Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
xploview v3.3.31.exe

Overview

General Information

Sample name:xploview v3.3.31.exe
Analysis ID:1408549
MD5:0e9b5834cee3dc5760f1ec3ecf75580b
SHA1:c883426efb8332abbde75a495abaa54cc25501e0
SHA256:5fbdba70a71b9204b58002679e4db29024d201cc35650e6c616c8643e575cabf
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic
Creates an undocumented autostart registry key
Checks for available system drives (often done to infect USB drives)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Sigma detected: Wow6432Node Windows NT CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • xploview v3.3.31.exe (PID: 5824 cmdline: C:\Users\user\Desktop\xploview v3.3.31.exe MD5: 0E9B5834CEE3DC5760F1EC3ECF75580B)
    • msiexec.exe (PID: 4884 cmdline: /i "C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\xploview.msi" TRANSFORMS=":2057" AI_SETUPEXEPATH="C:\Users\user\Desktop\xploview v3.3.31.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /exelang 2057 /noprereqs " MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 4244 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 4540 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3DB9331CBFAEB034E030E728A3FC1106 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2696 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 11947A0328DF3383796F83CAC375CFA1 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • xploview.exe (PID: 6596 cmdline: "C:\Program Files (x86)\xploview\xploview.exe" MD5: 04486E6AD3ED10A8230D26431265A6B8)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: xvidvfw.dll, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\msiexec.exe, ProcessId: 4244, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.XVID

Snort Signatures

Timestamp:03/13/24-19:02:04.916450
SID:2825564
Source Port:49734
Destination Port:5552
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:03/13/24-19:01:59.134305
SID:2033132
Source Port:49734
Destination Port:5552
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:03/13/24-19:01:59.351511
SID:2814856
Source Port:49734
Destination Port:5552
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:03/13/24-19:02:04.916450
SID:2814860
Source Port:49734
Destination Port:5552
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: xploview v3.3.31.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: xploview v3.3.31.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Program Files (x86)\xploview\xploview.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:

Networking

barindex
Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49734 -> 178.63.148.180:5552
Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49734 -> 178.63.148.180:5552
Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49734 -> 178.63.148.180:5552
Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49734 -> 178.63.148.180:5552
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ae65e.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7B6.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE872.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{14110D92-632D-4C9A-A849-98542BAE0BDA}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE8E1.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE911.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9CD.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvid.ax
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvidcore.dll
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvidvfw.dll
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{14110D92-632D-4C9A-A849-98542BAE0BDA}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{14110D92-632D-4C9A-A849-98542BAE0BDA}\SystemFoldermsiexec.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{14110D92-632D-4C9A-A849-98542BAE0BDA}\xploview.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ae660.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ae660.msi
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIE7B6.tmp
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: riched20.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: usp10.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: msls31.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: msi.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: explorerframe.dll
Source: C:\Users\user\Desktop\xploview v3.3.31.exeSection loaded: mstask.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samlib.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samlib.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: avcodec-55.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: avformat-55.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: avutil-52.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: swscale-2.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: libiconv-2.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: oledlg.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: windowscodecs.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: devenum.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: msdmo.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: avicap32.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: msvfw32.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: textshaping.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: thumbcache.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\xploview\xploview.exeSection loaded: msvcp110_win.dll
Source: xploview v3.3.31.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal52.winEXE@9/59@0/0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\xploview
Source: C:\Users\user\Desktop\xploview v3.3.31.exeFile created: C:\Users\user\AppData\Roaming\xploview
Source: C:\Program Files (x86)\xploview\xploview.exeMutant created: \Sessions\1\BaseNamedObjects\xploview
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID20B.tmp
Source: xploview v3.3.31.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\xploview v3.3.31.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Desktop\xploview v3.3.31.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\xploview v3.3.31.exeFile read: C:\Users\user\Desktop\xploview v3.3.31.exe
Source: unknownProcess created: C:\Users\user\Desktop\xploview v3.3.31.exe C:\Users\user\Desktop\xploview v3.3.31.exe
Source: C:\Users\user\Desktop\xploview v3.3.31.exeProcess created: C:\Windows\System32\msiexec.exe /i "C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\xploview.msi" TRANSFORMS=":2057" AI_SETUPEXEPATH="C:\Users\user\Desktop\xploview v3.3.31.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /exelang 2057 /noprereqs "
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3DB9331CBFAEB034E030E728A3FC1106 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 11947A0328DF3383796F83CAC375CFA1
Source: C:\Users\user\Desktop\xploview v3.3.31.exeProcess created: C:\Windows\System32\msiexec.exe /i "C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\xploview.msi" TRANSFORMS=":2057" AI_SETUPEXEPATH="C:\Users\user\Desktop\xploview v3.3.31.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /exelang 2057 /noprereqs "
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3DB9331CBFAEB034E030E728A3FC1106 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 11947A0328DF3383796F83CAC375CFA1
Source: unknownProcess created: C:\Program Files (x86)\xploview\xploview.exe "C:\Program Files (x86)\xploview\xploview.exe"
Source: C:\Users\user\Desktop\xploview v3.3.31.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: xploview v3.3.31.exeStatic file information: File size 10056544 > 1048576
Source: xploview v3.3.31.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: xploview v3.3.31.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: xploview v3.3.31.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: xploview v3.3.31.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: xploview v3.3.31.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: xploview v3.3.31.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: xploview v3.3.31.exeStatic PE information: real checksum: 0x5e1c6 should be: 0x9a3217
Source: C:\Users\user\Desktop\xploview v3.3.31.exeFile created: C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\2057.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvid.axJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\xploview\avcodec-55.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\xploview\libgcc_s_dw2-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\xploview\xploview.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\xploview\libiconv-2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\xploview\swscale-2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\xploview\avformat-55.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7B6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9CD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\xploview\avutil-52.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvidvfw.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvidcore.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvid.axJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7B6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9CD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvidvfw.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvidcore.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\xvid.axJump to dropped file

