638B14E548D98FA1B913627C7F98A044B0C1C410A36
                Malicious:true
                Yara Hits:
                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dll, Author: Joe Security
                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dll, Author: Joe Security
                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorks.dll, Author: Joe Security
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....SG^...........!.....N6.........>l6.. ........@.. ........................6.......6...@..................................k6.W.....6..............X6.......6...................................................... ............... ..H............text...DL6.. ...N6................. ..`.rsrc.........6......P6.............@..@.reloc........6......V6.............@..B................ l6.....H........p..................HR..pp.......................................0.......... F........%.?...(.....@... p........%.....(......... .........%.....(......... .........%.~...(......... .........%.....(......... F........%.....(......... .........%.T...(.....U... .........%.!...(....."... .........%.,...(.....-... .........%....(......... .........%.x...(.....y... .........%....(......... R........%.u...(.....v... .........%.....(......... .........%.....(.........*..0..

                C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.System.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):199312
                Entropy (8bit):6.041899752160956
                Encrypted:false
                SSDEEP:
                MD5:21059BB06F4E16AEF06484B3B7778787
                SHA1:B183DD43DDB15368BE19ECA29652F64E6C96CF81
                SHA-256:08A2EB48BD4DB5DF77D330261E9DC0946855D53F9ED7684E4EAE9416BD71D354
                SHA-512:D8F88943BAC70BB0DF0F19E824711553676617D906336E18C1AF208DF63A6543B314D480E63173322599059B8831F6A2C07B589F35321B3C784B5B6331396E34
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1`...........!................n.... ........@.. .......................`............@.....................................S.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................P.......H.......XM.......................L.......................................0.......... .........%.....(......... >........%....(......... .........%.....(......... .........%.w...(.....x... .........%._...(.....`... .........%....(......... l........%.....(......... .........%.....(......... .........%.}...(.....~... .........%.c...(.....d... .........%....(.........*..0..J.........(...........{]..........+.....-..r...p.+..{]...|d...{w...s....('....+..*...0............(.....

                C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):1594000
                Entropy (8bit):5.893957921956782
                Encrypted:false
                SSDEEP:
                MD5:B121E023AAA809C8FF64E8CBEC24FE8F
                SHA1:B6639C42A32620C657E84793C2A2DA1A964EABAB
                SHA-256:03C5ABE6FFF670C1A7806D07CE0D69D3CB9B2A63341D572CFEB7C26BC247A51E
                SHA-512:C0D199379D928C9928C41C7FFDDAAE3820ACC62F7B7229928386D620363ABFF88368EBE967788D72D1C41B423AA7B4D9CC7CD4CEBEE467EFABA7BF183A160203
                Malicious:true
                Yara Hits:
                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dll, Author: Joe Security
                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dll, Author: Joe Security
                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Syslogd\nsoftware.IPWorksSNMP.dll, Author: Joe Security
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1`...........!................NM... ........@.. ...............................f....@..................................L..W....`...............8............................................................... ............... ..H............text...T-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B................0M......H............8...........................................................0.......... l........%.I...(.....J... <........%.....(......... F........%....(......... .........%....(......... .........%.....(......... .........%.....(......... .........%.....(......... ........%.l...(.....m... .........%.....(......... X........%.)...(.....*... @........%.L...(.....M... (........%.....(......... .........%....(......... .........%.e...(.....f... ~........%.'...(.....(...*..0..

                C:\Program Files (x86)\Syslogd\nssm.exe

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):302944
                Entropy (8bit):5.6354183500335875
                Encrypted:false
                SSDEEP:
                MD5:3B33DEF850C834C20C98FF4EA2CA4DEA
                SHA1:E986BBD56F5AA46008DB7A3A904DED7DBD598ED0
                SHA-256:918ECFA234130AFEE45FBB316410C83778C7C5A229CB754BE0CB1FC823943FD1
                SHA-512:0DF0826A66304A412F2D18B6EA2E42C785CEA9D0F3F51001B210F6C2283850EA3D66FB23593788C9D5E80637F603E9C1C2EDE8095FA2092666A97BFCD5263C18
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6.Y.W...W...W....1..W....'..W.......W...W..<W.... ..W....0..W....5..W..Rich.W..................PE..L....@.T............................S>............@..................................2....@.................................d........`..._..............`...............................................@...............H............................text............................... ..`.rdata...I.......J..................@..@.data....0... ......................@....rsrc...._...`...`... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\tmp_img.~tmp

                Download File
                Process:C:\Program Files (x86)\Syslogd\Syslogd.exe
                File Type:GIF image data, version 89a, 93 x 18
                Category:dropped
                Size (bytes):1496
                Entropy (8bit):6.858392711259168
                Encrypted:false
                SSDEEP:
                MD5:FA09E6C176C653221BE9FD60157272BC
                SHA1:5CE84E3431406A7A4A964F17637260C44F662530
                SHA-256:594C611E709FA2E0C6EA10CE61477A913A60F093016AE5E8C947C87F7F53E9EB
                SHA-512:EAEDB57B786CF6C6DC3180ED8EB39CB3BD9897F520CA2A181070D2B6514DFBD8BE8433D791F198C077DEC7A44788ED2F948C7B1EE7D3D4D5436EFF385EA667A8
                Malicious:false
                Reputation:low
                Preview:GIF89a]..............'..)..5..0..1..6..3..4..5..7..6..9..9..:..?..B..C..@..C..N..O..J..M..M..N..P..P..P..Y..Z..\..\..f..h..j..c..e..h..l..n..u..t..l..s..v..t..t..x..|.....{......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,....]..........wI.....*\.....r.2p`.....AS.c.$ C..I...(Az\....E...... ..7r.....@......*U........MmH.J.*.X.N.J5.W.DJ..hP..h.U+...>Od....."!g.../_+.P.S..F...+V.dT%M..,....c.%..B..g.T.$.B...S..1...D.

                C:\Program Files (x86)\Syslogd\uninst-Syslogd.exe

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                Category:dropped
                Size (bytes):413999
                Entropy (8bit):7.843397423048507
                Encrypted:false
                SSDEEP:
                MD5:31A8CF67FBD96D0A18AB5F84DBD76BBF
                SHA1:AD012535C33FF2547504AB34183A005CF9314A2D
                SHA-256:E7752C807074CB5A0AD2ECE12D8C5EA897E559A96E98F32A03B0AC081656E306
                SHA-512:27FE63AC24AE2EE9A5BBDB776BD1F462D495E1EDCE9C4B01C43AD4E12FD4D5157B319587EB3543A17300738FBB2189CB538E1137C242C47E3232B6A0CABD322D
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1(..PF..PF..PF.*_...PF..PG.APF.*_...PF.sv..PF..V@..PF.Rich.PF.........PE..L....Oa.................p...T.......:............@.......................................@..............................................q..........0h..`............................................................................................text...xn.......p.................. ..`.rdata...............t..............@..@.data....-..........................@....ndata...0...............................rsrc....q.......r..................@..@................................................................................................................................................................................................................................................................................................................................................................

                C:\Program Files (x86)\Syslogd\vcredist_x86_2010.exe

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                Category:modified
                Size (bytes):5073240
                Entropy (8bit):7.998813544244484
                Encrypted:true
                SSDEEP:
                MD5:A9BDC3AC1FB59528A9907452756BD0DF
                SHA1:FFA3F3812DD6C2866313ACAE33568D1ACF32712C
                SHA-256:B4517131451E7754D6860765E1D4D29CCF35A29373A813F6E4BF0F8BE720FB73
                SHA-512:C04742681D678618C7D5D6BF923D41F75FA60CDD0BAD30141AB6956407FA4018AF1B4DC5EA40BBC05056A4D87FAC17263BDE4D24593971242947BA22CBFB4FBF
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#pA.B...B...B..gM...B...B...B..gMC..B..gMA..B..gM@..B..gMD..B..Rich.B..........................PE..L....jkG.............................c... ........... ...............................{M...@...... ...................................................RM.X........... "...............................&..@............ ...............................text........ ...................... ..`.data...............................@....rsrc.............L.................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Documentation\Kiwi Syslog Server Help.lnk

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jul 10 16:16:46 2023, mtime=Wed Dec 20 22:14:12 2023, atime=Mon Jul 10 16:16:46 2023, length=816664, window=hide
                Category:dropped
                Size (bytes):1088
                Entropy (8bit):4.650340763861911
                Encrypted:false
                SSDEEP:
                MD5:B6C389EBE0F9D5657651097F0F05D373
                SHA1:BA02CCD681AF7DA50A1093069E26F444219472CA
                SHA-256:133876AD41996AB17C03EA92E6A12F1E98A40C6C87B0AF08A786F6F1F9851CC0
                SHA-512:87DCE6EF217C5E7B6E41C79F7128D3C859B581CA121BC4EA4B830E0C2F568201F9671A482D2859547DA4998A4FF411DC7314283A96FCC08EDD82968815AC8157
                Malicious:false
                Reputation:low
                Preview:L..................F.... ......MR.....x>.3.....MR....v...........................P.O. .:i.....+00.../C:\.....................1......W....PROGRA~2.........O.I.W......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......W...Syslogd.@......W...W...........................u..S.y.s.l.o.g.d.....b.2..v...V.. .Syslogd.chm.H.......V...W...../Z........................S.y.s.l.o.g.d...c.h.m.......Y...............-.......X..............<.....C:\Program Files (x86)\Syslogd\Syslogd.chm..<.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.S.y.s.l.o.g.d...c.h.m...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.........*................@Z|...K.J.........`.......X.......216041...........hT..CrF.f4... ...0.+d...,....%..hT..CrF.f4... ...0.+d...,....%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6

                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Kiwi Syslog Server Console.lnk

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jul 10 16:29:42 2023, mtime=Wed Dec 20 22:14:21 2023, atime=Mon Jul 10 16:29:42 2023, length=11570968, window=hide
                Category:dropped
                Size (bytes):1082
                Entropy (8bit):4.641161350997843
                Encrypted:false
                SSDEEP:
                MD5:16C4768C611CF7776B7BA5A650DF2AD5
                SHA1:4871ED55BBF05F8A419BCEA43AC7E238BBCD3923
                SHA-256:E3EA8ADD45594E498F3D735DC562F5D1C7426A9961C4B4833452B719E7DA8F0B
                SHA-512:B45CF546ACA1341B29B4536BB499A739519A2528C3891F91A52736EB536C813CFC335D402D04619032779C6FCB05EA8A10970A7B5CE779C7518057512166A31B
                Malicious:false
                Reputation:low
                Preview:L..................F.... .....r.T......C.3....r.T................................P.O. .:i.....+00.../C:\.....................1......W....PROGRA~2.........O.I.W......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......W...Syslogd.@......W...W...........................u..S.y.s.l.o.g.d.....b.2......V.. .Syslogd.exe.H.......V...W..............................S.y.s.l.o.g.d...e.x.e.......Y...............-.......X..............<.....C:\Program Files (x86)\Syslogd\Syslogd.exe..9.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.S.y.s.l.o.g.d...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.........*................@Z|...K.J.........`.......X.......216041...........hT..CrF.f4... ...0.+d...,....%..hT..CrF.f4... ...0.+d...,....%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-

                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Kiwi Syslog Sever Licensing.lnk

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jul 10 16:29:44 2023, mtime=Wed Dec 20 22:14:11 2023, atime=Mon Jul 10 16:29:44 2023, length=135520, window=hide
                Category:dropped
                Size (bytes):1139
                Entropy (8bit):4.690857120984723
                Encrypted:false
                SSDEEP:
                MD5:1231BE13CBD932266CA36EAFDAEEA270
                SHA1:882B556426BA2457759DE0CDDD09EE4C176BF298
                SHA-256:7DDCE260AA3F38ED3AB9B7B0649C4AE543958BFAD90F38FCBDDCA833051AABCF
                SHA-512:BA8B95F62DA131615E8ECDC8F1ED0753B4D7E1211639C7FB914EA851E1A74D81E4C2CBBD03F202DE2DB359308078BFC9170B5704901C24E75AFA316964694928
                Malicious:false
                Reputation:low
                Preview:L..................F.... ....4..T....,.=.3...4..T...`............................P.O. .:i.....+00.../C:\.....................1......W....PROGRA~2.........O.I.W......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......W...Syslogd.@......W...W...........................u..S.y.s.l.o.g.d.....z.2.`....V.. .KIWISY~1.EXE..^.......V...W.....G.........................K.i.w.i.S.y.s.l.o.g.L.i.c.e.n.s.o.r...e.x.e.......d...............-.......c..............<.....C:\Program Files (x86)\Syslogd\KiwiSyslogLicensor.exe..D.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.K.i.w.i.S.y.s.l.o.g.L.i.c.e.n.s.o.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.........*................@Z|...K.J.........`.......X.......216041...........hT..CrF.f4... ...0.+d...,....%..hT..CrF.f4... ...0.+d...,....%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.

                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Kiwi Syslog Server\Uninstall\Uninstall Kiwi Syslog Server.lnk

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Dec 20 22:14:22 2023, mtime=Wed Dec 20 22:14:22 2023, atime=Wed Dec 20 22:14:22 2023, length=413999, window=hide
                Category:dropped
                Size (bytes):1191
                Entropy (8bit):4.671133152856086
                Encrypted:false
                SSDEEP:
                MD5:BBAD966E02C3A6B60BB0FB388268A746
                SHA1:2283B7D1DC6F3A9BC60ACB1B90F65B8EB7C724D9
                SHA-256:5DB2C7F13D8A85272F822EC028B54FEA98FC1C7941519C3E4D1DD5EDED12A565
                SHA-512:F946154E871BC06256AD1A0F80D0C3F4689F21911AB6C76C9D8C956B7A9FE4B31D77971182AF6A432F6E6AEEA0CF0EBFF213C0DAF3551570C8B9336B465F6B26
                Malicious:false
                Reputation:low
                Preview:L..................F.... ....5.D.3...b.D.3...b.D.3../Q...........................P.O. .:i.....+00.../C:\.....................1......W....PROGRA~2.........O.I.W......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......W...Syslogd.@......W...W...........................u..S.y.s.l.o.g.d.....r.2./Q...W. .UNINST~1.EXE..V......W..W..............................u.n.i.n.s.t.-.S.y.s.l.o.g.d...e.x.e.......`...............-......._..............<.....C:\Program Files (x86)\Syslogd\uninst-Syslogd.exe..C.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.u.n.i.n.s.t.-.S.y.s.l.o.g.d...e.x.e.?.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.t.a.r.t. .M.e.n.u.\.P.r.o.g.r.a.m.s.\.S.o.l.a.r.W.i.n.d.s.........*................@Z|...K.J.........`.......X.......216041...........hT..CrF.f4... .".0.+d...,....%..hT..CrF.f4... .".0.+d...,....%.............1SPS.XF.L8

                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds\Solarwinds License Manager Setup.lnk

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 11 16:24:52 2022, mtime=Wed Dec 20 22:14:11 2023, atime=Tue Oct 11 16:24:52 2022, length=3895296, window=hide
                Category:dropped
                Size (bytes):1240
                Entropy (8bit):4.627343792020658
                Encrypted:false
                SSDEEP:
                MD5:ED4FBE26A47E52A1DD1EF1797C51C2DB
                SHA1:D6AB5D6DE26307B80FF3F513D04F1DDA97200D39
                SHA-256:1912FE8B9A2A4141ADAAA40E07BC7FAFDD1563E543AE36D040B974954134543C
                SHA-512:1D2E83FE3555871C11F9BC6636AE3BEFD0152D26D7561DBD133046B0AA7F906A7D564DE2FB2AE50C760D390C5CCFB59B9DC59E5616F45025526EBAC495B2FC2A
                Malicious:false
                Reputation:low
                Preview:L..................F.... .....;_.......=.3....;_.....p;..........................P.O. .:i.....+00.../C:\.....................1......W....PROGRA~2.........O.I.W......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......W...Syslogd.@......W...W...........................u..S.y.s.l.o.g.d.......2..p;.KU.. .SOLARW~1.MSI..l......KU...W.....t.........................S.o.l.a.r.W.i.n.d.s...L.i.c.e.n.s.e.M.a.n.a.g.e.r...m.s.i.......k...............-.......j..............<.....C:\Program Files (x86)\Syslogd\SolarWinds.LicenseManager.msi..K.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.S.o.l.a.r.W.i.n.d.s...L.i.c.e.n.s.e.M.a.n.a.g.e.r...m.s.i.?.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.t.a.r.t. .M.e.n.u.\.P.r.o.g.r.a.m.s.\.S.o.l.a.r.W.i.n.d.s.........*................@Z|...K.J.........`.......X.......216041...........hT..CrF.f4... . .0.+d...,....%..hT..C

                C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:data
                Category:modified
                Size (bytes):704
                Entropy (8bit):2.4977527039649208
                Encrypted:false
                SSDEEP:
                MD5:2A339461293FC5ECF3640BB1458FACBC
                SHA1:02DC739D19CC01F895634CB681BBF953D7E0BE90
                SHA-256:A960A7F7EACDCBD268F6F7F5FA03C640501AB5E42C866788893B8022FB552DA4
                SHA-512:3D5D143C9E0C077740D3ADD9321A9EFA53088F4D5E2652636AB492AF2CF5869A11EBDAEDF0D69F952EA048D85C628801DB5F4F1C5D50B3839688781047F9F3D5
                Malicious:false
                Reputation:low
                Preview:A.......................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.............................W.i.x.B.u.n.d.l.e.N.a.m.e.....<...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.3. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.8.6.). .-. .1.2...0...3.0.5.0.1.........W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....4...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.v.c.r.e.d.i.s.t._.x.8.6._.2.0.1.3...e.x.e.....................

                C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe (copy)

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):461368
                Entropy (8bit):6.931191292112627
                Encrypted:false
                SSDEEP:
                MD5:2335AB0C0E19C0EF416D07DF66FEE649
                SHA1:1E8794AFF453F7647A6C149F3D38F7A3FF4CCD1B
                SHA-256:F0E46C0F9B2991FA6D187C6B2BED28139C67804CC58CC45C77F06A6F217CB21A
                SHA-512:518580D7A0D8F9610C8EC0204AE879A91A24325FB5E45348E6F0769AA25A69525992BC0F722DF113993AA29A1A917DE8FBECFB39D547D6F25354C3488BF06A62
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.V...8...8...8.......8.....n.8......8......8...9.I.8.....l.8.......8.......8.......8.Rich..8.................PE..L....._S.....................,.......~............@..........................0............@.................................t!..,........7...............>......$2......................... ...........@............................................text...t........................... ..`.rdata..............................@..@.data... 0...@.......,..............@....wixburn8............<..............@..@.tls.................>..............@....rsrc....7.......8...@..............@..@.reloc...B.......D...x..............@..B........................................................................................................................................................................................................................................