Boot Survival

barindex
Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 vidc.XVID
Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 vidc.XVID
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xploview
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xploview\Uninstall.lnk
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xploview\xploview.lnk
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xploview.lnk
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\xploview\xploview.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\xploview\xploview.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\xploview\xploview.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\xploview\xploview.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\xploview\xploview.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\xploview\xploview.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\xploview\xploview.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\xploview\xploview.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\xploview\xploview.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\xvid.axJump to dropped file
Source: C:\Users\user\Desktop\xploview v3.3.31.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\2057.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\xploview\avcodec-55.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\xploview\xploview.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\xploview\libgcc_s_dw2-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\xploview\libiconv-2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\xploview\swscale-2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\xploview\avformat-55.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE7B6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE9CD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\xploview\avutil-52.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\xvidvfw.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\xvidcore.dllJump to dropped file
Source: C:\Users\user\Desktop\xploview v3.3.31.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformation
Source: C:\Users\user\Desktop\xploview v3.3.31.exeFile Volume queried: C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install FullSizeInformation
Source: C:\Users\user\Desktop\xploview v3.3.31.exeFile Volume queried: C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
Source: C:\Users\user\Desktop\xploview v3.3.31.exeProcess created: C:\Windows\System32\msiexec.exe /i "c:\users\user\appdata\roaming\xploview\xploview 3.3.31\install\xploview.msi" transforms=":2057" ai_setupexepath="c:\users\user\desktop\xploview v3.3.31.exe" setupexedir="c:\users\user\desktop\" exe_cmd_line="/exenoupdates /exelang 2057 /noprereqs "
Source: C:\Users\user\Desktop\xploview v3.3.31.exeProcess created: C:\Windows\System32\msiexec.exe /i "c:\users\user\appdata\roaming\xploview\xploview 3.3.31\install\xploview.msi" transforms=":2057" ai_setupexepath="c:\users\user\desktop\xploview v3.3.31.exe" setupexedir="c:\users\user\desktop\" exe_cmd_line="/exenoupdates /exelang 2057 /noprereqs "
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\TimedShot.png VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\RecordingMovie.png VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\Setting.png VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\Help.png VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\Exit.png VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\FullScreen.PNG VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\TakeAShot.png VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\rotate\rotate.png VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\TimedShot.png VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeQueries volume information: C:\Program Files (x86)\xploview\Resource\image\TimedShot.png VolumeInformation
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents\xploview
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents\xploview
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents\xploview
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents\xploview
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents\xploview
Source: C:\Program Files (x86)\xploview\xploview.exeDirectory queried: C:\Users\user\Documents\xploview

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		32
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Data from Local System		Data ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account Manager11
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
xploview v3.3.31.exe2%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\xploview\avcodec-55.dll0%ReversingLabs
C:\Program Files (x86)\xploview\avformat-55.dll2%ReversingLabs
C:\Program Files (x86)\xploview\avutil-52.dll0%ReversingLabs
C:\Program Files (x86)\xploview\libgcc_s_dw2-1.dll0%ReversingLabs
C:\Program Files (x86)\xploview\libiconv-2.dll0%ReversingLabs
C:\Program Files (x86)\xploview\swscale-2.dll0%ReversingLabs
C:\Program Files (x86)\xploview\xploview.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\2057.dll5%ReversingLabs
C:\Windows\Installer\MSIE7B6.tmp0%ReversingLabs
C:\Windows\Installer\MSIE9CD.tmp0%ReversingLabs
C:\Windows\SysWOW64\xvid.ax0%ReversingLabs
C:\Windows\SysWOW64\xvidcore.dll0%ReversingLabs
C:\Windows\SysWOW64\xvidvfw.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1408549
Start date and time:2024-03-13 19:06:10 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:21
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:xploview v3.3.31.exe
Detection:MAL
Classification:mal52.winEXE@9/59@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 184.29.132.67, 20.114.59.183, 20.242.39.171
  • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, fs.microsoft.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • VT rate limit hit for: xploview v3.3.31.exe

Created / dropped Files

C:\Config.Msi\3ae65f.rbs

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:modified
Size (bytes):18903
Entropy (8bit):5.810378826750059
Encrypted:false
SSDEEP:
MD5:73B5018A60F5A196673CBA3CC6C1A698
SHA1:9F632067B2C58F971F8398E2998089B73D445EEF
SHA-256:05BF1970271821BB8E210A83742D82F0A5DA707E4819828B420BF1C879C49E42
SHA-512:860A0DEB60352ABABF560DA14CF6C5CDCBF17B79578B4CA7CC9451126097BD3D478A2FEB7B92EB8F849E397E75DCF638486E0DB44298A690E29FA491272AC1B4
Malicious:false
Reputation:unknown
Preview:...@IXOS.@.....@.mX.@.....@.....@.....@.....@.....@......&.{14110D92-632D-4C9A-A849-98542BAE0BDA}..xploview..xploview.msi.@.....@.....@.....@......xploview.exe..&.{BE8DDB59-D912-40B1-A611-AB1DCF8F99F2}.....@.....@.....@.....@.......@.....@.....@.......@......xploview......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{1B75D046-319F-482B-8D3B-309F6CC7B0D1}&.{14110D92-632D-4C9A-A849-98542BAE0BDA}.@......&.{1A1320FB-00A5-48E6-8CEC-49108623BBC4}&.{14110D92-632D-4C9A-A849-98542BAE0BDA}.@......&.{12DEE231-33BD-49F3-A8CF-A85D529F8F4C}&.{14110D92-632D-4C9A-A849-98542BAE0BDA}.@......&.{BE505CFC-20B5-4F48-B714-8EE38CE14DA4}&.{14110D92-632D-4C9A-A849-98542BAE0BDA}.@......&.{362F759C-D7AD-4266-961B-498C49D5EE38}&.{14110D92-632D-4C9A-A849-98542BAE0BDA}.@......&.{B59ED910-B5D1-457B-A79A-2BB2B32A7A9A}&.{14110D92-632D-4C9A-A849-98542BAE0BDA}.@......&.{55DBB6EF-8975-4A1E-8A0F-36666B205E73}&.{14110D92-632D-4C

C:\Program Files (x86)\xploview\Resource\Czech.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):5609
Entropy (8bit):5.16596068381475
Encrypted:false
SSDEEP:
MD5:299E9990024F3AF41BA83565309FEC7B
SHA1:0D2E386A81ECAD028D1FB8AFADB8DF4E4552522D
SHA-256:29F0718F779D6CB70DC07A34A7FEAE0C21532E8665A9602734BD823D907B90AF
SHA-512:B07FA697A21625AA069AD0CAC975CDFAF2C9C8C9E880C3BE062CCB42B03326A4FA8DCC2A60721DD056EDF731CE49D1AA514CC17373CBAAF7C815C2AA4FD22480
Malicious:false
Reputation:unknown
Preview:.//alert.."ui_alert_savefile" =."Chyba, %@ nen. mo.n. ulo.it na t.to specifick. lokalit.. Prov..te si pros.m, zda m.te povolen. ps.t na t.to lokalit..";.."ui_alert_openfile" =."Chyba, %@ nen. mo.n. otev..t.";.."ui_alert_timed_shot_setting" =."Chyba, chybn. nastaven. Samospou.t..";.."ui_alert_ok" =."Ok";.."ui_alert_cancel" =."Odstranit";.."ui_alert_question" =. "Prov..it";.."ui_alert_recording" =."Chyba, nen. mo.n. nahr.t na t.to specifick. lokalit.. Prov..te si pros.m, zda m.te povolen. ps.t na t.to lokalit..";.."ui_alert_usingsetting" = ."Do.lo k chyb. nastaven., prov..te si pros.m, zda m.te povolen. ps.t na t.to lokalit. ve slo.ce aplikaci..";.."ui_alert_not_exist_resource_location" =."Chyba, %@ ulo.en. cesta neexistuje.";.."ui_alert_no_camera" = ."Nepoda.ilo se naj.t apar.t, p.ipojte pros.m apar.t.";.."ui_alert_movie_maxinum_file" =."Chybn. nastaven. rozm.r. videa ; p.esahuje r.mec rozm.r..";.."ui_alert_exit_sy

C:\Program Files (x86)\xploview\Resource\English.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text
Category:dropped
Size (bytes):5129
Entropy (8bit):4.816064055461129
Encrypted:false
SSDEEP:
MD5:0F0B22ABAB8F2B4EDA8C9756DE5621F1
SHA1:4CEEF4DDB010B5D5E15998931CBA01B4C1955683
SHA-256:E1B9EBF5C7F16B352A084863B03635E6EABCE0C1A8ED20426DCAADCEB29E64B7
SHA-512:0B842A3E2FA72FCC597C7A60B7DCDDB49A296F3BFE61A2A47A66054F73FEF49DD2B9104C8AFEC60286359640332B4DC884CFFF0AD4B03E44981722BE4EE0C37C
Malicious:false
Reputation:unknown
Preview:.//alert."ui_alert_savefile" =."Error, %@ cannot be saved in the specific location. Please check if you have permission to write to the specific location.";."ui_alert_openfile" =."Error, %@ cannot be opened.";."ui_alert_timed_shot_setting" =."Error, incorrect Timed Shot settings.";."ui_alert_ok" =."Ok";."ui_alert_cancel" =."Cancel";."ui_alert_question" =. "Inquiry";."ui_alert_recording" =."Error, cannot record to specific location. Please check if you have permission to write to the specific location.";."ui_alert_usingsetting" = ."An error has occur when applying settings, please check if you have permission to write to application folder.";."ui_alert_not_exist_resource_location" =."Error, %@ saved path does not exist.";."ui_alert_no_camera" = ."No camera is detected, please connect your camera.";."ui_alert_movie_maxinum_file" =."Video size setting is incorrect; out of range.";."ui_alert_exit_system" =."Are you sure you want to quit?";."ui_alert_exit_system_doing_recording" =."Record