                C:\ProgramData\SolarWinds\license.dat

                Download File
                Process:C:\Program Files (x86)\Syslogd\Syslogd.exe
                File Type:data
                Category:dropped
                Size (bytes):6646
                Entropy (8bit):7.965369935256656
                Encrypted:false
                SSDEEP:
                MD5:2229328DD771BF480BF92D754497058E
                SHA1:F8C74C35D07C5574D207D7B7160BFAF3492B4398
                SHA-256:D7A3FA2E3F6E09E04932FF1705EE113EDDF4145DA44DBBC77DFF2AAE3A784DE8
                SHA-512:641168B860D7D5E4384569B2E29CC7BFF4DF2D6CAD7EBEFEFD544F84B0ABB8DFA35E6F53C2651FA650D0412F2D440CAC19AB132651AD7A3CF6C3A34B6BB15665
                Malicious:false
                Reputation:low
                Preview:............z..O......./..).(G..Y.B..[...........f...... .....C.N...Y..... V.Y.~...1.e\>T(.J............ ......6.5.y1.C.&g.......t.b.T:K.. ....]Y.I....w.2..>......`.....J....m.M.7t8..aplq$.t..w....v..I#..6.....(......9..1.:Thm.;.`....Bl...Vr.['y7.7.'.`...]....Qr.=.#9.....U.....\3f..{..'h|+..4... ......./f'S/*...Q9'.C...?.,Z+.J.m..r..p,59.hv.3..+....u.[f....Ar[....N..F....P...&:.Y.L.<u......H..J....j..5L...[.V0.~._..!.T.S....2..~RW..sI^...M:.......X.........~.}Ko..0.*.!J...Ke...:...Tl>h......C.4....._...6.b....oWlr..QR..zo.`N..)_..n.H.0..yT.U.?|....t.......p.....% .......U....p......k.P.....g.5.M..6[.v.....J.1.....d..8^NA..qR.....=.-.......*O...r].@............j.!A.K........_.2I..w.I.....`.M.....`^.9.8..o4H"..dGhz1.Y.........U..L..._X..-......`.zh..3.....F.!......26G..E.3.15..Au.t.$....W....o.]......5H..4.xyH..6......7.........'.s.su`^CL........$...b.......K......w.R...b.$.....=..a...K.z.....p...L...%...i.....b.....Vh.8$X..Ud..z..p..mr

                C:\Users\Public\Desktop\Kiwi Syslog Server Console.lnk

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jul 10 16:29:42 2023, mtime=Wed Dec 20 22:14:23 2023, atime=Mon Jul 10 16:29:42 2023, length=11570968, window=hide
                Category:dropped
                Size (bytes):1130
                Entropy (8bit):4.6444425379541645
                Encrypted:false
                SSDEEP:
                MD5:160BC7CD85698457E48323204973511E
                SHA1:5B5D1597C96A3FD3FF071A85720FB122DD9A47A0
                SHA-256:2EEA36339CA727D0DCE1D059CF386FD4B75B3E9BC7743B787D016E4950217A0B
                SHA-512:2A42A8274801B0AD82B4C59FC5088C932F7BDC88D75D6DEC7F7972B32D931A4B753522CACE6EC3D87104153CD700D4842AA900B196ACC6C013F1A575B0611DA6
                Malicious:false
                Reputation:low
                Preview:L..................F.... .....r.T......D.3....r.T................................P.O. .:i.....+00.../C:\.....................1......W....PROGRA~2.........O.I.W......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......W...Syslogd.@......W...W...........................u..S.y.s.l.o.g.d.....b.2......V.. .Syslogd.exe.H.......V...W..............................S.y.s.l.o.g.d...e.x.e.......Y...............-.......X..............<.....C:\Program Files (x86)\Syslogd\Syslogd.exe..0.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.S.y.s.l.o.g.d...e.x.e.?.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.t.a.r.t. .M.e.n.u.\.P.r.o.g.r.a.m.s.\.S.o.l.a.r.W.i.n.d.s.........*................@Z|...K.J.........`.......X.......216041...........hT..CrF.f4... ...0.+d...,....%..hT..CrF.f4... ...0.+d...,....%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5

                C:\Users\user\AppData\Local\Temp\HFIB50B.tmp.html

                Download File
                Process:C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe
                File Type:HTML document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):16118
                Entropy (8bit):3.6434775915277604
                Encrypted:false
                SSDEEP:
                MD5:CD131D41791A543CC6F6ED1EA5BD257C
                SHA1:F42A2708A0B42A13530D26515274D1FCDBFE8490
                SHA-256:E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
                SHA-512:A6EE9AF8F8C2C7ACD58DD3C42B8D70C55202B382FFC5A93772AF7BF7D7740C1162BB6D38A4307B1802294A18EB52032D410E128072AF7D4F9D54F415BE020C9A
                Malicious:false
                Reputation:low
                Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                C:\Users\user\AppData\Local\Temp\HFIBBB5.tmp.html

                Download File
                Process:C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe
                File Type:data
                Category:dropped
                Size (bytes):7204
                Entropy (8bit):3.6220036673681903
                Encrypted:false
                SSDEEP:
                MD5:D25F09C82AAC699FD3824B5EB8170910
                SHA1:6AD145E8B99DE2EC486697989F164ED34E7C192C
                SHA-256:90A88C4BFC39C0C67D705DC9BB6D0112DFAFACD274998580F252DD0F8223D441
                SHA-512:B11A889ED9304810F4A6A001E67695F853B845F1DEB7B55AF48D59EA65B8AFD4F53B4181D03A9DDC3F03C251CB16122BEDB7F0D6E0BBF046FFA57A85526048CD
                Malicious:false
                Reputation:low
                Preview:....<.s.p.a.n. .c.l.a.s.s.=.".v.b.e.".>.<.s.p.a.n. .c.l.a.s.s.=.".t.".>.[.1.2./.2.1./.2.0.2.3.,. .0.:.1.3.:.2.5.].<./.s.p.a.n.>.c.a.l.l.i.n.g. .P.e.r.f.o.r.m.A.c.t.i.o.n. .o.n. .a.n. .i.n.s.t.a.l.l.i.n.g. .p.e.r.f.o.r.m.e.r.<.B.R.>.<./.s.p.a.n.>.....<.s.p.a.n. .c.l.a.s.s.=.".a.c.t.".>.<.d.i.v. .c.l.a.s.s.=.".s.e.c.t.i.o.n.H.d.r.".>.<.a. .h.r.e.f.=.".#.". .o.n.c.l.i.c.k.=.".t.o.g.g.l.e.S.e.c.t.i.o.n.(.).;. .e.v.e.n.t...r.e.t.u.r.n.V.a.l.u.e.=.f.a.l.s.e.;.".>.<.s.p.a.n. .c.l.a.s.s.=.".s.e.c.t.i.o.n.E.x.p.".>.<.s.p.a.n. .c.l.a.s.s.=.".t.".>.[.1.2./.2.1./.2.0.2.3.,. .0.:.1.3.:.2.5.]. .<./.s.p.a.n.>.A.c.t.i.o.n.:. .P.e.r.f.o.r.m.i.n.g. .a.c.t.i.o.n.s. .o.n. .a.l.l. .I.t.e.m.s.<./.s.p.a.n.>.<.s.p.a.n. .c.l.a.s.s.=.".s.e.c.t.i.o.n.E.x.p.2.".>.......<.B.R.>.<./.s.p.a.n.>.<./.a.>.<./.d.i.v.>.<.d.i.v. .c.l.a.s.s.=.".s.e.c.t.i.o.n.".>.....<.s.p.a.n. .c.l.a.s.s.=.".v.b.e.".>.<.s.p.a.n. .c.l.a.s.s.=.".t.".>.[.1.2./.2.1./.2.0.2.3.,. .0.:.1.3.:.2.5.].<./.s.p.a.n.>.W.a.i.t. .f.o.r. .I.t.e.m. .(.v.c._.

                C:\Users\user\AppData\Local\Temp\KSS\JetBrains.Annotations.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):97280
                Entropy (8bit):5.498708327248938
                Encrypted:false
                SSDEEP:
                MD5:097A7358DDAE665595B6AC5B5D6289C6
                SHA1:29723895EC766DCCB9A75186971EAA11D6CFF6B9
                SHA-256:C964EDA0D4B8ABFA3673BE1AB14C437FE5925C0E72409E1ADF2D7404DD875D37
                SHA-512:CD29FE5912BE55FA9EB1D05E9135E575AD6AAFF9F4808C94FEE62E107AEFC5B854E968B0A228A912E905D1CAF596F3B27F0C6DE242A90DC7C0F740D05A85D233
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..r..........&.... ........... ..............................M.....@....................................O.......................................T............................................ ............... ..H............text...,q... ...r.................. ..`.rsrc................t..............@..@.reloc...............z..............@..B........................H........(..|@...........h...'............................................(....*..(....*..(....*..(....*:.(......}....*..{....*..(....*:.(......}....*..{....*..{....*..{....*~.(...........}...........}....*~.(...........}...........}....*...0...........(............%.}.....}....*.0...........(............%.}.....}....*..(....*..(....*..(....*:.(......}....*..{....*&...(....*V.(......}......}....*..{....*..{....*"..(....*:.(......}....*..{....*..(....*:.(......}....*..{....*&.

                C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.UI.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):298384
                Entropy (8bit):6.750596566958293
                Encrypted:false
                SSDEEP:
                MD5:D77E72CF47115D10C69A2EEDEA8F50FA
                SHA1:5B6DFC8EACD4F7BBAC091FC8D9F92090B01680F8
                SHA-256:62F1A0969DD38E762A1054759CE8D15858E27949AF88FB3E4926E339ECF712FB
                SHA-512:D0FEFE62357213C8FCF9B397F15D2146C30BF719DD85FD05D521F4569D30BBF0F655C4AF2F697299D6E22FBB96AB2EBDB93D497F542C954B3A9D601E6BE1D29B
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..T...........r... ........... ..............................O.....`.................................Pr..O....................^.../..........`q..T............................................ ............... ..H............text....R... ...T.................. ..`.rsrc................V..............@..@.reloc...............\..............@..B.................r......H............<..........xI...&..`p........................................{....*..{....*..{....*..{....*..(......}......}......}.......}....*....0..q........u........d.,_(.....{.....{....o....,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o ...*.*.*....0..b....... ..t. )UU.Z(.....{....o!...X )UU.Z(.....{....o"...X )UU.Z(.....{....o#...X )UU.Z(.....{....o$...X*...0...........r...p......%..{.......%q.........-.&.+.......o%....%..{.......%q.........-.&.+.....

                C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Licensing.Gen4.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):399752
                Entropy (8bit):6.215026898056379
                Encrypted:false
                SSDEEP:
                MD5:092F6CADDD25B25FDCE4B1EF1FA25B25
                SHA1:E504312BC215C7FE6755E4983796DD3EA43CBE1C
                SHA-256:9C24EF1095F81BE693E5850D312F883B0052B4D3C04D73CF932180B2993626D2
                SHA-512:E4156AAF748C7E1E84F883AA56453B026FD213CF5441F9E5977DC8696724D0216DF013648ED6FB0D6BAED10869C45236AAEE78E9CEEEBA6988EE377C3126602A
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0)............" ..0.................. ... ....... .......................`......W.....`.................................V...O.... .................../...@......l...T............................................ ............... ..H............text...(.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......h...................X...l.........................................{1...*..{2...*V.(3.....}1.....}2...*...0..A........u........4.,/(4....{1....{1...o5...,.(6....{2....{2...o7...*.*.*. .f3 )UU.Z(4....{1...o8...X )UU.Z(6....{2...o9...X*...0..b........r...p......%..{1......%q.........-.&.+.......o:....%..{2......%q.........-.&.+.......o:....(;...*..{<...*..{=...*..{>...*r.(3.....}<.....}=.....}>...*..0..Y........u........L.,G(4....{<....{<...o5...,/(6....{=....{=...o7...

                C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Logging.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):46456
                Entropy (8bit):6.283490305044148
                Encrypted:false
                SSDEEP:
                MD5:ABC08556C791C55F722B3D837B1C755F
                SHA1:1E252D2F0E241A5245EACBA2CE52E6B29A993482
                SHA-256:7B367C13A7B4F30110D8A09EF0F962AF36ACC483A8A4DEF695D2E6EE49742DD1
                SHA-512:36028A53CDDCE5F15A6535721FE3F6F9C4CBF0A0901A30752B62D8F863FDF76B33D4272ACE4F657A339498C980CD1B3BB4AE36398011B7F3ABCFC68C2B28E502
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$&............" ..0..|..........R.... ........... ....................................`.....................................O.......................x/..........(...T............................................ ............... ..H............text...X{... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B................3.......H.......|F..,S..........................................................V!..e4^....s!........*:.(......}....*V.(......}......}....*..s....*"..s....*..{....*..{....*..("...*"..(#...*&...($...*..0...........-.*.o%...u......9....s&.....o'.....o(...o)...(...+o+....+#.o,..........o-...o......~....o/....o....-....,..o......~0...o1....~0.....o2....o3.....+...(4.......(5.....(6...o/.....(7...-...........o.......o1.....&..*...(....9./h..........)....................s.........*.0..J...

                C:\Users\user\AppData\Local\Temp\KSS\SolarWinds.Orion.MaintDateCheck.exe

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):34200
                Entropy (8bit):6.565200746835114
                Encrypted:false
                SSDEEP:
                MD5:EBBA335FD28EE47F33CC3D9F219A165F
                SHA1:AAB5FEA1D3940903798F7778E6B61D1A41F95C27
                SHA-256:716D37E97BA8B004E4110E4FE82ABEED76585FEA86166DEA67AD1B455FD6E31C
                SHA-512:AD374C35A85F149DBA90994E398F36918A4B9DB2530D9D2FC2BF37A516A06612807D0630F51FBCD2A1CDEB19935E24868B70F0073CC7DCFD93E298BFC5462239
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... U..........."...0..J...........i... ........@.. ....................................`.................................Ei..O.......T............V.../..........Ph..T............................................ ............... ..H............text....I... ...J.................. ..`.rsrc...T............L..............@..@.reloc...............T..............@..B................yi......H......../...7......)...........Pg......................................V!...7.....s.........*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.r...p......%..(.....%..(.....2....%..(.....%..(..........(....*...0...........-..+....4...%..;.(....%-.&..3......i.2...i.1..*s....%...o....%...(....o..........(....,...o....+..*..i./...o....o.....*...r...p(.......(....-...o....o....+...o.....*...0...........-.r...ps ...z..s!......&...(....&..s".......*..............

                C:\Users\user\AppData\Local\Temp\KSS\log4net.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):270336
                Entropy (8bit):5.576980425455978
                Encrypted:false
                SSDEEP:
                MD5:27FE8D18682FD9901E589E65EF429B23
                SHA1:6426E96243911BEAB547F2BC98A252A26692F11F
                SHA-256:896AB9CAC41E3977792BA2034EA8730610C2779FA51BAB6BED426094EA8D3ECD
                SHA-512:9D6BC8C77C72CBAD15E808281818C2768F1B44AA6EA1D54A979C91218B8FBF2A02FEE49FA97DB6CFA6087DDC363D6CDD6407E4494934B4568C514437030A2615
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p3..........." ..0...... ........... ... ....... .......................`............`.................................h...O.... .......................@......L................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20231221_001318816-MSI_vc_red.msi.txt

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
                Category:dropped
                Size (bytes):286714
                Entropy (8bit):3.8178446893405047
                Encrypted:false
                SSDEEP:
                MD5:459B22DAF35516269742858B773A1361
                SHA1:88971671924CFDD12E1631584C106435FB3F0F84
                SHA-256:1AA8C9B94F7EDC7FC812DC211DD093E6716AC225E7D2F1DE06CF9A375CD7B241
                SHA-512:6B660C35F0F5A184D178CD4B81B301142A4BCE604BB7AD3D2929F9467A3F36D5C87F3614C871FBC55087402C07537462B9D71616BC87E98BBCBBFDF9197BEFC7
                Malicious:false
                Reputation:low
                Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.1./.1.2./.2.0.2.3. . .0.0.:.1.3.:.2.6. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .c.:.\.9.f.2.0.5.d.7.d.8.f.8.e.b.e.3.c.2.0.c.6.0.9.4.c.d.4.1.7.5.8.f.8.\.S.e.t.u.p...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.E.8.:.A.8.). .[.0.0.:.1.3.:.2.6.:.4.7.6.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.E.8.:.A.8.). .[.0.0.:.1.3.:.2.6.:.4.7.6.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.E.8.:.A.8.). .[.0.0.:.1.3.:.2.6.:.4.7.6.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .c.:.\.9.f.2.0.5.d.7.d.8.f.8.e.b.e.3.c.2.0.c.6.0.9.4.c.d.4.1.7.5.8.f.8.\.v.c._.r.e.d...m.s.i..... . . . . . . . . . . .*.*.*.*.*.*.*. .A.c.t.i.o.n.:. ..... . . . . . . . . . . .*.*.*.*.*.*.*. .C.o.m.m.a.n.d.L.i.n.e.:. .*.*.*.*.*.*.*.*.*.*.....M.S.I. .(.c.). .