C:\Program Files (x86)\xploview\Resource\French.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text
Category:dropped
Size (bytes):5960
Entropy (8bit):4.905208906595718
Encrypted:false
SSDEEP:
MD5:AD1621E834052BB18174379589033A02
SHA1:E83145B11E00BBAAD8D850474B6286D55D8328A3
SHA-256:AB2E3BE9FB249F2B19EF4839C3F083EBE136B56D5FA09914D7117DD685A04DDC
SHA-512:5C6A2483CCD678998DF133CA712D7767FF2A01506A7A761E98F16A44C4A7B9359DDB4229A3A5AB75BFC83B689D8B1BF36B5540C728A068E95BA26C278CDFA758
Malicious:false
Reputation:unknown
Preview:."ui_alert_savefile" =."Erreur, impossible d'enregistrer % @ dans l'emplacement sp.cifique. S'il vous pla?t v.rifiez si vous avez la permission d'.crire dans cet emplacement.";."ui_alert_openfile" =."Erreur, impossible d'ouvrir % @ .";."ui_alert_timed_shot_setting" =."Erreur, les param.tres de la prise de photo temporis.e sont incorrectes.";."ui_alert_ok" =."Ok";."ui_alert_cancel" =."Annuler";."ui_alert_question" =."domanda...";."ui_alert_recording" =."Erreur, impossible d'enregistrer dans l'emplacement sp.cifique. S'il vous pla?t v.rifiez si vous avez la permission d'.crire dans cet emplacement.";."ui_alert_usingsetting" = ."Une erreur s'est produit lors de l'application des param.tres, s'il vous pla?t v.rifier si vous avez la permission d'.crire dans le dossier d'application.";."ui_alert_not_exist_resource_location" =."Erreur,l.acheminement de sauvegarde %@ n.existe pas";."ui_alert_no_camera" = ."Pas d'appareil photo d.tect., veuillez connecter votre appareil photo

C:\Program Files (x86)\xploview\Resource\German.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text
Category:dropped
Size (bytes):5690
Entropy (8bit):4.955466766393289
Encrypted:false
SSDEEP:
MD5:EE3A14D8F9174001A2D180877EBCE06A
SHA1:6472F7AD4625CE72353FB87A2173148FF06D4857
SHA-256:8A7472141C0D9518F6500C92865221E13EC0B257AB38D52E0233FC1698850AB0
SHA-512:3149774D36643998BF97ACAF8690617FC5C4F51E573B9FA6361FCC49C0E4FB4EDAF65F9DC4D151E16DBF93DB0303F4CA5CF8E8E6AB206D80E2387431B34723D1
Malicious:false
Reputation:unknown
Preview:."ui_alert_savefile" =."Fehler %@ , kann nicht in der bestimmten Stelle gespeichert werden. Bitte .berpr.fen Sie, ob Sie die Erlaubnis haben, um an die definierte Stelle zu melden.";."ui_alert_openfile" =."Fehler %@ , kann nicht ge.ffnet werden";."ui_alert_timed_shot_setting" =."Fehler, falsche Time Shot-Einstellungen";."ui_alert_ok" =."Ok";."ui_alert_cancel" =."L.schen";."ui_alert_question" = "Frage...";."ui_alert_recording" =."Fehler, kann nicht auf der bestimmte Stelle gemeldet werden. Bitte .berpr.fen Sie, ob Sie die Erlaubnis haben, um an die definierte Stelle zu melden.";."ui_alert_usingsetting" = ."Ein Fehler ist beim Anwenden der Einstellungen aufgetreten, .berpr.fen Sie bitte, ob Sie die Erlaubnis haben, an den Anwendungs-Ordner zu schreiben.";."ui_alert_not_exist_resource_location" =."Fehler: Pfad %@ nicht vorhanden.";."ui_alert_no_camera" = ."Keine Kamera wird erkannt, bitte schlie.en Sie Ihre Kamera an.";."ui_alert_movie_maxinum_file" =. "Die Maximalgr..e der

C:\Program Files (x86)\xploview\Resource\Hungarian.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):5919
Entropy (8bit):5.125910101850597
Encrypted:false
SSDEEP:
MD5:D1CF495B70219C00966CDCC14058DDE6
SHA1:398DBA42CBA0273A66FD75C5580A5C3FEEDE6505
SHA-256:ABECED49FBEDD2B9810565DAAE1A70F1509DD7E3DE166C8BF40AE8BC576A8722
SHA-512:7C37A79F439F9102E250B6D2EDFC93AA0E62046C58E9064158D39C80071B480962974DEA4EC9F360E84B0E0A31EF81D6D467DD7FE123CA6E89B244BD4572C068
Malicious:false
Reputation:unknown
Preview:.//alert.."ui_alert_savefile" =."Hiba, %@ nem menthet. el ezen a helyen. Ellen.rizze, hogy van-e .r.si jogosults.ga ezen a helyen.";.."ui_alert_openfile" =."Hiba, %@ nem nyithat. meg.";.."ui_alert_timed_shot_setting" =."Hiba, hib.s Id.z.tett f.nyk.pez.s be.ll.t.sa.";.."ui_alert_ok" =."Ok";.."ui_alert_cancel" =."T.rl.s";.."ui_alert_question" =. "Ellen.rz.s";.."ui_alert_recording" =."Hiba, nem r.gz.thet. ezen a helyen. Ellen.rizze, hogy van-e .r.si jogosults.ga ezen a helyen.";.."ui_alert_usingsetting" = ."Be.ll.t.si hiba t.rt.nt, ellen.rizze, hogy van-e .r.si jogosults.ga az alkalmaz.sok mapp.ban.";.."ui_alert_not_exist_resource_location" =."Hiba, %@ az elmentett el.r.si .t nem l.tezik.";.."ui_alert_no_camera" = ."F.nyk.pez.g.pet nem siker.lt felfedezni, csatolja a g.pet.";.."ui_alert_movie_maxinum_file" =."Hib.s a vide. m.ret be.ll.t.sa; a k.p nem f.r bele a m.retekbe.";.."ui_alert_exit_system" =."Val.ban ki akar l.pni?";.."

C:\Program Files (x86)\xploview\Resource\Italian.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text
Category:dropped
Size (bytes):5552
Entropy (8bit):4.806051658327295
Encrypted:false
SSDEEP:
MD5:7967D40B76BE03495B2A7C40F0E693A8
SHA1:61DE3EA0DF4F3BA9506A6975D0E76B46AEE55769
SHA-256:657A45041BF07E363FC0396E0E32D998C52C8DB9EC0B077975D1303E183FF284
SHA-512:0A6E8F83AEEB4749E20D80DC57FFEDF5B15287C82A8C8FE7A8F0549C77FE04A8A447124EBBB01082D01B53803622634CA591B6DBE3A3349243A72031CFCCD6A2
Malicious:false
Reputation:unknown
Preview:."ui_alert_savefile" =."Errore, %@ non si pu. salvare sulla ubicazione specifica. Per favore controllare se lei ha dei permessi per scrivere su questa ubicazione."; ."ui_alert_openfile" =."Errore, %@ non si pu. aprire.";."ui_alert_timed_shot_setting" =."Errore, impostazioni dello scatto temporizzato scorrette."; ."ui_alert_ok" =."Ok";."ui_alert_cancel" =."Cancellare";."ui_alert_question" =."domanda...";."ui_alert_recording" =."Errore, no si pu. registrare sulla ubicazione specifica. Per favore controllare se lei ha dei permessi per scrivere su questa ubicazione.";."ui_alert_usingsetting" = .". stato un errore nel momento d'applicare l'impostazioni, per favore controllare se lei ha dei permessi per scrivere nella cartella d'applicazione.";."ui_alert_not_exist_resource_location" =."Errore, percorso per conservazione delle risorse non esiste.";."ui_alert_no_camera" = ."Non si . trovata nessuna fotocamera, per favore connettere la sua fotocamera.";."ui_alert_movie_maxinum_file" =. "

C:\Program Files (x86)\xploview\Resource\Japanese.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text
Category:dropped
Size (bytes):5532
Entropy (8bit):5.731997541855084
Encrypted:false
SSDEEP:
MD5:AD2C72666F953FBAD41E3F603AA6A1B2
SHA1:05A5DC8664E5CD4410E4157E3ACA79BA36F60F17
SHA-256:1F5CA3057600B3826C59675E38A457575A271D95B6BAD92F762599E072ADA9F4
SHA-512:B2DD5AA168C296641F02B433A5E8A110B449181F14632BA4BF729DF1A1934C105636EC1224C0D1D42A4EF43290DC6D663402C57D9DDBC90F60A0BCED2637599C
Malicious:false
Reputation:unknown
Preview:."ui_alert_savefile" =.".... %@ ......................................";."ui_alert_openfile" =.".... %@ ......";."ui_alert_timed_shot_setting" =."......................";."ui_alert_ok" =."OK";."ui_alert_cancel" =.".....";."ui_alert_question" =."..";."ui_alert_recording" =.".... .....................................";."ui_alert_usingsetting" = ."..........................................";."ui_alert_not_exist_resource_location" =."...........%@......";."ui_alert_no_camera" = ."..............................";."ui_alert_movie_maxinum_file" =."...........

C:\Program Files (x86)\xploview\Resource\Korean.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):5544
Entropy (8bit):5.709715979339014
Encrypted:false
SSDEEP:
MD5:D907C26640A70446160583F716D42CD8
SHA1:68F070FDC3B30060E8D589106F911753AF6E790E
SHA-256:8445A4155F25207A8539C866E074E364439133168A9B40394CAD4FB4E320C2BA
SHA-512:F163AFA2D6B0368493F7810EC5CD18BB9699D032C43FA1C139C872286CB6C390D2861D7DB8C048654B893422C09AC1494F9EF78A0E602DE9922C923A4078D6E2
Malicious:false
Reputation:unknown
Preview:.//alert.."ui_alert_savefile" =.".., %@. ... ... ... . ... ... ... .. .. ... ... .......";.."ui_alert_openfile" =.".., %@. . . ...";.."ui_alert_timed_shot_setting" =.".., ... .. ... .... ...";.."ui_alert_ok" =."..";.."ui_alert_cancel" =."..";.."ui_alert_question" =. "..";.."ui_alert_recording" =.".., ... ... ... . ..... ... ... .. ... ... .. .....";.."ui_alert_usingsetting" = ."... .. . ... .., ...... ... .. ... ... .. .....";.."ui_alert_not_exist_resource_location" =.".., %@ . .. ... .... ...";.."ui_alert_no_camera" = .".... .... .., .... ........";.."ui_alert_movie_maxinum_file" =."... .. ... .... ..; .... .

C:\Program Files (x86)\xploview\Resource\Polish.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):5704
Entropy (8bit):5.130348730126565
Encrypted:false
SSDEEP:
MD5:1331C1BE11CC6781525CE5CC3CBAE3A2
SHA1:FCEC9D4FC109220B1D3DFDE1EA68DB2A34A46950
SHA-256:76C27EFF522709968865AA75FF39299FFE6DD0678C0718AD0DEF929E1FA3DE1A
SHA-512:A1E261BA1605217C281B667A42C3E305DDA7A0C2AB5C341CF65E856BAD079F0B291B54850AE6D6A9DCCACA5A6B9D48D529637740962111EC16A5B9EAF95B9A3C
Malicious:false
Reputation:unknown
Preview:.//alert.."ui_alert_savefile" =."B..d, %@ nie mo.e zosta. zapisany w okre.lonej lokalizacji. Sprawd., czy masz uprawnienia, aby pisa. w okre.lonej lokalizacji.";.."ui_alert_openfile" =."B..d, %@ nie mo.e zosta. otwarty.";.."ui_alert_timed_shot_setting" =."B..d, niepoprawne ustawienia Samowyzwalacza.";.."ui_alert_ok" =."Ok";.."ui_alert_cancel" =."Usu.";.."ui_alert_question" =. "Sprawdzi.";.."ui_alert_recording" =."B..d, nie mo.e zosta. nagrany(a) w okre.lonej lokalizacji. Sprawd., czy masz uprawnienia, aby pisa. w okre.lonej lokalizacji.";.."ui_alert_usingsetting" = ."Wyst.pi. b..d w ustawieniach, sprawd., czy masz uprawnienia, aby pisa. w folderze aplikacji.";.."ui_alert_not_exist_resource_location" =."B..d, %@ zapisana .cie.ka nie istnieje.";.."ui_alert_no_camera" = ."Nie wykryto aparatu, pod..cz aparat.";.."ui_alert_movie_maxinum_file" =."Niepoprawne ustawienie rozmiar.w video ; obraz nie mie.ci si. w ustawionych rozmiarach.";.."ui_alert_exit_