                C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20231221_001318816.html

                Download File
                Process:C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe
                File Type:HTML document, Unicode text, UTF-16, little-endian text, with very long lines (357), with CRLF line terminators
                Category:dropped
                Size (bytes):77846
                Entropy (8bit):3.683071650335708
                Encrypted:false
                SSDEEP:
                MD5:4CA499C61DA1B22AD768E641EC73C8C2
                SHA1:71D49C461F2FC700720F65D2A0EA033B560FEFF8
                SHA-256:00FEA26BC676F4C838182A60575B1FE72AA24F3CDF3C9BA132FCF43BFE6452B2
                SHA-512:176C89B6D21D587DBE08BC05E93957B0EF8FEE35374500B7B44E9BDD005DBA0BC08FB52A9A25126CA1F37D3EE12004E0DA7E2FFC5235E4CB1A5C1320F3216ADB
                Malicious:false
                Reputation:low
                Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                C:\Users\user\AppData\Local\Temp\Setup_20231221_001317634.html

                Download File
                Process:C:\9f205d7d8f8ebe3c20c6094cd41758f8\Setup.exe
                File Type:HTML document, Unicode text, UTF-16, little-endian text, with very long lines (323), with CRLF line terminators
                Category:modified
                Size (bytes):29482
                Entropy (8bit):3.705880660761129
                Encrypted:false
                SSDEEP:
                MD5:46A33D5C1C69CE219583816A04E0FF4B
                SHA1:3DD744147C9BC809C6FEDDDD5AA0254084FE3311
                SHA-256:44DDDAD2E8D06A4F9BFFDCFCFCC846E2BDC47C4C4BBABDDBDEE88CE2FE453757
                SHA-512:C36CA7892A90768708BFF91A5197381B61987825011D7E161156FC946E2FF700D9C008F0151AD8006E62708CB59F9DE3092C669FFA17DE189E325024C2368E70
                Malicious:false
                Reputation:low
                Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20231221001338.log

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:ASCII text, with very long lines (320), with CRLF line terminators
                Category:modified
                Size (bytes):8663
                Entropy (8bit):5.524981053764831
                Encrypted:false
                SSDEEP:
                MD5:172C2B6834E73404A09E858C3EFCD3B5
                SHA1:1363D3EBD03E58C662C603E46FB589A03869B3DD
                SHA-256:81B4C3B9971CDC48543899827FDA3D5271BFD4705959F6070B1C0FCD6C248B07
                SHA-512:B95FB37241744386FD3B4D661D7E50635456D955538608002021836261ED267B20B9861F2D354A1E2256044C5221AB114AB7528DC16A397CBDC04E6B3619C321
                Malicious:false
                Reputation:low
                Preview:[06D0:0A24][2023-12-21T00:13:38]i001: Burn v3.7.2829.0, Windows v6.3 (Build 9600: Service Pack 0), path: C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe, cmdline: '-burn.unelevated BurnPipe.{B2C923D5-03AD-40DC-9405-A63C3C16425A} {6708B3AD-47E5-4E6F-9EE8-261E5C997216} 2632'..[06D0:0A24][2023-12-21T00:13:38]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20231221001338.log'..[06D0:0A24][2023-12-21T00:13:38]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe'..[06D0:0A24][2023-12-21T00:13:38]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501'..[06D0:0A24][2023-12-21T00:13:38]i100: Detect begin, 2 packages..[06D0:0A24][2023-12-21T00:13:38]i101: Detected package: vcRuntimeMinimum_x86, state: Absent, cached: None..[06D0:0A24][2023-12-21T00:13:38]i101: Detected package: vcRuntimeAdditional_x86, state:

                C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20231221001338_0_vcRuntimeMinimum_x86.log

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Unicode text, UTF-16, little-endian text, with very long lines (588), with CRLF line terminators
                Category:dropped
                Size (bytes):179380
                Entropy (8bit):3.7839232460774044
                Encrypted:false
                SSDEEP:
                MD5:F441FF252DC61CD840D2481EF173A6F9
                SHA1:ECCF82EE2493DDE5852659391446E2708761B872
                SHA-256:DB0C55CA015DD0971E5BE31883AA14AC54B079FB9CD54F7330E0B6E4AAC6B444
                SHA-512:61CD7C08F3C0B5596669AFE3CEE65918ED0696D6AB8499314EFCA704A365F71BFF5A19FAE0097363C7166177817318D5F0F478B1FE5A0B142D119340CC200772
                Malicious:false
                Reputation:low
                Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.1./.1.2./.2.0.2.3. . .0.0.:.1.3.:.5.7. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.v.c.r.e.d.i.s.t._.x.8.6._.2.0.1.3...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.4.8.:.2.C.). .[.0.0.:.1.3.:.5.7.:.6.7.6.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.4.8.:.2.C.). .[.0.0.:.1.3.:.5.7.:.6.7.6.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.4.8.:.2.C.). .[.0.0.:.1.3.:.5.7.:.6.7.6.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.1.3.A.4.E.E.1.2.-.2.3.E.A.-.3.3.7.1.-.9.1.E.E.-.E.F.B.3.6.D.D.F.F.F.3.E.}.v.1.2...0...2.1.0.0.5.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.M.i.n.i.m.u.m._.x.8.6.\.v.c._.r.u.n.t.i.m.e.M.i.n.

                C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20231221001338_1_vcRuntimeAdditional_x86.log

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Unicode text, UTF-16, little-endian text, with very long lines (588), with CRLF line terminators
                Category:dropped
                Size (bytes):209734
                Entropy (8bit):3.8072767637729874
                Encrypted:false
                SSDEEP:
                MD5:98B3A9A9CFD71461B242BCE2CCD7E5A1
                SHA1:33C5647EA50C489D5E0E9C57ED2BDB1620CA202B
                SHA-256:7AD2B997D9886DF41267F0686AB4A3258E5CC44EAE3DE1FCE1E9C854E3EA7884
                SHA-512:84FF4EB7B94FD994EB5B9C0276AF2F45AAEA013A40B65AF2918BD49088C8E461B98C2260F28A5FBEA5B47B7B76E4840ABCEBDA54627F0BB54EDD37C6034ABCA1
                Malicious:false
                Reputation:low
                Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.1./.1.2./.2.0.2.3. . .0.0.:.1.3.:.5.8. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.v.c.r.e.d.i.s.t._.x.8.6._.2.0.1.3...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.4.8.:.5.8.). .[.0.0.:.1.3.:.5.8.:.6.1.8.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.4.8.:.5.8.). .[.0.0.:.1.3.:.5.8.:.6.1.8.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.4.8.:.5.8.). .[.0.0.:.1.3.:.5.8.:.6.1.8.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.F.8.C.F.E.B.2.2.-.A.2.E.7.-.3.9.7.1.-.9.E.D.A.-.4.B.1.1.E.D.E.F.C.1.8.5.}.v.1.2...0...2.1.0.0.5.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.A.d.d.i.t.i.o.n.a.l._.x.8.6.\.v.c._.r.u.n.t.i.m.e.

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\InstallOptions.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):15872
                Entropy (8bit):5.471852540236525
                Encrypted:false
                SSDEEP:
                MD5:ECE25721125D55AA26CDFE019C871476
                SHA1:B87685AE482553823BF95E73E790DE48DC0C11BA
                SHA-256:C7FEF6457989D97FECC0616A69947927DA9D8C493F7905DC8475C748F044F3CF
                SHA-512:4E384735D03C943F5EB3396BB3A9CB42C9D8A5479FE2871DE5B8BC18DB4BBD6E2C5F8FD71B6840512A7249E12A1C63E0E760417E4BAA3DC30F51375588410480
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.px.q.+.q.+.q.+.q.+[q.+.~C+.q.+^R.+.q.+^R/+.q.+.w.+.q.+.Q.+.q.+Rich.q.+........PE..L....Oa...........!.........`.......+.......0............................................@..........................8......X1..................................X....................................................0..X............................text............................... ..`.rdata..G....0......."..............@..@.data...DL...@.......,..............@....rsrc................6..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\KiwiSC.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):53760
                Entropy (8bit):6.325710701340723
                Encrypted:false
                SSDEEP:
                MD5:8330AC8C39D999D237438E5A0A111691
                SHA1:9775EBF1BBF763A365142502029C0E9FD6570505
                SHA-256:496F5E8686CE3613FFCEC082940B11481CA953066583BD0DF841E9A981854223
                SHA-512:FD36A456529EA500B9248599F16251BF72495DD3DE4BFAA8C0BFCB06FEAB6C6366FCB0A98F295B89BE1324103B509BEC7821F795FF2B14AE803B6E2326C087FE
                Malicious:false
                Reputation:low
                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................0....................@.............................................................................................................@...................................................................................CODE............................... ..`DATA................................@...BSS......................................idata..............................@....edata..............................@..P.reloc..@...........................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\KiwiSyslogWebAccess.ini

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):1174
                Entropy (8bit):3.588575271310631
                Encrypted:false
                SSDEEP:
                MD5:CF2C862C56BD04455C3744EFA2E82816
                SHA1:EA07FAAAED6F13E082C12D278EB2F9F0D224C9A4
                SHA-256:0E73EA284324909BAFA2CFB15165D2A7ED8EBAF0EF0ECCA2D13EF5D45D56D46F
                SHA-512:1818B8F947566599F841B67C4277A127C8B6990AC558426127032008E3D7EFF51158D3BA5DF5738F9DA4AB2D6C0A558961748D0EF18C3968D8D932434A8C8D00
                Malicious:false
                Reputation:low
                Preview:..;. .I.n.i. .f.i.l.e. .g.e.n.e.r.a.t.e.d. .b.y. .t.h.e. .H.M. .N.I.S. .E.d.i.t. .I.O. .d.e.s.i.g.n.e.r.......[.S.e.t.t.i.n.g.s.].....N.u.m.F.i.e.l.d.s.=.4.....R.T.L.=.0.........[.F.i.e.l.d. .1.].....T.y.p.e.=.C.h.e.c.k.b.o.x.....T.e.x.t.=.I.n.s.t.a.l.l. .K.i.w.i. .S.y.s.l.o.g. .W.e.b. .A.c.c.e.s.s.....S.t.a.t.e.=.1.....L.e.f.t.=.0.....R.i.g.h.t.=.1.7.1.....T.o.p.=.0.....B.o.t.t.o.m.=.9.....F.l.a.g.s.=.N.O.T.I.F.Y.........[.F.i.e.l.d. .2.].....T.y.p.e.=.C.h.e.c.k.b.o.x.....T.e.x.t.=.C.r.e.a.t.e. .a. .n.e.w. .W.e.b. .A.c.c.e.s.s. .l.o.g.g.i.n.g. .r.u.l.e. .i.n. .K.i.w.i. .S.y.s.l.o.g. .S.e.r.v.e.r.....S.t.a.t.e.=.1.....L.e.f.t.=.1.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.1.4.....B.o.t.t.o.m.=.2.5.........[.F.i.e.l.d. .3.].....T.y.p.e.=.G.r.o.u.p.b.o.x.....L.e.f.t.=.0.....R.i.g.h.t.=.-.1.....T.o.p.=.3.0.....B.o.t.t.o.m.=.6.3.........[.F.i.e.l.d. .4.].....T.y.p.e.=.L.a.b.e.l.....T.e.x.t.=.K.i.w.i. .S.y.s.l.o.g. .W.e.b. .A.c.c.e.s.s. .c.a.n. .b.e. .e.n.a.b.l.e.d. .i.n. .t.h.e. .l.i.c.e.n.s.e.d.

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\Syslogd_Choose.ini

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):1946
                Entropy (8bit):3.5840892014720063
                Encrypted:false
                SSDEEP:
                MD5:E3BF1B5C112A90B591EB5CEABDFA2199
                SHA1:987C73D54A551FA4744EF881AC24B73D81542392
                SHA-256:E009F34B2387757C7F42B2D6B44C3E721E78E6668ACBCA7658DE23FBD8F3E672
                SHA-512:0948A2F78A6A3DBE186473ECCEC52A7BE2D4C5936E4EC11E39B2911D6C6089689F0F609E3A972644C6644F9680ECF0984B3BC06C61A53D16546FD1E192338CD4
                Malicious:false
                Reputation:low
                Preview:..[.S.e.t.t.i.n.g.s.].....N.u.m.F.i.e.l.d.s.=.4.....R.T.L.=.0.....S.t.a.t.e.=.0.........[.F.i.e.l.d. .1.].....T.y.p.e.=.r.a.d.i.o.b.u.t.t.o.n.....T.e.x.t.=.I.n.s.t.a.l.l. .K.i.w.i. .S.y.s.l.o.g. .S.e.r.v.e.r. .a.s. .a. .S.e.r.v.i.c.e.....L.e.f.t.=.0.....R.i.g.h.t.=.-.1.....T.o.p.=.0.....B.o.t.t.o.m.=.1.0.....S.t.a.t.e.=.0.....H.W.N.D.=.2.6.2.8.1.4.........[.F.i.e.l.d. .2.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.0.....R.i.g.h.t.=.-.3.0.....T.o.p.=.1.5.....B.o.t.t.o.m.=.4.5.....T.e.x.t.=.".T.h.i.s. .o.p.t.i.o.n. .i.n.s.t.a.l.l.s. .K.i.w.i. .S.y.s.l.o.g. .S.e.r.v.e.r. .a.s. .a. .W.i.n.d.o.w.s. .s.e.r.v.i.c.e.,. .a.l.l.o.w.i.n.g. .t.h.e.\.r.\.n.p.r.o.g.r.a.m. .t.o. .r.u.n. .w.i.t.h.o.u.t. .t.h.e. .n.e.e.d. .f.o.r. .a. .u.s.e.r. .t.o. .l.o.g.i.n. .t.o. .W.i.n.d.o.w.s... .T.h.i.s. .o.p.t.i.o.n. .a.l.s.o.\.r.\.n.i.n.s.t.a.l.l.s. .t.h.e. .K.i.w.i. .S.y.s.l.o.g. .S.e.r.v.e.r. .M.a.n.a.g.e.r. .w.h.i.c.h. .i.s. .u.s.e.d. .t.o. .c.o.n.t.r.o.l. .t.h.e. .s.e.r.v.i.c.e...".....H.W.N.D.=.2.6.2.8.2.0...

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\System.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):12288
                Entropy (8bit):5.814115788739565
                Encrypted:false
                SSDEEP:
                MD5:CFF85C549D536F651D4FB8387F1976F2
                SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\installas.ini

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Generic INItialization configuration [Field 1]
                Category:dropped
                Size (bytes):1099
                Entropy (8bit):5.254374248728113
                Encrypted:false
                SSDEEP:
                MD5:2D3937C6910BA5C82ADD03D79CAD7A1A
                SHA1:C5E33868696A1D0C8A3B67A64652AA1E32830980
                SHA-256:6B9BBBD3EF8D96954E6DE9AB62C910C86FB5A03C48DA7372278150EB1794A9B4
                SHA-512:FD98971D871F1919B7F877BB9D6D0E077670EA4F36C0839E232417912D7AEAF3DD64A21877ACB97AFEE8BFED140E55EFD75BFB87C3858E2FF69160C30ED42C60
                Malicious:false
                Reputation:low
                Preview:[Settings]..NumFields=9....[Field 1]..Type=label..Text="IMPORTANT NOTICE: If you are not using the LocalSystem account to install the service then you MUST use an account that is a member of the local Administrators group."..Left=0..Right=-10..Top=0..Bottom=20....[Field 2]..Type=Groupbox..Text=Install the Service using:..Left=0..Right=-1..Top=25..Bottom=-4....[Field 3]..Type=radiobutton..Left=10..Right=-10..Top=45..Bottom=55..Text="The LocalSystem Account:"..Flags=NOTIFY..State=1....[Field 4]..Type=radiobutton..Text="An Admin Account:"..Left=10..Right=-210..Top=65..Bottom=75..Flags=NOTIFY..State=0....[Field 5]..Type=text..Left=92..Right=-90..Top=62..Bottom=75..Flags=DISABLED..State=""....[Field 6]..Type=label..Text="Password:"..Left=22..Right=-210..Top=85..Bottom=95..Flags=DISABLED....[Field 7]..Type=text..Left=92..Right=-90..Top=82..Bottom=95..Flags=DISABLED|PASSWORD..State=""....[Field 8]..Type=label..Text="Confirm password:"..Left=22..Right=-210..Top=105..Bottom=115..Flags=DISABLED.

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\ioSpecial.ini

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):1640
                Entropy (8bit):3.707669160344853
                Encrypted:false
                SSDEEP:
                MD5:96EBCFD0A5366F705653D8970E1812B0
                SHA1:564FD47BEED4889956F8ED2590153DFE1825F117
                SHA-256:A7FFAEC2D82184D254E0477E40502FB75CE74DA4B1299DB3E2A18B73BCCC21F6
                SHA-512:AF97F886C533894FFA908B901E8FB3ED6B369E3F01CEB540780888511299F0E3476368CC6EB555D716917679F481C12FA4EEF9877A0345F443F116DA2EC732B8
                Malicious:false
                Reputation:low
                Preview:..[.S.e.t.t.i.n.g.s.].....R.e.c.t.=.1.0.4.4.....N.u.m.F.i.e.l.d.s.=.5.....R.T.L.=.0.....N.e.x.t.B.u.t.t.o.n.T.e.x.t.=.&.F.i.n.i.s.h.....S.t.a.t.e.=.0.....[.F.i.e.l.d. .1.].....T.y.p.e.=.b.i.t.m.a.p.....L.e.f.t.=.0.....R.i.g.h.t.=.1.0.9.....T.o.p.=.0.....B.o.t.t.o.m.=.1.9.3.....F.l.a.g.s.=.R.E.S.I.Z.E.T.O.F.I.T.....T.e.x.t.=.C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.c.5.D.0.8...t.m.p.\.m.o.d.e.r.n.-.w.i.z.a.r.d...b.m.p.....H.W.N.D.=.1.1.1.4.9.4.2.....[.F.i.e.l.d. .2.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.1.0.....B.o.t.t.o.m.=.3.8.....T.e.x.t.=.C.o.m.p.l.e.t.i.n.g. .K.i.w.i. .S.y.s.l.o.g. .S.e.r.v.e.r. .9...8...2. . .S.e.t.u.p.....H.W.N.D.=.1.0.4.9.2.8.4.....[.F.i.e.l.d. .3.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.4.5.....B.o.t.t.o.m.=.8.5.....T.e.x.t.=.K.i.w.i. .S.y.s.l.o.g. .S.e.r.v.e.r. .9...8...2. . .h.a.s. .b.e.e.n. .i.n.s.t.a.l.l.e.d. .o.n. .y.o.u.r. .c.o.m.p.u.t.e.r...\.r.\.