C:\Program Files (x86)\xploview\Resource\Slovak.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):5605
Entropy (8bit):5.134859449782536
Encrypted:false
SSDEEP:
MD5:10017EA296F4C023BCBE004558D2184A
SHA1:642181B2D532A7FBF1F9A5C5E249AFA39D768255
SHA-256:77394691827799435CFE3B5C7E7E33A415E8F501386DDF30426455200A4A620E
SHA-512:212E9289DF92A6DD4A2BC31BFD7C2642E20C37E3B28CB596D78361158CC6A35C115AB006F4527CFDCD73B60F91B1D6D66A46008590FD4B178684D04480B8C2EE
Malicious:false
Reputation:unknown
Preview:.//alert.."ui_alert_savefile" =."Chyba, %@ nie je mo.n. ulo.i. na tejto .pecifickej lokalite. Preverte si pros.m, .i m.te povolenie p.sa. na tejto lokalite.";.."ui_alert_openfile" =."Chyba, %@ nie je mo.n. otvori..";.."ui_alert_timed_shot_setting" =."Chyba, chybn. nastavenie Samosp..te.";.."ui_alert_ok" =."Ok";.."ui_alert_cancel" =."Odstr.ni.";.."ui_alert_question" =. "Preveri.";.."ui_alert_recording" =."Chyba, nie je mo.n. nahra. na tejto .pecifickej lokalite. Preverte si pros.m, .i m.te povolenie p.sa. na tejto lokalite.";.."ui_alert_usingsetting" = ."Do.lo k chybe nastaven., preverte si pros.m, .i m.te povolenie p.sa. v zlo.ke aplik.ci..";.."ui_alert_not_exist_resource_location" =."Chyba, %@ ulo.en. cesta neexistuje.";.."ui_alert_no_camera" = ."Nepodarilo sa n.js. apar.t, pripojte pros.m apar.t.";.."ui_alert_movie_maxinum_file" =."Chybn. nastavenie rozmerov videa; presahuje r.mec rozmeru.";.."ui_alert_exit_system" =."Naozaj chcete uko

C:\Program Files (x86)\xploview\Resource\Spanish.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text
Category:dropped
Size (bytes):5458
Entropy (8bit):4.84655414257769
Encrypted:false
SSDEEP:
MD5:86FADE0036DD9AE5A5970597ABF13338
SHA1:143DB072A1C631B742914BAED456D5D9DC721C52
SHA-256:7F1AEF43B7E1823B5966163E5EEC6C9924F46CDFC24D0ADFA4207807CD36EFB7
SHA-512:1E738C73547968CD3603A544F323980516476E29588153089066B44AC92A2FC773498ABB926EF0B8759A6CBD82E1FDFFACE8FADEA70367F931A1E61F8D0CAB8A
Malicious:false
Reputation:unknown
Preview:."ui_alert_savefile" =."Error, %@ no puede guardarse en la ubicaci.n espec.fica. Por favor compruebe si tiene permiso para escribir en dicha ubicaci.n.";."ui_alert_openfile" =."Error, %@ no puede abrirse.";."ui_alert_timed_shot_setting" =."Error, configuraci.n de disparo temporizado incorrecta.";."ui_alert_ok" =."Ok";."ui_alert_cancel" =."Cancelar";."ui_alert_question" =."pregunta...";."ui_alert_recording" =."Error, no se puede registrar/grabar en la ubicaci.n espec.fica. Por favor compruebe si tiene permiso de escritura en dicha ubicaci.n.";."ui_alert_usingsetting" = ."Ocurri. un error al aplicar la configuraci.n, por favor compruebe si tiene permiso de escritura en la carpeta de aplicaci.n.";."ui_alert_not_exist_resource_location" =."error, v.a de conservar recursos %@no existe.";."ui_alert_no_camera" = ."No se ha detectado ninguna c.mara, por favor conecte su c.mara.";."ui_alert_movie_maxinum_file" =. "en la pel.cula, el tama.o del documento m.s grande se configura

C:\Program Files (x86)\xploview\Resource\image\Exit.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):8677
Entropy (8bit):7.960531093099757
Encrypted:false
SSDEEP:
MD5:A6A2C00C50A92957E81D8E663F0CF520
SHA1:988BA72B2407F9069F9798528F348E1C4B371942
SHA-256:8892B88063A9668EE53227790EADBF9581D1CE4264B675455B6228C4C34C07F8
SHA-512:824767BEC28F890A82ABDEAB6703A0BF0CC702C261D94FB25CCB6324A54F90D850C62AE6E1F309B0986F7D13C53F8BC065A3F61DBF0473AC9AC41B12BE885950
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR...@...@......iq.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\xploview\Resource\image\FullScreen.PNG