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\modern-header.bmp

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24, image size 25766, resolution 2834 x 2834 px/m, cbSize 25820, bits offset 54
                Category:dropped
                Size (bytes):25820
                Entropy (8bit):4.579005264668554
                Encrypted:false
                SSDEEP:
                MD5:8C61D2DEFB4EB5D79083CF6D0E18F966
                SHA1:E0A8E7B54E6196A694EF09A7F673FCD5EAF6AB62
                SHA-256:0C116ACE9F5ACE386930F758CDA8087EB23C0109B0E14AC7588DD211CDE42A64
                SHA-512:645E1576497E5D986479986B0F516248BC1B5D079C839328950B7CC0E30309BFD58C8540AAD8F42ABC5721AA25951D219DA44614FCF1404E5E0F9BE6306D576D
                Malicious:false
                Reputation:low
                Preview:BM.d......6...(.......9............d....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\modern-wizard.bmp

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154490, resolution 2849 x 2849 px/m, cbSize 154544, bits offset 54
                Category:dropped
                Size (bytes):154544
                Entropy (8bit):5.465903097849156
                Encrypted:false
                SSDEEP:
                MD5:6E95D2F14DC59B1173FE54540481F1E5
                SHA1:988FC5C4D5F06BC724D30C984A69A9C8AD649F21
                SHA-256:6B3F0ABCB07119FD57C7DCF787801CC1C78494EF26F315BA309352C0D9AAF287
                SHA-512:F31ADC15B02D49618C04E1D0387E5B8E014E8D68CA84291F10726174127979C779F0ACD333A4742ADA64DD78E135DB90AEE90E32A6E2F96DEDFF5FE283DF5B92
                Malicious:false
                Reputation:low
                Preview:BM.[......6...(.......:...........z[..!...!.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\splash.bmp

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PC bitmap, Windows 3.x format, 480 x 130 x 24, image size 187202, resolution 2834 x 2834 px/m, cbSize 187256, bits offset 54
                Category:dropped
                Size (bytes):187256
                Entropy (8bit):5.058512619473682
                Encrypted:false
                SSDEEP:
                MD5:605201237A33FF78DD0D8588D7A649A2
                SHA1:6FC858BC45C9736635794E2328803C2F480C67CC
                SHA-256:6BE04ECC43D67A83F64B99D4C2532C9C459EDACC731E23B8846A7121C9B3B911
                SHA-512:E0E218157A9DB0C7A150C9091B95967A31E2369A740B4AC1AF18B05D2CF3D9F56FC5260CB5DACB68B54BD8F305F440FAF6027EC34B73DC1F98F63CA7F2762027
                Malicious:false
                Reputation:low
                Preview:BMx.......6...(...................B.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\nsc5D08.tmp\splash.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):4096
                Entropy (8bit):3.9943040248722714
                Encrypted:false
                SSDEEP:
                MD5:77D1C203CA66006B6318C7735540E764
                SHA1:8C78FD06AA1F1BC786D3B62E264DC78CE18E3D67
                SHA-256:2B7E148056553043AEF82AD2A787F981CAF7C1C7B8DB7149F568CEA7169DEDB8
                SHA-512:5F405343162F3D1CC79C46962A68715AB50D02C0CAAE9058C51CEE6DB14100FB6C1EA344FF75FC68C5D2EB416D6D9FE07105CF4E6C08933BF9C2D041AF04E681
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+hV.o.8Co.8Co.8Co.9Cp.8C..eCf.8C;*.Cm.8C.)<Cn.8CRicho.8C........PE..L......K...........!......................... ...............................P.......................................#..B.... ..d............................@....................................................... ...............................text............................... ..`.rdata....... ......................@..@.data...\....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\nsn5CF8.tmp

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:data
                Category:modified
                Size (bytes):94318662
                Entropy (8bit):7.170695327477185
                Encrypted:false
                SSDEEP:
                MD5:03D93D55675D74F0B0CF70EC95BDC346
                SHA1:9027FE6A524E3A7190C679971D0E39F48E046DF1
                SHA-256:2CB27AD4D71775E614EC65E3042EAC0422957CDF2DF267F917F85B912AF21FFE
                SHA-512:B233B44148CDFB7D681895EED557BFC94BDC66050D73CAD1D29DB0E72934D37259CD7754CF7D39132752CEF379A2580878CE7EC41E0CE67788539E8F8A89D4E7
                Malicious:false
                Reputation:low
                Preview:........,.......,.......Ld..............,...............................................................n.......................................................................................................................................................................................1...........7...f.......................u.......................w.......................................................................................B.......[...............................................h.......................u.......................................g.......................u.......................................j.......&...+...,.......u...............................................................................................................8...............u...............................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\BootstrapperApplicationData.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (560), with CRLF line terminators
                Category:dropped
                Size (bytes):5968
                Entropy (8bit):3.74889207964087
                Encrypted:false
                SSDEEP:
                MD5:4E9AD8FEE683402B9FB3381549B7F98B
                SHA1:343E5E117C821AEF323B7EAF8138B91DF6EA424E
                SHA-256:148F262B214F5E472BA32DB9824342BBDA91D6F4C751A2DA0BBC2B70E2794BD2
                SHA-512:A28DF0A08B2F2C377B465E840D7C249FE766B8EE744F70F09D65905D85995251F811CEB4DED42D447CD28DD021C0662F9E5F1AC03C57F7F1767E485648DB3C2B
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.U.x.B.l.o.c.k.e.r. .S.h.o.r.t.N.a.m.e.=.".M.i.n.i.m.u.m.O.S.L.e.v.e.l.". .T.y.p.e.=.".S.t.o.p.". .C.o.n.d.i.t.i.o.n.=.".N.O.T.(.(.V.e.r.s.i.o.n.N.T. .&.g.t.;. .v.6...1.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.6...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).).". .D.i.s.p.l.a.y.T.e.x.t.=.".#.l.o.c...M.i.n.i.m.u.m.O.S.L.e.v.e.l.". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.5...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .2.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.

                C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                Category:dropped
                Size (bytes):6841
                Entropy (8bit):5.231818976502303
                Encrypted:false
                SSDEEP:
                MD5:1E47EE7B71B22488068343DF4CE30534
                SHA1:DEAEE13F21AB70B57F44F0AA3128EC7AD9E3816A
                SHA-256:8518F0420972C1DBE8A323FFC6F57863AF0B80C6A3B27FD0C6FC9BDABB7E2D13
                SHA-512:C4C653BFD1FC493B0EFD8F9C75495287818179DC35969D1FB1927FAAC3FF9189FDE1131C5ABBCC3963F707412A7F8AD05A9E6855B7D47D6DF1F80D25D67BE9ED
                Malicious:false
                Reputation:low
                Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 6.2.9200}{\*\mmathPr\mnaryLim0\mdispDef1\mwrapIndent1440 }\viewkind4\uc1 ..\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT SOFTWARE LICENSE TERMS\par....\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL C++ REDISTRIBUTABLE FOR VISUAL STUDIO 2013 \par....\pard\nowidctlpar\sb120\sa120\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft\par....\pard\nowidctlpar\fi-360\li360\sb120\sa120\f1\'b7\tab\f0 updates,\par..\f1\'b7\tab\f0 supplements,\par..\f1\'b7\tab\f0 Internet-based services, and\par..\f1\'b7\tab\f0 support services\pa

                C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\logo.png

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                Category:dropped
                Size (bytes):1861
                Entropy (8bit):6.868587546770907
                Encrypted:false
                SSDEEP:
                MD5:D6BD210F227442B3362493D046CEA233
                SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                Malicious:false
                Reputation:low
                Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\thm.wxl

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):2952
                Entropy (8bit):5.052095286906672
                Encrypted:false
                SSDEEP:
                MD5:FBFCBC4DACC566A3C426F43CE10907B6
                SHA1:63C45F9A771161740E100FAF710F30EED017D723
                SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                Malicious:false
                Reputation:low
                Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\thm.xml

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):5881
                Entropy (8bit):5.175177119212422
                Encrypted:false
                SSDEEP:
                MD5:0056F10A42638EA8B4BEFC614741DDD6
                SHA1:61D488CFBEA063E028A947CB1610EE372D873C9F
                SHA-256:6B1BA0DEA830E556A58C883290FAA5D49C064E546CBFCD0451596A10CC693F87
                SHA-512:5764EC92F65ACC4EBE4DE1E2B58B8817E81E0A6BC2F6E451317347E28D66E1E6A3773D7F18BE067BBB2CB52EF1FA267754AD2BF2529286CF53730A03409D398E
                Malicious:false
                Reputation:low
                Preview:<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="64" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader)</T

                C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\wixstdba.dll

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):120320
                Entropy (8bit):6.262646414883502
                Encrypted:false
                SSDEEP:
                MD5:A52E5220EFB60813B31A82D101A97DCB
                SHA1:56E16E4DF0944CB07E73A01301886644F062D79B
                SHA-256:E7C8E7EDD9112137895820E789BAAAECA41626B01FB99FEDE82968DDB66D02CF
                SHA-512:D6565BA18B5B9795D6BDE3EF94D8F7CD77BF8BB69BA3FE7ADEFB80FC7C5D888CDFDC79238D86A0839846AEA4A1E51FC0CAED3D62F7054885E8B15FAD9F6C654E
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................x=....x...... .....0.....n..x.....x8....x9....x>...Rich..........................PE..L......R...........!.....2..........1........P...............................0.......1....@.............................................l...........................0S..............................`...@............P...............................text...M0.......2.................. ..`.rdata..yd...P...f...6..............@..@.data..../..........................@....rsrc...l...........................@..@.reloc..B ......."..................@..B................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.be\vcredist_x86.exe

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):461368
                Entropy (8bit):6.931191292112627
                Encrypted:false
                SSDEEP:
                MD5:2335AB0C0E19C0EF416D07DF66FEE649
                SHA1:1E8794AFF453F7647A6C149F3D38F7A3FF4CCD1B
                SHA-256:F0E46C0F9B2991FA6D187C6B2BED28139C67804CC58CC45C77F06A6F217CB21A
                SHA-512:518580D7A0D8F9610C8EC0204AE879A91A24325FB5E45348E6F0769AA25A69525992BC0F722DF113993AA29A1A917DE8FBECFB39D547D6F25354C3488BF06A62
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.V...8...8...8.......8.....n.8......8......8...9.I.8.....l.8.......8.......8.......8.Rich..8.................PE..L....._S.....................,.......~............@..........................0............@.................................t!..,........7...............>......$2......................... ...........@............................................text...t........................... ..`.rdata..............................@..@.data... 0...@.......,..............@....wixburn8............<..............@..@.tls.................>..............@....rsrc....7.......8...@..............@..@.reloc...B.......D...x..............@..B........................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\cab54A5CABBE7274D8A22EB58060AAB7623

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:Microsoft Cabinet archive data, many, 980926 bytes, 5 files, at 0x44 +A "F_CENTRAL_msvcp120_x86" +A "F_CENTRAL_msvcr120_x86", flags 0x4, number 1, extra bytes 20 in head, 66 datablocks, 0x1 compression
                Category:dropped
                Size (bytes):997054
                Entropy (8bit):7.998241664100315
                Encrypted:true
                SSDEEP:
                MD5:12AD6C51AA6F9DA5CCB2E2B55ABF1910
                SHA1:F35A335989ABFAAA10B265A2BAE8809D7CA835AA
                SHA-256:32B7F3223DAB68F489286F2D4253B634EED0E67754176370291F7E13AE6008A2
                SHA-512:8EB51AB4A76C09FB70408BF36132C33DD247CDDD178D6B2CA15FC13E583C54C73B4DBF09BCED81B893EFFE757A05F9C0EDBF7A15F6351136D66583ABB78DD426
                Malicious:false
                Reputation:low
                Preview:MSCF............D................................?..............B.............EC.. .F_CENTRAL_msvcp120_x86...........EC.. .F_CENTRAL_msvcr120_x86.....@.....EC.. .F_CENTRAL_vcamp120_x86...........EC.. .F_CENTRAL_vccorlib120_x86...........EC.. .F_CENTRAL_vcomp120_x86.X..OD0..CK.Z{x.U.... ......Rh.@...`.@:.]..#.TwW....:.....a...?p.....q...VQpE............>pD.Yv..U.]..&......w..{.....0.c....9..2...<.........^...f..._P..r....%"..hT..*..E..U...R......|o.......j..)./T..F.T*G..V^#pE.`.5.......WU..X.`@.<-XO|.7...g\.XW5/Qv.]=.OF.c9...b....+q$.3).EZb.r.....=.1.h.j_.....6.prq.V.^...5.M..].....L.:...^....u.0.;.v..-..9...Km.........Ho#3.. .X.....{!Ud......nxb.-.]I..A;_.a.A..Xw92o....P..6`........7.....o.`........a.^P.....@.A.........A.!............}...g.......FP......4.0........A......Aq........!....j.-.......4..r.....;.+.....3...u{=....rf.hmb-.,...qZ.,.rfv..3.....x...}.lo.}...{dr...;}7....K.Wp...l~....L...<....^u..............D....|.<...kc..t...S}e.W.

                C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\cabB3E1576D1FEFBB979E13B1A5379E0B16

                Download File
                Process:C:\Program Files (x86)\Syslogd\vcredist_x86_2013.exe
                File Type:Microsoft Cabinet archive data, 4916768 bytes, 14 files, at 0x44 +A "F_CENTRAL_mfc120_x86" +A "F_CENTRAL_mfc120chs_x86", flags 0x4, number 1, extra bytes 20 in head, 296 datablocks, 0x1 compression
                Category:dropped
                Size (bytes):4932896
                Entropy (8bit):7.998852405602732
                Encrypted:true
                SSDEEP:
                MD5:CFCBFA2494A3E3AB9215AA6E5872ED14
                SHA1:0A4D5018ACE1D4336C0DF051CFCCB2F6268CB8A8
                SHA-256:215A9436ED61CAFAC64849DBF5C66FF3D3AA0EE5FF977684523DCE8E59E9CB59
                SHA-512:CE0A9EAF2B46D9339E6AD892EACE32F426900D2448D9373904DFA042E20B1B891F8C93E5B6B6CBBD00471E4A74619C54E541BE862F7CC8F82230437C31292E51
                Malicious:false
                Reputation:low
                Preview:MSCF.... .K.....D........................... .K..?..........l...(.....C.......EC.. .F_CENTRAL_mfc120_x86.......C...EC.. .F_CENTRAL_mfc120chs_x86.....@7D...EC.. .F_CENTRAL_mfc120cht_x86..$....D...EC.. .F_CENTRAL_mfc120deu_x86.......F...EC.. .F_CENTRAL_mfc120enu_x86.. ..8.G...EC.. .F_CENTRAL_mfc120esn_x86..$.../H...EC.. .F_CENTRAL_mfc120fra_x86......TI...EC.. .F_CENTRAL_mfc120ita_x86.....0qJ...EC.. .F_CENTRAL_mfc120jpn_x86......CK...EC.. .F_CENTRAL_mfc120kor_x86.......L...EC.. .F_CENTRAL_mfc120rus_x86...C.()M...EC.. .F_CENTRAL_mfc120u_x86..D........EC.. .F_CENTRAL_mfcm120_x86..D..hT....EC.. .F_CENTRAL_mfcm120u_x86.........CK.|.xTE.v.....H@v.!../.......U.:I.4.t.....EYd...d......DVE..EA.....\...T..=U..7M..3...M...[..rk;..V.$u.|V.1.....v&...o...`....5........l.]`q..;.#....\..fw....%.0.-,>=+..g..^.jSU..g.x...n.11....a......]..x..,!/<...`[.'.....t..{EY...F....3Ey...W.!8.[@..m[F.c)...scz.[w.5i\-......].+t!wF0....D....@U.d.s$Nt..J........,.%..l..g.[..%;-..X..Z...%..y.......5

                C:\Users\user\AppData\Local\Temp\~DF5958962B1992F897.TMP

                Download File
                Process:C:\Program Files (x86)\Syslogd\Syslogd.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):2.9588774270919576
                Encrypted:false
                SSDEEP:
                MD5:7EA9C1357FC79455FCCCBA7A28016493
                SHA1:29AF1904B154D0669D449603E9519BC8E79B36C6
                SHA-256:F343272F9E4B844F6298DFE6BB22E3CADF3D48CCF389D25757DDAB7D6A7C1247
                SHA-512:7876A0624AAA57538241BA3E75B6DC0FF0C5C9ADC00A3973E2C292C272BEE9897EED28F08A0169282F0BBE03AB60EC9CFFEDF919A7858BF25EE9410B577CE1EB
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Kiwi Syslog Server Console.lnk

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jul 10 16:29:42 2023, mtime=Wed Dec 20 22:14:23 2023, atime=Mon Jul 10 16:29:42 2023, length=11570968, window=hide
                Category:dropped
                Size (bytes):1154
                Entropy (8bit):4.624197682791867
                Encrypted:false
                SSDEEP:
                MD5:15E33E96AB4C5047A471D48F5E71735C
                SHA1:F32F93DB0EF7A2B98105ADDF6FAD440FDDFA47DF
                SHA-256:244070E269B62C62161ED9A178C9C3E1558C5D5BD3E18F570DF031BD90BECAC6
                SHA-512:36B6988F47B2F704E7DA52B941C6383B66F979CB63BEABBD01B5DF2329261A22D6689588328BB8AF81CC625A4D2A04BE38C81EDB784C4334FA7775632933D8DB
                Malicious:false
                Reputation:low
                Preview:L..................F.... .....r.T......D.3....r.T................................P.O. .:i.....+00.../C:\.....................1......W....PROGRA~2.........O.I.W......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......W...Syslogd.@......W...W...........................u..S.y.s.l.o.g.d.....b.2......V.. .Syslogd.exe.H.......V...W..............................S.y.s.l.o.g.d...e.x.e.......Y...............-.......X..............<.....C:\Program Files (x86)\Syslogd\Syslogd.exe..<.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.y.s.l.o.g.d.\.S.y.s.l.o.g.d...e.x.e.?.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.t.a.r.t. .M.e.n.u.\.P.r.o.g.r.a.m.s.\.S.o.l.a.r.W.i.n.d.s.........*................@Z|...K.J.........`.......X.......216041...........hT..CrF.f4... ...0.+d...,....%..hT..CrF.f4... ...0.+d...,....%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-

                C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcp100_x86

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):421200
                Entropy (8bit):6.59808962341698
                Encrypted:false
                SSDEEP:
                MD5:03E9314004F504A14A61C3D364B62F66
                SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319\F_CENTRAL_msvcr100_x86

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):770384
                Entropy (8bit):6.908020029901359
                Encrypted:false
                SSDEEP:
                MD5:67EC459E42D3081DD8FD34356F7CAFC1
                SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Installer\3f51e9.msi

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2013 x86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005., Template: Intel;1033, Revision Number: {E9934153-EAB1-4DA6-AA72-86C8BB1EDF2C}, Create Time/Date: Sat Oct 5 11:36:36 2013, Last Saved Time/Date: Sat Oct 5 11:36:36 2013, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.7.1623.0), Security: 2
                Category:dropped
                Size (bytes):143360
                Entropy (8bit):5.730016728994943
                Encrypted:false
                SSDEEP:
                MD5:E3E632C282F2B368BCA82AACB80ACEAF
                SHA1:04A046E2EBB681B53F46DB1EC1434FAEF8B17618
                SHA-256:1937F3FEA43918D3FB8B8BB74FD1210467F9186AD06729DE82F8F0448AE65509
                SHA-512:B9FC13D5BFAF1EA72BFF323302AA6C89AFE52C6AAD469B01D78B28422DC66CD6B7423D42200795905DE0B673466CF65800FBBBF0496D6CF2C4FC8E48E0412BF5
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Installer\3f51ea.msi

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2013 x86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005., Template: Intel;1033, Revision Number: {5703FD24-BF2D-4D14-AB2F-E415A0361E63}, Create Time/Date: Sat Oct 5 11:36:30 2013, Last Saved Time/Date: Sat Oct 5 11:36:30 2013, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.7.1623.0), Security: 2
                Category:dropped
                Size (bytes):143360
                Entropy (8bit):5.789241614671289
                Encrypted:false
                SSDEEP:
                MD5:D0A78FCAC0B92A149FE51C76371C989A
                SHA1:EDC4CB1484DDC7A5633EFAD60EA0899445AC1CA0
                SHA-256:FF206329EF1E41C038A12CA1E10634C647A8F1022E2130B7C49D91DBD48FB79A
                SHA-512:AFC617447B63E515BF17870704DFED6586E0070BCAED8787CFC4F2D7F19290DC1DF12A2FF3F76E15B8A6188698A8B5DD7742B2226C2371F627C16BB766D8DD58
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Installer\MSI533E.tmp

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):6063
                Entropy (8bit):5.745450005041426
                Encrypted:false
                SSDEEP:
                MD5:725F65FDF52C4187C79A787D80486866
                SHA1:D36A7CBF294B8CF8AA1812B877D7E53E964708DE
                SHA-256:6892656483C0349F6B96A1AF2B1AED2E6BD1D1AD8B78A4A079AF3FBE69CE1113
                SHA-512:5A1ECB9F18820BEC064445D8EE32C5E3D3FEA63E0FC55840A32983B96A7CDC011693E7150D1EB69F7DC9D75B8C76D973FA867217FEEF4B78BC3E97155ACB8672
                Malicious:false
                Reputation:low
                Preview:...@IXOS.@.....@...W.@.....@.....@.....@.....@.....@......&.{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}:.Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005..vc_runtimeMinimum_x86.msi.@.....@.R...@.....@........&.{E9934153-EAB1-4DA6-AA72-86C8BB1EDF2C}.....@.....@.....@.....@.......@.....@.....@.......@....:.Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{FE80AAC7-9373-345B-8C89-01D4359338F8}@.02:\SOFTWARE\Microsoft\VisualStudio\12.0\VC\Runtimes\x86\Version.@.......@.....@.....@......&.{0835C947-D6D2-4E52-AF14-0231D04E88EA} .C:\Windows\SysWOW64\msvcr120.dll.@.......@.....@.....@......&.{74260D9F-D644-423B-B2D4-0291EA4BA8BE} .C:\Windows\SysWOW64\msvcp120.dll.@.......@.....@.....@......&.{63B83B20-1AB9-4F49-B0B2-4489724CA96C}#.C:\Windows\SysWOW64\vccorlib120.dll.@.......@.....@.....@......&.

                C:\Windows\Installer\MSI566B.tmp

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):10008
                Entropy (8bit):5.6910179437250825
                Encrypted:false
                SSDEEP:
                MD5:0AA431CF5C43EECBE4490DB69B6E8884
                SHA1:39BEB8FC6FB113B51CDECD62A4D6FB154B79DB58
                SHA-256:6ED5F857A4A833A05251FDA277FEBD7DF4C903D3B0836ED388C3B0777AE38C60
                SHA-512:D344E62AB56A90387F0BD7706628263607967196E79CABA016E41DFBF2BE79559866ABE28FBA45DA2BA9C093CCED358F975484EEFE9BA128D86171345E3721B3
                Malicious:false
                Reputation:low
                Preview:...@IXOS.@.....@...W.@.....@.....@.....@.....@.....@......&.{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}=.Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005..vc_runtimeAdditional_x86.msi.@.....@.R...@.....@........&.{5703FD24-BF2D-4D14-AB2F-E415A0361E63}.....@.....@.....@.....@.......@.....@.....@.......@....=.Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{1D481A21-C43F-38B9-B0D1-E090FD2D2643}@.02:\SOFTWARE\Microsoft\VisualStudio\12.0\VC\Runtimes\x86\Version.@.......@.....@.....@......&.{7EA36934-F736-408F-BD04-A2A710E04773}..C:\Windows\SysWOW64\mfc120.dll.@.......@.....@.....@......&.{B5B46CD9-9426-401F-9C3B-646807EFE00B}..C:\Windows\SysWOW64\mfc120u.dll.@.......@.....@.....@......&.{D4263C2B-DA4A-4000-A8E0-4BE8E46A9A3C}..C:\Windows\SysWOW64\mfcm120.dll.@.......@.....@.....@......

                C:\Windows\Installer\MSIDA35.tmp

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):16282
                Entropy (8bit):6.139745950229659
                Encrypted:false
                SSDEEP:
                MD5:A9F7F411FC4A256E2E2026450D21AFF4
                SHA1:52D66296F16DEEFFFF254B76FBE90F5A6282B198
                SHA-256:A919982A6F94C95EF62865E105266068424E044D1FFCA845FB8716A33FB27A68
                SHA-512:B97091F855FA0383BE98C9506C05B96C89930B24555061B65FF3707C7D09BAD089AF9B3AEC665CFF71CCCC8B2CDE08A96CB0FD721F7F05C652E2AF57F933B41D
                Malicious:false
                Reputation:low
                Preview:...@IXOS.@.....@...W.@.....@.....@.....@.....@.....@......&.{196BB40D-1578-3D01-B289-BEFC77A11A1E};.Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319..vc_red.msi.@.....@ov...@.....@........&.{F035AD1C-45C3-4166-865F-C2F7CD4958B1}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@2....@.....@.]....&.{8453C4E7-26E8-3408-B3A4-5940CA95BC60}@.02:\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist\x86\Version.@.......@.....@.....@......&.{1414BD84-D9A5-3EE5-AA73-118D7C072370}D.02:\SOFTWARE\Microsoft\DevDiv\vc\Servicing\10.0\red\x86\1033\Install.@.......@.....@.....@......&.{E2F46933-FF4F-46E0-B997-F64D2C6D4FA1}D.c:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll.@.......@.....@.....@......&.{529D0A60-398C-38A2-97EF-82FAFA798A06}..c:\Win

                C:\Windows\Installer\SourceHash{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):20480
                Entropy (8bit):1.2075006735880294
                Encrypted:false
                SSDEEP:
                MD5:3867B67FCDF61599B0FB72CCEAFDBF24
                SHA1:FE20F994C13AD8DAAB5804335F2D518B997404C3
                SHA-256:4B10D6E4678C9549A4499F2B663D6DE4F9038070342BA25D7F1A4A244BEB6321
                SHA-512:C1882D040AAED9DBE8601BDAA7E9DCCFAF0DB4FC50E56DD025896DF84FCA81F3A3A949490A62521E02C8F2CDE8C6C3932CBA925C233A99C6689CB8DF69334249
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Installer\SourceHash{196BB40D-1578-3D01-B289-BEFC77A11A1E}

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):20480
                Entropy (8bit):1.5339874211526237
                Encrypted:false
                SSDEEP:
                MD5:D7D3622F0453492E191951F84F109C0B
                SHA1:B00C7CBE713CE7CB84C60C3DB9BD3BA06A17E249
                SHA-256:37EC896EE6C5C60E8B035AFF93A4A633F9F9B6D51722A22FEAD2E2A28D8EBA91
                SHA-512:1417A0676AA1B4ADA811129D9F737FEB5E80E96D5F33668CAA4AB4EFDC9BC45F49CF6EBCE85F43C3DAF3F167F791A201E42428B5846ACEEC53A2E8445E513A40
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Installer\SourceHash{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):20480
                Entropy (8bit):1.2081393011088664
                Encrypted:false
                SSDEEP:
                MD5:ED938159AF418A82E6A05AEE0939BE16
                SHA1:35F18EC7A878264A44B881FB941CAE0E9C8C1E52
                SHA-256:ECA1DF787C21E34366B2A58AB7A9C6121C148BD6865CF22ADD2BDB6EE40ECB8C
                SHA-512:5D1B5A75DF48DC995015E2301DEAE836D8470C076EBF14BA2C4ECC2C39E3EAAB373FE7668504D2CD13E2F2107E75422754883EE16F4BE9E0B43A89A3D1EB7AF1
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                Category:dropped
                Size (bytes):454234
                Entropy (8bit):5.356160259388717
                Encrypted:false
                SSDEEP:
                MD5:D2E56AD1CDBCDE1AAC1AAA090D1539D7
                SHA1:BC3C6FC89B54D94C1F348A70B2032C1DA376BA3C
                SHA-256:153B7EAB1EA4AEB39D5DB9A165A0E017476AC646B842F99E922D2F005C0D2F61
                SHA-512:684D07A0CF9C0BC828AB88F045F7DF322501672E536990B0B5F80C1B987A730CE3AF0829FC5F81B17B619D3768EA8A2438B745B44943D9D4EAE93D79967BD111
                Malicious:false
                Reputation:low
                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                C:\Windows\SysWOW64\COMCTL32.OCX

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                Category:dropped
                Size (bytes):617816
                Entropy (8bit):6.067416924742909
                Encrypted:false
                SSDEEP:
                MD5:0BD77CC2572D3DF8F5D052651115AFC0
                SHA1:8F9D7C67A739D847AE8B8D9C1E206FF4DE64874E
                SHA-256:31A855F3B58B2D852AD3651A7A219B9EA925023C7284EB9799756BBCE8483A01
                SHA-512:29653836E3933468C2B39C39BDA7021F537664098189E9BCAEA2BDCCE807AF40F2AE975F8B6E6E7A0867237106F9121E7C57853E2EB38C32EF9E386142C6BC10
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...wt.O...........#.....8...................P....+ ................................Sp....@.........................pE......00..........X............S..H.... ..Tb..p...................................................h............................text...36.......8.......... R....xZ ..`.data...X"...P..."...<..............@....CRT.................^..............@....rsrc...X............`..............@....reloc...d... ...f..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\IGThreed40.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):349968
                Entropy (8bit):6.200043162116919
                Encrypted:false
                SSDEEP:
                MD5:3E85EDC8D34459303FEE0B98A5E3084F
                SHA1:726FEBA9B879A0A06BFA69EEE1665842098C070C
                SHA-256:514997308F6B72B7AF7FFE6F359726B647D1DCE5E4A1FBE0EF2443F49211B696
                SHA-512:A3111346ADF9C2CCCD2B6ED1D01482A6B76B31E2EAABCDD962771BFAE121042AD9112FF2FCD187F25661F26BBD122B70CB6611C7AAA070A16FA4AF803C9C5816
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.l.)f.R)f.R)f.RwD.R+f.RFy.R-f.RFy.R+f.R.z.R+f.RFy.R(f.R.y.R.f.RKy.R'f.R)f.R.g.R)f.Rjf.R.F.R*f.R/E.Rkf.R.`.R(f.R.F.R(f.RRich)f.R................PE..L...p..<...........!.........@......{..............$.........................@............@.........................pe.......L..........@B...........@...........@......................................................$............................text...h........................... ..`.rdata..2f.......p..................@..@.data....&...p...0...p..............@....rsrc...@B.......P..................@..@.reloc..hH.......P..................@..B........................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\KRDPLogger.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):118784
                Entropy (8bit):5.516647483198095
                Encrypted:false
                SSDEEP:
                MD5:C54967859BB2EB121960C9F2E2FB2CF7
                SHA1:9318DA2589D7ED2BEC0E1B660E70D7F9936F22EE
                SHA-256:F9D69A56B0A22C38CEB4884017F5A35A67F16EBA6072F6A1F30FF8EF030C62DF
                SHA-512:0B71ECD8FFEC7B989EB102F5B23881F158EAC8A13BCE0FBF4F06D158FC656F1FE2021BF14DAC28919A5351E689615B9A7C2F22067B729E0B7466BD9BAE2EF9D3
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................J.......... .....!....Rich..................PE..L.....JE...........!.....P..........|".......`............................................@..........................X......tP..(........%......................| ..........................................`... ....................................text...7I.......P.................. ..`.data...l....`.......`..............@....rsrc....%.......0...p..............@..@.reloc..<$.......0..................@..B..:@............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\KRDPLoggerforIPv6.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):118784
                Entropy (8bit):5.505578315972836
                Encrypted:false
                SSDEEP:
                MD5:DBC7DDB27E32B8EFCABECD71068AF0B2
                SHA1:FC79B81F0B7CAA18EC4659CF7C544C01469F06F4
                SHA-256:C61BDA98EC05754332D87EA39F7E235C07164313F85C1999DE58DFED7173C93A
                SHA-512:96489BDC2A2DC86DB38544A40297DBB9B424B26504A3CDE1412D8E5B1367172298C496F5AEBF6CF2E69B243568E59B46CE424B3CE9A700D782773AA8A70CC1BD
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................n.....Rich...........PE..L...j.YU...........!.....P...........".......`............................................@..........................X.......P..(........%......................$ ..........................................X... ....................................text....I.......P.................. ..`.data........`.......`..............@....rsrc....%.......0...p..............@..@.reloc..<$.......0..................@..B...H............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\KiwiControls.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):106496
                Entropy (8bit):5.403206545605957
                Encrypted:false
                SSDEEP:
                MD5:718AEFB820793676B7ABF7105F62E249
                SHA1:822486087BE90BCB1DB908C42F0B09218614E143
                SHA-256:496ED67E06CBC804F5640731CA16D5300517BEC5272A0CFA0AFA90964EF76051
                SHA-512:B36A8991F49D9A9C171585C02C5CDA188B7103286D484E368519081F454175BC4424D0EF08979F648999CD7FEF6D7F1E4CA0641167072A16E0687DC34D3FC892
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q....P.....W..g..P.....P..RichQ..........................PE..L...N.._...........!..... ...................0............................................@.......................... ..........(....p...>......................P...........................................h... .......L............................text...I........ .................. ..`.data....4...0.......0..............@....rsrc....>...p...@...@..............@..@.reloc........... ..................@..B..^............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\KiwiEventlog.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):36864
                Entropy (8bit):4.98019700451523
                Encrypted:false
                SSDEEP:
                MD5:4A6F68B49E6E8A706757FC5AA7FB3161
                SHA1:B9F81D55197ACD6823F26C718A316FD5E23EDEFD
                SHA-256:643C3D4642254CA769E3A7C1A46A0B798A984F9251317126EF277775946AD5D5
                SHA-512:84E39ADF3DDA7137751DC348AD481A4845D2ACD3D4A19B691D9253CBAB9C36564714AC1382FF28BD9EF19F986F07E4DA18043EDCC3E6E629A7B193185ECAA6BE
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a..............(.......C.......#.............(.......x.......(.......Rich............PE..L...q..9...........!.....@...@...............P............................................@.........................pZ..o....U..<....p...............................................................................P...............................text....?.......@.................. ..`.rdata.......P.......P..............@..@.data........`.......`..............@....rsrc........p.......p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\KiwiGrid3.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):487424
                Entropy (8bit):6.343828318667376
                Encrypted:false
                SSDEEP:
                MD5:544A6CADBB6EB6C12FA3793A119E6D24
                SHA1:ABD16B2B40D8160ECFFA9BB06290A030328A6837
                SHA-256:4EB3BA7F1A32B73EE45AB40226604EF1ABA36498D3D60F6C5D124C616BCF0E92
                SHA-512:21D21E3711E7FCAD93CF9DA4F058221274231E938D8F0B9B69DFD5E71CB831E72A9D966E385CA155AE6D72C5BD991C5838C767D464A65334EC22D1232C9593A4
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........s..s..s...o..s...Q..s..U..s..nS..s..Rich.s..........PE..L...Y3&C...........!.........p......PG.............(......................................@.....................................(....0..8........................o..........................................X... ....................................text...6........................... ..`.data...H...........................@....rsrc...8....0....... ..............@..@.reloc...{..........................@..B..:@............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\KiwiSocket.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):86016
                Entropy (8bit):4.996864728338478
                Encrypted:false
                SSDEEP:
                MD5:75981C6A8578133C55B2EC9CDF446A66
                SHA1:20F62F262C422C678F9B4115268B69D2E1282211
                SHA-256:87E92D66CC9BD0674412C99B3E01D1F5A4AB47D081D83EECA41B4A6358D774AD
                SHA-512:26ADB96EA1D3B7B9ACF5E581F1B59FB21C357D723E4FC192373AA36EEB2A5E3506157C92C99600CC1455CC6DD494D17A47259FB5C8E2498C6BDE2B5C4960E859
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L...I#.U...........!.........`...............................................p.......^....@.....................................(....0.......................`..<...........................................P... ....................................text...7........................... ..`.data...T...........................@....rsrc........0...0..................@..@.reloc.......`.......@..............@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\KiwiSubtmr.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):40960
                Entropy (8bit):4.332987791130646
                Encrypted:false
                SSDEEP:
                MD5:71DC62331302EB4E4F70472F1AD7AF24
                SHA1:7843CFC09B55F726F31A2562603608DA8CDEEE7E
                SHA-256:B8EBD973C20D59C4D904B4B426D30789156DE4FD993D805FEC807417F55AC1BE
                SHA-512:4A0DC1084F52109F1B19680565BF1982B73F9A2D63936C13C6DB0B759C7B9D24170B099B574D3C4A069D48FB040FE31A198D9D1BE5370FE56E790C641821AF2C
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5$..qE..qE..qE...Y..pE..>g..tE..Gc..pE...e..pE..RichqE..........PE..L...q2&C...........!.....P...@...............`.......................................e....@.........................`W.......R..(....p......................................................................X... ....................................text....H.......P.................. ..`.data........`.......`..............@....rsrc........p... ...p..............@..@.reloc..z...........................@..B..:@............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\MSCOMCTL.OCX