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):12734
Entropy (8bit):7.9668872174324115
Encrypted:false
SSDEEP:
MD5:F7DDA616BCB362C3EC9EC14F764540A0
SHA1:EAE4CF17E2EB88C713ACD799CAF4C1F94C524C15
SHA-256:B8E7E36A272AE35A6656FA71DDA24AAFA9C1AE48B1354B5D31D36356E42231CC
SHA-512:12BEE88040F4BFD58D04752E784F0096BBE293E3C79AA5C25617AFB2B609B2882C08B4BF0021070AF680A15CA7FD990FC7AA8032827A7AAF1282EA1185F5539F
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR..............>a.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Program Files (x86)\xploview\Resource\image\Help.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):11246
Entropy (8bit):7.969890779383464
Encrypted:false
SSDEEP:
MD5:C12309C27484A8096E42E5CA9F7E3F25
SHA1:A029823A76C8C4F28BE3F004571220DFBCB6F15E
SHA-256:666EC410892D838DBEB90E0E437BAC9675DA92354BDBD09D2318EC8503F0A4BA
SHA-512:E1871DDD355897684D1AF553CC9AF6FB756F576EF528E7A8DD2F5440FA3E4190A00AA6963FC52B31FAA3869DB8367A2F3CF1CFD9525EC786CEB27082966EFE9F
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR...@...@......iq.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\xploview\Resource\image\RecordingMovie.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):8861
Entropy (8bit):7.9440377547714975
Encrypted:false
SSDEEP:
MD5:C7E172CC4C6499B336781ED3A3B3FD68
SHA1:9812E6671627075AE27909EDC3F31540D93F7936
SHA-256:E1041622FC72FF5F52CCDDBAFEBFAFDAFA2E37E4066028769B725560D0172CB0
SHA-512:3A3F539EA2E62D57EEAFB676D5D468A9EDFB421C5452A37AFA67439FE3EA535FB6BD4C9788783E3C8DD35F7BFA711012FFBA7B692356F2D03BDA440E647F429B
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR...@...@......iq.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\xploview\Resource\image\Setting.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):11040
Entropy (8bit):7.951117685980763
Encrypted:false
SSDEEP:
MD5:901B4319A98CEEB4F68D5F0D0E762CBD
SHA1:91F8E3C6583CED8DD9E61C3CDD1864A310141A77
SHA-256:81DECE63B9B6725AA5AFAB60D583256A8C9A845E874716BFB11119CBF56BEA3F
SHA-512:8836E5E606FDC425720877C110F693E9ACEED660B8C9A5A6119FD1D130E15CAFBA62AE5A3E7547E9841258D13585A0FED84E5A0A12EF2988EA32C4461F69C4C4
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR...@...@......iq.....pHYs.........B(.x...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\xploview\Resource\image\TakeAShot.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):11227
Entropy (8bit):7.969326810670539
Encrypted:false
SSDEEP:
MD5:63DFBDC3186BD6A5959543554F288B69
SHA1:7ABDCA2A5275AE8FA16A82A8907A58883D052CCC
SHA-256:42B448E53B6453941B511EA2EE55E34EEE9AD245EAE5FFD7C2E3C2B5B533BAEC
SHA-512:1AB3357814CCB2EF3B8059FB0C919A83536B015487403A8E7747C8254ACDEB45F92FD6813525C14E78A5026A53EF82CF397F12041365DD9EDACDE87D923F34F0
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR...@...@......iq.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\xploview\Resource\image\TimedShot.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):11062
Entropy (8bit):7.968063584309537
Encrypted:false
SSDEEP:
MD5:453466231AEBAF15BE6084570F57E3C0
SHA1:71DE6C15A908F1D6E6AC33776216883481EA5E55
SHA-256:35F8F91187FDC1778A0261A08A7F1F0A7B3787D69879612401CE27CB4474D8C5
SHA-512:74F6923BBE1AA008F59A3C60A7D42AF383F61E0FAB29129A369196E95FC6F16BB0FA3336C8D529468F94E853B143A437F00037CBC1DCA56A20A2A41A340ED5F6
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR...@...@......iq.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\xploview\Resource\image\log.bmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PC bitmap, Windows 3.x format, 378 x 301 x 24, image size 341936, resolution 2835 x 2835 px/m, cbSize 341990, bits offset 54
Category:dropped
Size (bytes):341990
Entropy (8bit):1.1525512442842658
Encrypted:false
SSDEEP:
MD5:7D835DF3478A06FD333019E9C68548F1
SHA1:B80151EE5DA81ECE403CE0DB66C341852DEF6FC8
SHA-256:60F74193BC8B0AF9F0C2156648A00797634A91246E34FCD637F27E736423EAA4
SHA-512:D59AA40259CFABE337428ADAC8ACCB471D81FCFE5D0D1DFF24E3C04D82B5CD8348558DB50C04CB8801C61895885CA8A872ABB53616C23F544C44053CE1CF78AC
Malicious:false
Reputation:unknown
Preview:BM.7......6...(...z...-............7....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\xploview\Resource\image\rotate\180.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 394 x 394, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):624210
Entropy (8bit):0.42509646216851343
Encrypted:false
SSDEEP:
MD5:8630AFD804AB6C3DB85C0D63B71A3695
SHA1:7ACB518B60752C637143759E78C6E93347BB854D
SHA-256:A2496C4963D4E5B530939225F24D4993CEF83C357B21390253A2A21AF616FD63
SHA-512:33D092F0DE0D21F24D95F54601A41E026D652296D086722FD9D9F599E8058ED7ABC6FE51BB848A221ED8464517BA501FB3D92506B8DC72774EDDC40AE50AFD02
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR..............~......pHYs..=...=....t...MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Program Files (x86)\xploview\Resource\image\rotate\horz.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 394 x 394, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):624210
Entropy (8bit):0.12798259454547953
Encrypted:false
SSDEEP:
MD5:10641905934801F4E1E87290B3FA05C8
SHA1:48091C6F341F9301EE5F86D1BB2748E2EBD494C3
SHA-256:A38F0079ED6231F90BC7B8EA5E7880E00A222E84C3427AA38373013277E76BE7
SHA-512:29383B553BDA9BBB2C397368E5D31AAF93C8005E75F6E83BE78CF871E36B8DCCCA7E4745B42FA9A7AF932F2EF637F8A81B7D8FABD24C210A265E460D1BDC4836
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR..............~......pHYs..=...=....t...MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Program Files (x86)\xploview\Resource\image\rotate\left90.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 394 x 394, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):624210
Entropy (8bit):0.2537352484576236
Encrypted:false
SSDEEP:
MD5:CCE1050A93CEC148EE135502A5BD64BC
SHA1:0C4EB06FA5BC31C048C54BAFF5510A343B7A98C6
SHA-256:82B26E65DF2D958A62FD1B0575DC86F41F49AF54EA205679C8EB154A3AB927B0
SHA-512:0C65AF1745BAB8E985B9B19CDC128F7B066988C6959E2E42D5674A2C3C132FF38E9EE7E9BDA749DA706FF544ED8194EE43B49DF1E03D4D254DB551BBEC97B341
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR..............~......pHYs..=...=....t...MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Program Files (x86)\xploview\Resource\image\rotate\right90.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 394 x 394, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):624210
Entropy (8bit):0.24432845054290184
Encrypted:false
SSDEEP:
MD5:C07DC709E2E5593A9E25A5953AB3DDF4
SHA1:D0B4404DDD9E26AF2E78A91D8057D3097EC823A2
SHA-256:7C8B6B67E8D8163AD7105AB102E28F08134D6545E0A2C4A7AEB657159CA7BCFF
SHA-512:794C726E9E5931754BF040AAF3B4BD38FD7DD46CCE008D6BDEDA8C1368414A7252F7642C28B7BEB3B71F45C4C64E3A714DACA696C70556A7AF64FBF227BC790C
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR..............~......pHYs..=...=....t...MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Program Files (x86)\xploview\Resource\image\rotate\rotate.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):3993
Entropy (8bit):7.902218863504093
Encrypted:false
SSDEEP:
MD5:A6E22196EF6CD8676B95E148E64D768F
SHA1:2A04ED79B15181C0BA09050956E1E01851521946
SHA-256:59E377EA8315BF5946EC5209780ACB036DF060A51FA962C4604412DD3B34433F
SHA-512:1532E3DDAD7DDC0951947F2D24FFD9F73D8849FC145F80E3D951141DC3C06B0C9068F0F4246DED25EDFB73237C9FDB5B5A5E0FDEC099647B541239D44792E0F8
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR...,...,.......Z.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Program Files (x86)\xploview\Resource\image\rotate\verz.png