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                Category:dropped
                Size (bytes):1070152
                Entropy (8bit):6.291617677640353
                Encrypted:false
                SSDEEP:
                MD5:4AEA604D0C382C65C0EB0A7146180054
                SHA1:A91C21F1C921A39C174669957B3E51251C703439
                SHA-256:0AD3166D6FC34847E352528358F1BCA646B2D67E1C80C7D38D96909C3A2EA522
                SHA-512:2A22775FA549858590BC4C2BA0E8C847091657643D6472ACFADB76613807406B02AA6F55CA4A4CF34A4FAF1D392A20C97A20D57B584A6814966C28A7D8571369
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'u.O...........#..............................X'.........................@............@.................................rv....... ..df...........:..H............................................................................................text...S................... ....... ..`.data...,~.......p..................@....rsrc...df... ...p..................@....reloc.............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\NeoCalendarII.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):204800
                Entropy (8bit):5.868149308389532
                Encrypted:false
                SSDEEP:
                MD5:8F78FB9C3C01BEE7C9DDE4FC22D23151
                SHA1:5E1B8F594299ED7E29459B720B30BE2D0BD2769D
                SHA-256:2CFFF439647EEF457B65E53A627DBE2B17550FF2E6F42756DFFE132C84317A8F
                SHA-512:521835ACA6BC6C257FCB36CDF71904F66811623C182BD6D41857E17A396FA1988246F84259F2146C6A4AAC4046FE7FC3A099950B5C2A6019278706173AF7A6E1
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......iPy.-1..-1..-1...-..,1..b...'1..)...,1......,1..Rich-1..........................PE..L......>...........!.....P...........".......`...............................0......z.....@..........................^......4S..(.......\c......................\4..........................................h... ....................................text....O.......P.................. ..`.data...l....`.......`..............@....rsrc...\c.......p...p..............@..@.reloc...9.......@..................@..B.|.9............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\PacketX.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):393216
                Entropy (8bit):6.2981484132074685
                Encrypted:false
                SSDEEP:
                MD5:EC074BF5770B681FB86B2BDE607BC1E4
                SHA1:05DE7031D28316838992447BA13D44969D3AD7D1
                SHA-256:ED28FEB4949FDC032C4477317CA1372748BC0FE04BF8E082CAD54F5096BCD8F3
                SHA-512:700AAA928229C1F443EA67FF1BB91AD4387411C708E016F2B1932E9E58FCFED1D04749287290768E9D1DDD1CD8EFEDE191F00567E55C9F3D8340DE5D012AD046
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._s.o1 .o1 .o1 .L .o1 P.O .o1 /p; .o1 .J .o1 .o0 .n1 ._ .o1 .\ Jo1 .K .o1 .M .o1 .I .o1 Rich.o1 ........PE..L...a<&J...........!.........p...............................................0......@.....@.................................l....... ..........................`Q..................................................................................text....z.......................... ..`.rdata..............................@..@.data... ........`..................@....rsrc........ ......................@..@.reloc..ph.......p..................@..B........................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\TimerLite.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):28672
                Entropy (8bit):3.6393112477234277
                Encrypted:false
                SSDEEP:
                MD5:E23C4FAE98DB6F876CC2AA0C886DF994
                SHA1:0C557B5D0F251F0123B4E06AE3AC327E48B59AB1
                SHA-256:419ACFA3AB9640B8E6A3B575A23F9053119993864AEF57F6456DF50232E9C025
                SHA-512:452405C31801344EDC46612447D9D328D6B75B23233F30E96E70E62D8A5451DB011B9DD808DA16438C24D2E85BBD83E7D2DDC9764DB2E0611BB7323D434799AA
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........}...}...}..8a...}..._...}..._...}..D]...}..Rich.}..................PE..L.....:...........!.....0...0...............@.....B.........................p.......M....@..........................:......D6..(....P.......................`..............................................`... ....................................text...v+.......0.................. ..`.data........@.......@..............@....rsrc........P.......P..............@..@.reloc..0....`.......`..............@..B.m/9............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\Vsflex7L.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):444064
                Entropy (8bit):6.299290536217232
                Encrypted:false
                SSDEEP:
                MD5:BC4B585AC919E35BD85892950805A68A
                SHA1:B711EDD4935AD52FFD4609D8229A25C8D0AD1AC4
                SHA-256:82E6B5E6AA123D0DC3CC37292DD549DCDA09E6745F22529A9F71D46777BC053C
                SHA-512:980505F83AC81981FFEC9D1EF9587B373B9A3FAB0EFA4D7ACF56AA06348D5F69D96533D00B23C08DC2C8D7C47834DA8CD70DDFFACA2046B1D20C5D76E8C48080
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..YXj.YXj.YXj."Df.[Xj..za.ZXj..Dd.DXj..z`..Xj..Ga.ZXj.YXj.hXj..Gy.GXj.YXk.zYj.;Gy.HXj..za.EXj..^l.XXj..xn.XXj.RichYXj.................PE..L......<...........!.........0......sh....... ...............................P.......o....@..........................i......tP.......p..........................@;................................................... .......O..@....................text............................... ..`.rdata..5J... ...P... ..............@..@.data........p...`...p..............@....rsrc........p......................@..@.reloc...A.......P...`..............@..B................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\XceedZip.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):497472
                Entropy (8bit):6.465926718343263
                Encrypted:false
                SSDEEP:
                MD5:B5AACEC39D5995462E75A940ACCD820B
                SHA1:3FEE6F3EC9E6C36EBBAB05B84063EFA9686DF341
                SHA-256:7CA87821AE332B9296FBF9946C6D5A7250C8DBE247BA78D36BC3B9654D9F6A4E
                SHA-512:536F4CEFBA5634B96EC0DB1B5CA3DD82F769BCF2D60E4858E329F3F8E8C1E62877CE617C76669071C98F364BD6F7F7C19BEC0C87C15D84B933E9B5271B8C8203
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5..9qd.jqd.jqd.j.x.jrd.j.x.jid.j.l.jyd.j.l.j`d.jqd.j3e.jGB.j.d.jGB.j@d.j.b.jpd.j.D.jpd.jRichqd.j........PE..L....1ID...........!.................Q............gg.................................3....@..........................W..u....=..........@3..........0........P...:...................................................................................text.............................. ..`.rdata..u...........................@..@.data............p..................@....rsrc...@3.......@..................@..@.reloc...E...P...P...0..............@..B................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\actskn43.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):389120
                Entropy (8bit):6.512166619169274
                Encrypted:false
                SSDEEP:
                MD5:1A5FE61FDE7EFAFAD359C986D5D41669
                SHA1:13AFBFA59B1149BAAF4A0D01121AFD1F25B493B9
                SHA-256:CD7DD4F557A5FBB348C22571B3ED296E8C4C4FB26B0D0F666AAC2CC7ADBAE5DD
                SHA-512:B75763548EA580E12639458B670B3C2B0DFF29FB28CB49E643BA4043A2601B1A3D469E77DFB14D323118A75785A5ED68578FC4DEABF61FD4285FD94998F4EACE
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........O..O..O...S..O...S..O..lP..O..O..O...P..O..O..QO...P..O..lP..O..<I..O..lP..O..Rich.O..................PE..L.....>...........!..... ...................0.......................................f....@.........................`.......pt.......@...i...................... =...................................................0...............................text...s........ .................. ..`.rdata...X...0...`...0..............@..@.data...H...........................@....rsrc....i...@...p...0..............@..@.reloc...A.......P..................@..B................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\atl100.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):138056
                Entropy (8bit):6.453257536048564
                Encrypted:false
                SSDEEP:
                MD5:36D7D05505951F542922DF4C725CC57D
                SHA1:074902FF54D30EF6EE2FD6EBE475526CAC84670C
                SHA-256:74B7C86B75CFAF5121554BD8CC4DD8E496458311070FA43B9B4FB13B4D8C8EAB
                SHA-512:4C7F9445703FC79F595739CFC0D4E24DADE4C9959F6CB24840B020E98943F4DBED9C2937187165452215AB0A683D1159C4D629E22BFFA625BF08286FCE657889
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..ni..=i..=i..=`.z=k..=..g=f..=..S=...=`.j=j..=i..=...=..R=D..=..b=h..=..c=h..=..d=h..=Richi..=........PE..L.....K.........."!.........x.....................x.........................`......*.....@.........................P...........(........"..............H....0.. ....................................@..@...............|............................text...!........................... ..`.data....0..........................@....rsrc....".......$..................@..@.reloc..8 ...0..."..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\ccrpbds6.dll

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):110592
                Entropy (8bit):5.159518941413585
                Encrypted:false
                SSDEEP:
                MD5:48BF4EB5B5E0CAEC8D95B72FF954BEE4
                SHA1:859AFF1EAF744646E51140083152D0C1BFAED7D6
                SHA-256:221CF8769DD9FA7C3366421D4902D14DFC4BC733B70DFD6CB4F395332840F91F
                SHA-512:F61FF129A9A169564769B6586E5E9F1AE2B8E0A10F958EA6922E349EC1BEC8F526AC31419AB513DFD3A1513B29DC79C22C14B9F440053D39585075D348B256E6
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q..q..q.*.|..q.+.u..q.Rich.q.................PE..L...@D.9...........!.....0..........(........@.....R................................q.....@..........................1.......0..(....`...C..................................................................P... .......t............................text...u".......0.................. ..`.data........@......................@....rsrc....C...`...P...@..............@..@.reloc........... ..................@..B...7............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\certmgr200.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):865672
                Entropy (8bit):6.888545982806716
                Encrypted:false
                SSDEEP:
                MD5:B246E7CB9560429C3F77A5FA3427FED3
                SHA1:D0AA8886D426215F136C7080C4232DBFAEA48FC0
                SHA-256:E6A9E9C10C96F41BC5F431EC98FBA244302EA319C2417648BDE93B8C9250C436
                SHA-512:F9E0433BD39A61D7030739FB90F76C463A6F7CB2885A5C84D2FE6BE8566FC5690232A8E8D7F9CF63E3639077E3D485F96F522BB9C9A1A169455AB335691E560C
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R}..3...3...3...a...3...a...3....~..3....h..3...3...2...a...3...a...3...a...3...a...3..Rich.3..................PE..L.....-_...........!.........z.......d....... ....p%.................................9....@.........................`D......L2...........G...................P..XH...................................,..@............ ...............................text...r........................... ..`.rdata...%... ...&..................@..@.data...\....P...<...0..............@....rsrc....G.......H...l..............@..@.reloc..Lb...P...d..................@..B........................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\htmlml200.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:modified
                Size (bytes):1162632
                Entropy (8bit):6.883391638124841
                Encrypted:false
                SSDEEP:
                MD5:FED352E521967FE4D0FDE06FC56EA565
                SHA1:6319B23B5F126A756B32FE23B3BA8562600229A5
                SHA-256:92F0ABA6964BAB966AFD365A7562992DC7F4E263A4AEB2318B64AD8E5C61405B
                SHA-512:C410463174788D8ED165252CF9EADFB51792984B761A31F5230DD51536EE7FD4C8FD1551D7C73ADDECC20F22675C70496BB95995DF15D8F201E1F6793DB4B914
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.wF9...9...9...'.."...'..J....Ot.:....Ob.6...9.......'......'..8...'..8...'..8...Rich9...................PE..L.....-_...........!.....b........................ $.........................P.......b..............................@........n.......P...b......................(k..................................0i..@...............$............................text....`.......b.................. ..`.rdata...............f..............@..@.data...........H...j..............@....rsrc....b...P...d..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\ipdaem200.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):1058696
                Entropy (8bit):6.903931209607749
                Encrypted:false
                SSDEEP:
                MD5:7C712A71E7B374E257CDE99C07B27F4C
                SHA1:C18CE16CAF9A48DC48160017390AFA6518A1F9B8
                SHA-256:DAC39CA3D11BA7287A5832C0BF89EDED53090A1AA447FF88D0AFFC60AB6B14CE
                SHA-512:E5882528AD1E5D4C7FC930984EEC0B1D7A7C594AFD89EFFA41DDCAA0DA28B038DDF2D7C82481C54A4CCFCA9F332F7D6A9B645A2187D32F8BF5C871C1F95D2770
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.e~..6~..6~..6`.c6e..6`.u6...6YW.6}..6YW.6q..6~..6^..6`.r6K..6`.d6...6`.b6...6`.g6...6Rich~..6........................PE..L.....-_...........!.........h.......n....... .... !................................km....@.........................@....................J......................x]..................................X...@............ ...............................text...B........................... ..`.rdata....... ......................@..@.data............H..................@....rsrc....J.......L...<..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\ipinfo200.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):439688
                Entropy (8bit):6.977616126492248
                Encrypted:false
                SSDEEP:
                MD5:9C8C221963664624DB68EAE147C7F167
                SHA1:B42FD9F9182975019F14D41219F0708CDF5930B9
                SHA-256:38021674751D003EA06010F28B7630BBC068C2C57F77FC3FD1B55BF1C8291551
                SHA-512:FCE3ED3B56A4BC739E1D936599EE16D26BC6A42F4EC2E7A76FF2B8E7E52C9F2F563EE025934A2BB37D80BBEB12976822494A554CBA717F2E3713D62015AF0F3F
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EU}..4...4...4...f...4...f..r4..&.~..4..&.h..4...4...4...f..54...f...4...f...4...f...4..Rich.4..........PE..L.....-_...........!.................f....... ....P!.........................0...........@..............................................=.......................+..................................0...@............ ...............................text............................... ..`.rdata..V.... ......................@..@.data...\........<..................@....rsrc....=.......>..................@..@.reloc...R.......R...F..............@..B................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\mfc100.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):4342088
                Entropy (8bit):7.051728105290309
                Encrypted:false
                SSDEEP:
                MD5:07BCCDCC337D393D7DB0B2F8FE200B3F
                SHA1:5A02B227CB0A22A8E7884CD138C3E8568D083D94
                SHA-256:BF38DDA13B938B49A4DF72B6477342373EE6E151BE12C25CB0C17662FCB4BCD4
                SHA-512:E5637727A549CF7B88F13474097A71200F0DFA511ECD55C5A42E5F53E9F86CE8B7CE763448830FD073E232876F7537BAD96F2CED8D3159558778460264D07639
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................x.......g.....E.c.......e.......Q.......P......h.........,.....T.L.....`.......a.......f.....Rich....................PE..L......K.........."!.....B*..:......oA%......`*....x..........................B.....{.B...@......................... x)......>)......P+.H............*B.H....`?.8..../..................................@...............0....#)......................text...#A*......B*................. ..`.data...l....`*......F*.............@....rsrc...H....P+.......*.............@..@.reloc...P...`?..R....>.............@..B................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\mfc100chs.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):36176
                Entropy (8bit):5.5666055070859155
                Encrypted:false
                SSDEEP:
                MD5:8BF73FAA44C897C1812F2DACF0EAAF8A
                SHA1:C9D4E010FC9069F44028AA54CF4AC3329CA2AB2F
                SHA-256:8D1E7FB72BCEB10215108D48FE4FA6AEA1F03636F56FC3BE5E6D5552C4094C46
                SHA-512:61C0609E0BEEC2985FE8FC7839C17463DA685D39221D648FAA8C7F088627A6C514A8FCFE71948ADF2D3F28B2AF78F8653FE5E4771D7C1AB000FC2F7463D09E8C
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!.........t....................6]......................................@..............................................r...........v..P............................................................................................rsrc....r.......t..................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100cht.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):36176
                Entropy (8bit):5.622324615571566
                Encrypted:false
                SSDEEP:
                MD5:4AD997573259D5BBF211D9FB2BBA3DB0
                SHA1:C9A8BADE464A2AEDF823CE147529A74DA5416038
                SHA-256:90ADEFDCD57C9CE8C5E542FCBDA108860427E9334BD9BFE564AD5556683BC954
                SHA-512:4C630D8ED88DB6062561BCF379235E9CA113C1F9F5DD54A6A9088E5D31B38573B6C891376E76AF0BDEAE360F47D714F2DE8AD9632C7FECB1FC3FF0CA7FC6022B
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!.........t....................6].................................U....@..............................................r...........v..P............................................................................................rsrc....r.......t..................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100deu.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):64336
                Entropy (8bit):4.138154922872674
                Encrypted:false
                SSDEEP:
                MD5:5F522204B79025F0D5870076111409F3
                SHA1:6A17C85B6C4B3F33F2B8D8755EA38D5B0C092168
                SHA-256:CE1FC625509D697A2CD174115A593158AD9EED5B97967E619421696FC01D381E
                SHA-512:405B8DEAB3E87618C0C1238585E0CA7C22E66984148568AF5915B2E908B6C07218774667839B67481661E14727FBF95061A78802E6154286C229170F42A0F1A0
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!..............................6]......................................@.............................................................P............................................................................................rsrc...............................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100enu.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):55120
                Entropy (8bit):4.197711698709668
                Encrypted:false
                SSDEEP:
                MD5:D21165B7DBCC968CD829C00608F5694E
                SHA1:E6882666F88572624AB77074CEAD86448A6CF641
                SHA-256:14C4069CD931E9CD3F519D321CE50E4E531C385403C124FFEE7CA7831B0ADB63
                SHA-512:A3F00761110214C1FFEE78A008A1E17C9969B12B2B3D33C655E47D9E3E6ED13AFAC000402C24F3C20878348C8970856098EC89ABF426D9F990F4C71309E73B62
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!..............................6]................................P.....@.............................................0...............P............................................................................................rsrc...0...........................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100esn.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):63824
                Entropy (8bit):4.069449731249543
                Encrypted:false
                SSDEEP:
                MD5:81C0790DBD237317E4BA2908F53E045A
                SHA1:70A077458CAD7E76B23F0FF77D6CFCB9F0FA4693
                SHA-256:DC5ABB34069E3E8E1451E36B44822DEF82B624F9811F825D417874202A4A242C
                SHA-512:47D4ABA0F7691FDA6E388646767C3D99C2781F21BF58A46399750DC780C160CBC1060B8923767CAE2546BDE58B6F631C6AC4583711E15F9460BCDE7637BD7D3A
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!..............................6]......................................@.............................................P...............P............................................................................................rsrc...P...........................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100fra.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):64336
                Entropy (8bit):4.118195590576372
                Encrypted:false
                SSDEEP:
                MD5:BDB98792CE6C2654F14E1BF47263527B
                SHA1:60E946BF95ABAE671E9F88CE5AE7ADA6D2CA0B5C
                SHA-256:6AB663A7C7A648DDDB428ACDBC8CBC91C66C93A52323DF1A519BFEAEA9A4F6EC
                SHA-512:3747B0CC87D20FA0D0F8FACB43AE917FDB174665B4363FAC2943787ABE4C645D36C73B40327FBA33F87F0C8C65CB33375F9E91A3A75D7EDD791AFB89F17E9FE1
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!..............................6].................................;....@.............................................................P............................................................................................rsrc...............................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100ita.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):62288
                Entropy (8bit):4.093367290099013
                Encrypted:false
                SSDEEP:
                MD5:3301A48EC56740776326760858936BCD
                SHA1:BDDC636C935A4C965FF6A4723EC754CFA09DA8C6
                SHA-256:7E36BA0E433F5478B1F405388870533EE2B631A4BEE992EB6C5708797A8E0B25
                SHA-512:E23604EB225435D941BB57D93AABCD9F4652CC6A1BEC4579064A0C9FD794D5A64B959A98ED8636EF127F37C7671C36BF27C13EBD1309968D43EBBA7117D49072
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!..............................6]................................=.....@.............................................................P............................................................................................rsrc...............................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100jpn.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):43856
                Entropy (8bit):5.449702782814297
                Encrypted:false
                SSDEEP:
                MD5:6A7F31C6FAFEA0EF7F17A9B17B247254
                SHA1:78C3614453D4FB5F96BD21B7CE66E9D5C8C22FCC
                SHA-256:93CCF853A22AD5C9A3BC9F0D87FAB3E356C728332E5968E38B3751C03179B06A
                SHA-512:CC6332E4406D5109CF1522BDA36C1C05B83542ADBF180D88286F08F3E5F260A84A20898B2539E9BAECC6D86EED503EB9ED05AEC2B26672C044EF9A0FB8F12E7D
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!..............................6]................................m.....@.............................................X...............P............................................................................................rsrc...X...........................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100kor.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):43344
                Entropy (8bit):5.551158148566457
                Encrypted:false
                SSDEEP:
                MD5:B5A093F44E7E5C618A7698839DF6583C
                SHA1:F4707CF3D4CBE81E9A680B74C201C386ECA8649E
                SHA-256:C3DC021011FE766D54927F6865936B3B9473E5BC38BB1BBACB94A0C739C4A16D
                SHA-512:937DA004BB71A4B764CEB284D2760E71247F47A6D4D2EAA594A4269C2F5E2A2701DCA91493248D3E6BD08A6AE0C9C3A0342C1B1B8DE180010159E129A2FB0004
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!..............................6].................................s....@.............................................................P............................................................................................rsrc...............................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100rus.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):60752
                Entropy (8bit):4.6896553999495465
                Encrypted:false
                SSDEEP:
                MD5:6D163D436251978D14E4C80F33385D76
                SHA1:CC1957B2D9ADEBC1946CAF3E8DCA08623E43842F
                SHA-256:8597AFF5549E1F14805F288CE69C0DCE270ED0C1D6515A4C923004F0D753240C
                SHA-512:0CD9DEF6C62180CF7D90EED35D6FAB73DDFABA91C0642111EB592896FDB50EC4E1CEEA21F298F10AA6290AFEA208B961C979F075FCFAD169674965E0E01F5995
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L......K.........."!..............................6].................................m....@.............................................................P............................................................................................rsrc...............................@..@....................................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

                C:\Windows\SysWOW64\mfc100u.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):4368720
                Entropy (8bit):7.026244983352001
                Encrypted:false
                SSDEEP:
                MD5:F841F32AD816DBF130F10D86FAB99B1A
                SHA1:0F8B90814B33275CF39F95E769927497DA9460BF
                SHA-256:7A4CFBCE1EB48D4F8988212C2E338D7781B9894EF0F525E871C22BB730A74F3E
                SHA-512:6222F16722A61EE6950B6FBCBE46C2B08E2394CE3DD32D34656FAF2719E190E66B4E59617C83F117AD3793B1292A107F275087B037CF1B6E4D9819323748079A
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................x.......g.....E.c.......e.......Q.......P......h.........?.....T.L.....`.......a.......f.....Rich............PE..L......K.........."!......*..>......=.%.......*..._x......................... C.......C...@.........................`.).`...t.).......+.H.............B.P.....?.0... /...............................>..@...................h.)......................text.....*.......*................. ..`.data.........*.......*.............@....rsrc...H.....+......<+.............@..@.reloc...R....?..T...>?.............@..B........................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\mfc120chs.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):46248
                Entropy (8bit):6.134571748867257
                Encrypted:false
                SSDEEP:
                MD5:1D343669E50F2CF53901C0B1A85D67F8
                SHA1:18955A82D87302066BE07E1DDD2E2C83FAD3A3BE
                SHA-256:68EC84B251DFB616E48141D674F423E70489B2B749164C0CC5C809C259F4E2AF
                SHA-512:F8D7B9BF92FA111D10C2827B88E0072EB483D25EF57274AA6D6DD49DDC7275D9637195D1BF30ED7EAE005B417591A65969C40846C63F96E960F90E27FE06A684
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!.........t...........................................................@............................................. s...........v...>...........................................................................................rsrc... s.......t..................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfc120cht.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):46248
                Entropy (8bit):6.179706372945047
                Encrypted:false
                SSDEEP:
                MD5:928EF91C2BCC8F82725CDB1A5ED711D9
                SHA1:72DBE1129AE70BF08BF508B02DFDE428C05C9212
                SHA-256:BB8111CFEE6EB4A9F113EA1CB1C573DE990A987635B7111821C73D6CBFDBE38B
                SHA-512:F6454427AE2D655AF8396CDD33742768AD5C0677E6278D47BC5E5FB5C1E1DAE9610AA92271FA8E6ADB781DC6CE382ADFC14C78682FC23449D378F7C4F9AEAE39
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!.........t......................................................b?....@.............................................Hs...........v...>...........................................................................................rsrc...Hs.......t..................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfc120deu.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):74920
                Entropy (8bit):4.756155783917953
                Encrypted:false
                SSDEEP:
                MD5:B82A4BA3EBAEBD8810F2304C0535DA4C
                SHA1:54611D7788ABCBAF2C3460F457AD8A76806DE5DE
                SHA-256:9248457F55D091F97D282F14D3D55BC28CBA5024B69050209DF0F0A8806F8B5A
                SHA-512:AA8ADFCCD9CD6865B9F63D74EC45AEAC62E2D84DE7A8DDC4AAC53B4D5BE402E02EF8107D579DAD305A56B9638464C323AC636E4659EA84E8E687F07E2ECF7F0A
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!......................................................................@.............................................H................>...........................................................................................rsrc...H...........................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfc120enu.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):65192
                Entropy (8bit):4.900787098406691
                Encrypted:false
                SSDEEP:
                MD5:BC61781863211ABBC7C15248CCFAF9A0
                SHA1:00C5A5F79A64393CE56147D2A0F19E250BF284EC
                SHA-256:9E222C509F5D1E7D451A37220B9C6574DEC36FB1C5042426278478E640CF0052
                SHA-512:C076A8197AFCBB98027175D42658CB9408B92CC5D1DFB8CC7BA92B2CE926300A9CCE5A1AB5A0B0178042232EE91DD2AE21F0DF722EF1249033145F3ADE1BC000
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!................................................................y'....@..............................................................>...........................................................................................rsrc...............................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfc120esn.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):73896
                Entropy (8bit):4.729865858952854
                Encrypted:false
                SSDEEP:
                MD5:0F79E653D7F5180678E457CE39813F0E
                SHA1:1502BEC70A4F611976336F3B2B0976520465D6C9
                SHA-256:AE5EEB021006B52F66D9594F3FE7B26C934E41ECF24D252871E46442AFF39B55
                SHA-512:332BCC256AD78F201F49135BFEE4DC1B2D87C2B98E4D63159750C3356A711F02D07B4E10CDD0F02CE39CDEF39F55F95BE60281E01A279B51CB382D088E0D2E1F
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!......................................................................@..............................................................>...........................................................................................rsrc...............................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfc120fra.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):74920
                Entropy (8bit):4.7398849390733115
                Encrypted:false
                SSDEEP:
                MD5:F09B21C8959133053E94A4AF14D6B46F
                SHA1:5100D71973CFB310F89DA5E53DB7B87AE7311992
                SHA-256:0FA0A1FD83269C78C322BF8BE59F8A8BB93143AE5731CB263F2F2C91175EAE47
                SHA-512:FDED7775E1679CEE895AFB43BC7110C212548A76B95A819F32F54F97FDCCB1E0756093B4BA2DC45147F3E4D5AC357B21625E75AED821232F2C776E23DBA9D852
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!................................................................*.....@.............................................x................>...........................................................................................rsrc...x...........................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfc120ita.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):72872
                Entropy (8bit):4.73664045671538
                Encrypted:false
                SSDEEP:
                MD5:FFA0B900C2C0401D902465591E165E16
                SHA1:7D73D542296B53562F424946D02E8C73D08171B2
                SHA-256:B175C54C7FAF7B29BA8EE5C3EB647E05FD8AC5E6CBFE638A27815F621795F2EB
                SHA-512:7AAEEC584EADB80150C10A1121EB63E89B6845BDF0497B66F78AC03A6FC9CE3B075613B55D01A3EC348E26853A1A1BB201D8C217CF7A4CA0398FD8AE6E23786D
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!......................................................................@.............................................`................>...........................................................................................rsrc...`...........................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfc120jpn.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):53928
                Entropy (8bit):5.970860603810259
                Encrypted:false
                SSDEEP:
                MD5:4BA51DA48F1BA2222664017724251775
                SHA1:09B4B1F07C8DA202355CBB4A7D4139A308B9C948
                SHA-256:776D3E99FA205289D1B85A5EAD9ED1A412526CBD6428A9B2E7BC857DC4734646
                SHA-512:ACE2ACCF29FE99FF58E083A14BAECF521F3C206A9BACCAF9122D78C0A3C6A2AF0A2A5103685B00294A7F252BFDD516409814EFAB8DD6807C2279557F51CA0B25
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!................................................................+.....@..............................................................>...........................................................................................rsrc...............................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfc120kor.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):53416
                Entropy (8bit):6.097205008917309
                Encrypted:false
                SSDEEP:
                MD5:6201122886A4557A3E97647F95FB34AC
                SHA1:AD8831969784C168C861D15708528E2D359EAB96
                SHA-256:07CC905FCDBE661903851F371584388AB338C9CC2DEE3FE0F91D3562E7B68078
                SHA-512:91299874BEF31D3333BEED2096E0987BC8F7263412DF34A53C8FC553779119688AFCFF32902641032B551F2BC490751F0646B78B75B0CD05B05DDC273F58DC33
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!................................................................+S....@..............................................................>...........................................................................................rsrc...............................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfc120rus.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):70824
                Entropy (8bit):5.28547454088543
                Encrypted:false
                SSDEEP:
                MD5:DFB441CA61002365F2DB2EF8769455E4
                SHA1:F189F4B46CC8530F3A53D9BB7BB0749893BE2A04
                SHA-256:D4E11F22D3C71CD99EE3731777B1943FF3A6B828C1EEAAFAEA0AFFF56646E7DC
                SHA-512:AF785EB2F5928DD35A09F428F0C8F995784AE737A4FADC7DB887D687042652B3E01FE32C84697C744BE712287578845B42603ABEDF41B9721C710C7E4AB21391
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.9y.9y..(..8y..(..8y.Rich9y.........PE..L.....OR.........."!................................................................U.....@..............................................................>...........................................................................................rsrc...............................@..@....................................................................8.......P.......8.......(.......@....................>..X....................>..p....>.......?.......?.......?.......?.......?.......?.......?..0....A..H....B..`... B..x...AB......BB......CB......VB......lB.......B.......B.. ....B..8....x..P....x..h....x.......x.......~.......~.......~....................<.....................(.......@.......X.......p...........!.......(.......).......*.......,.......-...........0.../...H.......`.......x...........................

                C:\Windows\SysWOW64\mfcm100.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):80208
                Entropy (8bit):6.173505901056785
                Encrypted:false
                SSDEEP:
                MD5:09FF12BAE0EB3E6E688609095390D34B
                SHA1:49511F73B54E8F702C7EA769331558B8705DFEC3
                SHA-256:0FEF52F0378B75600B828172377DEA92F8CE4F9CB2E0DCEE5D96300EA6D102DD
                SHA-512:D7EA7B78CE34E5DFC3EBFA2268C8349469854D02DC4C3423D517DD3B74FFD283409EEB275676F68F6DDC514D8D05EBD44125EA630064493D10AEFA4749974EBC
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`..C..C..C..JyO.A..]S_.A..,wP.F...OT.B..,wR.B..,wf.O..Jy_.G..C.....,wg.V..,wW.B..,wV.B..,wQ.B..RichC..........................PE..L......K.........."!.....B...*......PN.......`.....x......................................@......................... +.......$..x...................."..P............b.............................. n..@............`...............b..H............text....@.......B.................. ..`.rdata.......`.......F..............@..@.data....P...0......................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\mfcm100u.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):80720
                Entropy (8bit):6.164375554936668
                Encrypted:false
                SSDEEP:
                MD5:9BF0CB63876BA82B8178EC733F6510C7
                SHA1:BBC2580DA25AE39655D6A042761F8A753A9F127F
                SHA-256:D9A7C9ECF9C022B2FBFE1EFEEA5215A7CAA2BF95674FA88DD5E35AFDB310E80A
                SHA-512:D61D38530D40201AB6934CF256728D24E597065FAE12A77B36103B5CE3BD19B342B436BF54C56949F11B957C4F93795E059EE4784EFD213C22E9E6FB072E24A5
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`..C..C..C..JyO.A..]S_.A..,wP.F...OT.B..,wR.B..,wf.O..Jy_.G..C.....,wg.V..,wW.B..,wV.B..,wQ.B..RichC..........................PE..L......K.........."!.....B...D......PN.......`.....x................................h"....@..........................+......T%..x....................$..P............b..............................0n..@............`...............b..H............text....@.......B.................. ..`.rdata.......`.......F..............@..@.data...<h...0......................@....rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\ssnmpag200.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):1129688
                Entropy (8bit):6.894341516074938
                Encrypted:false
                SSDEEP:
                MD5:843A1F97B657654090266F0B7DA80D9C
                SHA1:3DA53E39B4A26D81550A1D5062377F5DEC4D413D
                SHA-256:05CA945ACEA92251E8A0348D867FA3452C946A3C2653CB2928FA2CD89F5A226A
                SHA-512:DF01F9F7C3AFE90CEF73DB31F07A10FD494996ED31690D4FFCCA23F42BD30C6F26DD1ADE7AED34275F630CB9641AFA40498FD8BB1E326590E051D12BE7C5F876
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.e~..6~..6~..6`.l6e..6`.z6...6YW.6}..6YW.6q..6~..6\..6`.}6K..6`.k6...6`.m6...6`.h6...6Rich~..6........................PE..L...Y.H^...........!................`i....... ....P&......................................@.............................................h>................... .. e......................................@............ ...............................text............................... ..`.rdata....... ......................@..@.data....... ...H..................@....rsrc...h>.......@...V..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\ssnmptrp200.ocx

                Download File
                Process:C:\Users\user\Desktop\Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):1122008
                Entropy (8bit):6.898471203427093
                Encrypted:false
                SSDEEP:
                MD5:28B1FFB0A3B3CAF6033D36E6D13DAEA1
                SHA1:2C35ABC902AFF9E9C43B5E7F629AF3E7A86132A1
                SHA-256:06950ACACDB4A24C343A3AFC6381769EDEA4DDAE7CED30C5725D53CF799D65C2
                SHA-512:D9020C114A73484CB2AF9A5D36EA958C023CB76843021E48239E591661CEEC0C01CAEFB35698BF64F66DD9056EBCA66666D20631039E6EC69217BD116D9F7950
                Malicious:false
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.e~..6~..6~..6`.b6e..6`.t6...6YW.6}..6YW.6q..6~..6_..6`.s6K..6`.e6...6`.c6...6`.f6...6Rich~..6................PE..L.....H^...........!.........|.......S............P'................................I.....@.........................P...................p9.......................d..................................@...@............................................text............................... ..`.rdata..............................@..@.data...........H..................@....rsrc...p9.......:...>..............@..@.reloc..,............x..............@..B........................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\vcamp120.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):339616
                Entropy (8bit):6.476536011761002
                Encrypted:false
                SSDEEP:
                MD5:3BCA5A693F9F772FC8F92A61E45320FC
                SHA1:C84A6BB36D9D4CDE3BECF4135CF8BDD0E43F68EE
                SHA-256:25FD2EB39C27717838D115B44A53C89D028C0E00967C7FCE4474E832E108DB7F
                SHA-512:D43F62D92A851DFDFDB1578D3D7943E44B4D69F40441CB30BBB8983CADD3AB55C43E60F59FCC105B8E9A8BAE2B4610FFB76EC69EC201E1250A3FBC3F6B6AE798
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b..a&..2&..2&..2`.{2"..2`.y2#..2`.F2(..2`.G2!..2.cm2-..2&..2...2`.C2,..2`.z2'..2`.}2'..2&.12'..2`.x2'..2Rich&..2................PE..L.....OR.........."!.....>...................P............................... ............@.........................0...-7..t...........8$...............>.......?..P...............................``..@...............t............................text...]=.......>.................. ..`.data...t4...P...2...B..............@....idata...............t..............@..@.rsrc...8$.......&..................@..@.reloc...?.......@..................@..B........................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\vcomp100.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):51024
                Entropy (8bit):6.5875642480554895
                Encrypted:false
                SSDEEP:
                MD5:631945C6518533A9FADAAA8E98F4AB5B
                SHA1:34B856EBDDA19B5AB96ED77FB5FB82A00CFE023A
                SHA-256:2011268947625670A758382E811C71B597B615F1763F8D30A5195B80DA4644FC
                SHA-512:1CBBC26787AEADE276B30582124B7C457F352754BDDF72A709E90EA884F09CC1327EBBA3087ECB3224762438F669F860C640B18B1863995955E429B3ED894372
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\}...........wjQ....wje.....d\.......'..wj`....wjT....wjU....wjR....Rich...........PE..L......K.........."!................#X.............r................................".....@.................................t...<.......................P.......\.......................................@............................................text............................... ..`.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\SysWOW64\vcomp120.dll

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):119456
                Entropy (8bit):6.615804595453349
                Encrypted:false
                SSDEEP:
                MD5:27BC360D67F269A61BB052E10C9FCEEB
                SHA1:8D81406C8DD3ED8894D8AEE07DD718DCFD2035C5
                SHA-256:FC12360FF09830BF08B7A2A238016EEA2B9E9475CBEA4C22043B264E76B3420C
                SHA-512:2807AF25E00EA11C0ACFAE20D44EE0F02B2331C469F14F5D42814805AE16B7B2A11FBCD7F9046F3E11ADC434133057DADAB62BECA63EB70793FD755F3F827755
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..]............L...+...L. .....L...c....84.........i...L.......L.#.....L.$.....L.!.....Rich............PE..L....OR.........."!.....T...Z..............p...................................... .....@..........................T......X...<........................>..........P...............................pO..@...............X............................text...5R.......T.................. ..`.data...h/...p.......X..............@....idata...............j..............@..@.rsrc................t..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF15E91E4B0FEAA70C.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):0.10235320659675191
                Encrypted:false
                SSDEEP:
                MD5:B0543A0543CAA4B3BE838914865B700F
                SHA1:449ECEEDE342197F6742CDD4AC70A5AEBC83E2CC
                SHA-256:7E0F07110CE1E890ABA58AE658C93AF34F2336CE5D4477F7B25D690CF52E79C7
                SHA-512:22CAE6296067C48EAAF77B298FDDC7BD9DC5234755308AD8681BC7E07E3143F00DB73C7C11701E798A8EF0FA0DCE5FC6D293162BEB7B9ACE5DD2E986958AD9FD
                Malicious:false
                Reputation:low
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF168987B1B16370CB.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):20480
                Entropy (8bit):1.617572410054788
                Encrypted:false
                SSDEEP:
                MD5:CB0B9D39BA50500FA33414C4CEE14BFE
                SHA1:5842C56C7BF34658D6005D4E829BA0FC3512B8A2
                SHA-256:30347303339A226FB36BEF7B866B25B9F7D7E1C85037E24C5D03E028F45742B5
                SHA-512:DF618977C8DE57D931D4D0EBEAADA89A6B8849282D736EFD637D3CAA331205E1B8659BDBE7EA7F4927B563795F39B34FF2547B8F3F62FAB1B82E2C915FCE41EF
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF34FED34DC53E9B01.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):73728
                Entropy (8bit):0.1264875597112808
                Encrypted:false
                SSDEEP:
                MD5:16045115F97E705CC668243EE3FEEBA6
                SHA1:240436E5E007CC65E1657153C8F11912462612D8
                SHA-256:63AD8C20FE36A446181B91871DF4B97E3BA096A37DA6B1B3A6CD71EF8557BA3E
                SHA-512:55F4B23CD57F71BD8FC5007F8DC3CB9431558B27F52AB2DC469D991586164762EB1E0F6DE3BB36D333EF59A97D28B262F297480BCD356638A2A235BDA4C8C8FA
                Malicious:false
                Reputation:low
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF38A384D4E4872D76.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):512
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                Malicious:false
                Reputation:low
                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF454A85D721BB29CB.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):1.2905857584277913
                Encrypted:false
                SSDEEP:
                MD5:3CE0CAFA782E93CDDC5EA7982A12D515
                SHA1:442F49838C5F12942E3EDB919CFD52F6132DDD53
                SHA-256:D8F237890667EA550AF0D2942B3D180F516EBD227D8DB22F3C8F19027C02477A
                SHA-512:7003A07FAF403DEDAC714BB6B5B79B8F4442F8700C80E9DC517CAA415AF40135694A4E9126DEB74DD5B81DC1DC2E15BF883490349FCEBE826EBB69F7BDCFDFD4
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF5790F89D444D3EF2.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):20480
                Entropy (8bit):1.5426974478827287
                Encrypted:false
                SSDEEP:
                MD5:9EF99C9F31C64ED8210DF1BD00AE3245
                SHA1:81ED2C2CF782D13DF89B8DA24E976612CD8A69CC
                SHA-256:8481FEC0DD5568B2BBCDA659EEBFE05D7F8B1E0B7DD42D4270573C1CE79C63A9
                SHA-512:47797493BC0B5960831A2322881D8175C26F4B495BA7DA13CFE10B0FDB6E7B1632079671D2C2FCB0A0CA9DC1F5D96458B9CBCE5657E9B8B1649D8F4734942E1E
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF6D47A0E631CE3932.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):73728
                Entropy (8bit):0.128738398633375
                Encrypted:false
                SSDEEP:
                MD5:771E9D97D932576C6668073BB695D14A
                SHA1:79D43371E0470FA86FC17D66E0A7AB4175B185D7
                SHA-256:66A4B2077189850F73A0B71FE549167BA232155CDC0983A4F7255581C57E0A55
                SHA-512:D905862C37FE82584400D6ECAFF19710EBBDE21815D6009CA338AB52B764FBBF2110616365B70312937228437A2E32EBC7B64661674CA5C236C30B7E0D257F94
                Malicious:false
                Reputation:low
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF6DB3C1DC0C2667A8.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):73728
                Entropy (8bit):0.15463387875372808
                Encrypted:false
                SSDEEP:
                MD5:AAD9B3BC5CC939E5C914274FC906D90D
                SHA1:3E5278474CB531B9826ADC0AC2836D673A4AF3E3
                SHA-256:5C15A1F44268179BC47E2085E3728E48C5CC52445F0C99817BC60331A657C012
                SHA-512:5687647DE9F1D1A1DF829E66B235813430A84AB226C05636AF83881AA79514AB3AF5FD9A993210BDF7405F1A22D7456B76D4F763773FAD603F3C0E8273962AAC
                Malicious:false
                Reputation:low
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF73F564B826382A8A.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):1.234939651734856
                Encrypted:false
                SSDEEP:
                MD5:41B5768B298368DC435B965DF5626F63
                SHA1:0148E45247DCDCF88E47F027B36BC38101F266FE
                SHA-256:1E484ECA77F3511631F51BAA1F1D6F10464F0D9CE1D98DA59F1811ADABB58002
                SHA-512:954091B22F04BDCC55D75D41D459C756E8C1444CA5B2CB7AB1972573EAEEE95A0D34B84E9C8C1B62CFE6CF47C5BD4C903F228623F1752ED5BAE5BDE2E8C73396
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DF887EBC0611478CC6.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):0.10343497915702723
                Encrypted:false
                SSDEEP:
                MD5:B5F71D86463E8127906D2F043DE873CB
                SHA1:EC9FCB57A19E02016EB06A875A9D40C58713A5F9
                SHA-256:82A11C1DCA0E561A30D834C95B90A3E82B8BBDFD001B3DC68CC19687C7A342AD
                SHA-512:1B9D96ABDBAC664745D1145D499817524F6F8C72DA8A6660C61494C32D54C7D4A3579EF288BC29C717D8BC0DFEE7312166A37977763061BD347341B34B8D7000
                Malicious:false
                Reputation:low
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DFAF97FF25F7A3081E.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):1.2389706626014219
                Encrypted:false
                SSDEEP:
                MD5:DF57467DF029008821F419589CE3FC73
                SHA1:D8346BA62F5E3E57119022DCA3CA71E1CE296203
                SHA-256:F00DBD1C2091610BD303151DFCE390E11570AD08F6EDF8B8ACF6E010FC4BCB50
                SHA-512:4E31EE6817117576E198B4E7CB4920198FA0240D9BB6C371B12EFCDDBAF7ED6C9637C85A7D84290F19E38B94B4A84B67EC4639F557DB4FD72EACE43A7A6BA069
                Malicious:false
                Reputation:low
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Windows\Temp\~DFDE47261320E9B5D6.TMP

                Download File
                Process:C:\Windows\System32\msiexec.exe
                File Type:data
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):0.3364159434289711
                Encrypted:false
                SSDEEP:
                MD5:597116FD1A30D7512E5BBBE0FB943CBA
                SHA1:C595A0C8390069463DF1E05AF16B4676E245CAFA
                SHA-256:9579E3B1C16ADCCBE22F7E80F96245FB00939C15BAE5E32390580E588DC8DD28
                SHA-512:1992613B1DBB8867F19CA5F2E9380CB8A6D554B417A4E3874A2D9C981B3932992A51140891C53E6ED10F5737346A467A11DB8992DB3D7935E48F2ADEC5340AB5
                Malicious:false
                Reputation:low
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                \Device\ConDrv

                Download File
                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                File Type:ASCII text, with very long lines (311), with CRLF line terminators
                Category:dropped
                Size (bytes):676
                Entropy (8bit):4.786909473557425
                Encrypted:false
                SSDEEP:
                MD5:0E91F841AC44BECB8DCAA79EB5455FE7
                SHA1:1AD50C4AAE8D1D639B2FEB2A059073E87F47D5CD
                SHA-256:9740F7B1351C3C552BCB3B0D23D6BBF879E05CB06CC62A9C306ABF47316BBAC3
                SHA-512:A3614C2F5FEF39F982C470CF5863E7EF7F9B826C8BE094C3E2CE1BA3DD2709F696744978B22C748C76F97663BA56B3EFAE3C8DEF3CA236E625B464BAB1BA8185
                Malicious:false
                Reputation:low
                Preview:Microsoft .NET Framework Assembly Registration Utility version 4.8.4084.0..for Microsoft .NET Framework version 4.8.4084.0..Copyright (C) Microsoft Corporation. All rights reserved.....RegAsm : warning RA0000 : Registering an unsigned assembly with /codebase can cause your assembly to interfere with other applications that may be installed on the same computer. The /codebase switch is intended to be used only with signed assemblies. Please give your assembly a strong name and re-register it...Types registered successfully..Assembly exported to 'C:\Program Files (x86)\Syslogd\SolarWinds.SyslogServer.SyslogAction.tlb', and the type library was registered successfully..

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                Entropy (8bit):7.99990974154897
                TrID:
                • Win32 Executable (generic) a (10002005/4) 99.96%
                • Generic Win/DOS Executable (2004/3) 0.02%
                • DOS Executable Generic (2002/1) 0.02%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe
                File size:29'394'832 bytes
                MD5:ddeae6a33dadac7e815f44ffa2e3af72
                SHA1:35d124119f877ff9d84979f768bc542389f19514
                SHA256:28b96f7ac372171acbcac4a2cefd1c19d571fb157ab0394b6f33af4f059e5741
                SHA512:bc3b89f5de02e77b7f56a4ffeaeb4214a2b354077f0d080da9331579d711c6a6db441fb4947b7ada1819ab1177b3d7ac26e01f82f11119b251d3b9a2703a77b8
                SSDEEP:786432:3lqgurZzv3vJgF78kxZRbBKExAc5m1Yd4IY8MxWxzlsb:3YDCFgkxZRbos5vmIYybe
                TLSH:745733D463D05183C7662FB019387D34496439B933FB262FEA2077E69CF4BC35A98299
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1(..PF..PF..PF.*_...PF..PG.APF.*_...PF..sv..PF..V@..PF.Rich.PF.........PE..L.....Oa.................p...T.......:............@

                File Icon

                Icon Hash:31254dd8aecc710e

                Static PE Info

                General

                Entrypoint:0x403ac2
                Entrypoint Section:.text
                Digitally signed:true
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Time Stamp:0x614F9EC2 [Sat Sep 25 22:12:18 2021 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:14b0fecbed4a918c9c5c5d940cc1045e

                Authenticode Signature

                Signature Valid:false
                Signature Issuer:CN=SWDEVIssuingCA, DC=swdev, DC=local
                Signature Validation Error:A certificate chain could not be built to a trusted root authority
                Error Number:-2146762486
                Not Before, Not After
                • 18/01/2021 11:47:23 17/01/2026 11:47:23
                Subject Chain
                • CN=SolarWinds develop
                Version:3
                Thumbprint MD5:A172191E1538B8A9BD275A6F4C105F60
                Thumbprint SHA-1:2F9C5F958EE148604ADD66E21F1D8ABE31FEDAE1
                Thumbprint SHA-256:C8D451F4404FF8E54333BAE23208AE7F5CC419B10BAF707BC33B9AC551978501
                Serial:1000002D36FE67D95EBA80A6AC000000002D36

                Entrypoint Preview

                Instruction
                push ebp
                mov ebp, esp
                sub esp, 000003F4h
                push ebx
                push esi
                push edi
                push 00000020h
                pop edi
                xor ebx, ebx
                push 00008001h
                mov dword ptr [ebp-14h], ebx
                mov dword ptr [ebp-04h], 0040AF30h
                mov dword ptr [ebp-10h], ebx
                call dword ptr [004080B8h]
                mov esi, dword ptr [004080BCh]
                lea eax, dword ptr [ebp-00000140h]
                push eax
                mov dword ptr [ebp-0000012Ch], ebx
                mov dword ptr [ebp-2Ch], ebx
                mov dword ptr [ebp-28h], ebx
                mov dword ptr [ebp-00000140h], 0000011Ch
                call esi
                test eax, eax
                jne 00007F9FA0E8641Ah
                lea eax, dword ptr [ebp-00000140h]
                mov dword ptr [ebp-00000140h], 00000114h
                push eax
                call esi
                mov ax, word ptr [ebp-0000012Ch]
                mov ecx, dword ptr [ebp-00000112h]
                sub ax, 00000053h
                add ecx, FFFFFFD0h
                neg ax
                sbb eax, eax
                mov byte ptr [ebp-26h], 00000004h
                not eax
                and eax, ecx
                mov word ptr [ebp-2Ch], ax
                cmp dword ptr [ebp-0000013Ch], 0Ah
                jnc 00007F9FA0E863EAh
                and word ptr [ebp-00000132h], 0000h
                mov eax, dword ptr [ebp-00000134h]
                movzx ecx, byte ptr [ebp-00000138h]
                mov dword ptr [0042CCB8h], eax
                xor eax, eax
                mov ah, byte ptr [ebp-0000013Ch]
                movzx eax, ax
                or eax, ecx
                xor ecx, ecx
                mov ch, byte ptr [ebp-2Ch]
                movzx ecx, cx
                shl eax, 10h
                or eax, ecx

                Rich Headers

                Programming Language:
                • [EXP] VC++ 6.0 SP5 build 8804

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x85140xa0.rdata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x500000x71d0.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x1c068300x1f60
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2bc.rdata
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x6e780x7000False0.6546107700892857data6.415247599894498IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .rdata0x80000x13ee0x1400False0.458203125data5.215311125990761IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .data0xa0000x22d180x1800False0.3063151041666667data3.5910860504424678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .ndata0x2d0000x230000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .rsrc0x500000x71d00x7200False0.38589638157894735data5.370576470877833IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountryZLIB Complexity
                RT_BITMAP0x503d00x666Device independent bitmap graphic, 96 x 16 x 8, image size 1538, resolution 2868 x 2868 px/m, 15 important colorsEnglishUnited States0.18192918192918192
                RT_ICON0x50a380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3094398340248963
                RT_ICON0x52fe00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4275328330206379
                RT_ICON0x540880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5023987206823027
                RT_ICON0x54f300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.6556859205776173
                RT_ICON0x557d80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.40028901734104044
                RT_ICON0x55d400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5328014184397163
                RT_DIALOG0x561a80xb4dataEnglishUnited States0.6111111111111112
                RT_DIALOG0x562600x120dataEnglishUnited States0.5138888888888888
                RT_DIALOG0x563800x158dataEnglishUnited States0.5261627906976745
                RT_DIALOG0x564d80x200dataEnglishUnited States0.3984375
                RT_DIALOG0x566d80xf8dataEnglishUnited States0.6290322580645161
                RT_DIALOG0x567d00xa0dataEnglishUnited States0.60625
                RT_DIALOG0x568700xeedataEnglishUnited States0.6302521008403361
                RT_GROUP_ICON0x569600x5adataEnglishUnited States0.6777777777777778
                RT_VERSION0x569c00x3e0dataEnglishUnited States0.4213709677419355
                RT_MANIFEST0x56da00x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                Imports

                DLLImport
                ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                SHELL32.dllSHGetFileInfoW, SHBrowseForFolderW, SHFileOperationW, ShellExecuteExW, SHGetSpecialFolderLocation, SHGetPathFromIDListW
                ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                USER32.dllDispatchMessageW, wsprintfA, IsWindowVisible, PeekMessageW, wvsprintfW, MessageBoxIndirectW, CharNextA, CharPrevW, GetSystemMetrics, GetDlgItemTextW, SetDlgItemTextW, TrackPopupMenu, CreatePopupMenu, FillRect, CloseClipboard, OpenClipboard, EndPaint, IsDlgButtonChecked, CallWindowProcW, GetMessagePos, LoadCursorW, GetAsyncKeyState, CheckDlgButton, SetWindowPos, SetCursor, GetSysColor, SetClassLongW, GetWindowLongW, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassW, ScreenToClient, EndDialog, GetClassInfoW, SystemParametersInfoW, CreateWindowExW, ExitWindowsEx, DialogBoxParamW, CharNextW, SetTimer, DestroyWindow, CreateDialogParamW, SetForegroundWindow, SetWindowTextW, PostQuitMessage, SendMessageTimeoutW, ShowWindow, wsprintfW, GetDlgItem, FindWindowExW, IsWindow, GetDC, SetWindowLongW, LoadImageW, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageW, DefWindowProcW, GetClientRect, DrawTextW, SetClipboardData, EmptyClipboard, AppendMenuW
                GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, MoveFileExW, GetTempFileNameW, lstrcmpiA, WriteFile, CreateProcessW, CreateDirectoryW, RemoveDirectoryW, GlobalLock, GlobalUnlock, CreateThread, WideCharToMultiByte, lstrcpynW, GetDiskFreeSpaceW, SetErrorMode, GetVersionExW, lstrlenW, GetTempPathW, GetWindowsDirectoryW, GetCommandLineW, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetModuleFileNameW, GetFileSize, GetCurrentProcess, GetTickCount, Sleep, CreateFileW, GetFileAttributesW, SetCurrentDirectoryW, SetFileAttributesW, MoveFileW, GetFullPathNameW, GetLastError, SearchPathW, CompareFileTime, GetShortPathNameW, CloseHandle, lstrcmpiW, SetFileTime, ExpandEnvironmentStringsW, GlobalFree, lstrcmpW, GetModuleHandleW, LoadLibraryExW, GlobalAlloc, WritePrivateProfileStringW, GetPrivateProfileStringW, FreeLibrary, lstrcpyA, lstrcatW, ReadFile, MultiByteToWideChar, lstrlenA, FindClose, FindNextFileW, SetFilePointer, DeleteFileW, MulDiv, FindFirstFileW

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                EnglishUnited States