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PNG image data, 394 x 394, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):624210
Entropy (8bit):0.1406335023442734
Encrypted:false
SSDEEP:
MD5:591DD0CF0C4402B78BDACAD4D4C0F322
SHA1:88BE51D7A3575D1EEB16195850F35D1118F72224
SHA-256:A9619ECFD6B0C6C39D0233E6E72C668B23BF738362CDBEE420C99AC0606B8DBC
SHA-512:120A8922C3D8A4453E280368654AF7F4728AD93E2FFBCC8F8163136A7C646260F27197AF09AD0550F59CF5F12B8187A82C8CE78F2BCFF3FDFE8063F587B1C606
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR..............~......pHYs..=...=....t...MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Program Files (x86)\xploview\Resource\zh_Hans.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text
Category:dropped
Size (bytes):4939
Entropy (8bit):5.836596674056357
Encrypted:false
SSDEEP:
MD5:D1BFC5F8FBB7F384F9B8B0981D6C0F11
SHA1:8D35B63EE86C7D63F068A80B5E7D4CE3E1F55C33
SHA-256:AFF1D683B51C18BA01E01340919E4ABFB001255F9B41B353EB55811BA637A239
SHA-512:8287DD82CBFBA45A46977C7913102C8A806CF2287AD841021CA799BA6B5EED3A0B43A0557B1747156389E8D8924F5EDFE23F7269C071FB56BE4796B978CF8AF1
Malicious:false
Reputation:unknown
Preview:."ui_alert_savefile" =. "...%@............................";."ui_alert_openfile" =. "....%@.";."ui_alert_timed_shot_setting" =."...........";."ui_alert_ok" =."..";."ui_alert_cancel" =. "..";."ui_alert_question" =. "..";."ui_alert_recording" =."........... ...................";."ui_alert_usingsetting" = .".............................";."ui_alert_not_exist_resource_location" =."......... %@....";."ui_alert_no_camera" . = ".................";."ui_alert_movie_maxinum_file" =.".................";."ui_alert_exit_system" =.".......?";."ui_alert_exit_system_doing_recording" =."..............";."ui_alert_exit_system_doing_timedshot" =."..

C:\Program Files (x86)\xploview\Resource\zh_Hant.lproj\Louserzable.strings

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text
Category:dropped
Size (bytes):4933
Entropy (8bit):5.8479631028590005
Encrypted:false
SSDEEP:
MD5:0123BC501FCAEC5733030B20B1792DD0
SHA1:2D071616C5A0D6F1E14BF651075973DBFEB3560E
SHA-256:2AF013000533F0E0F00D3FBE59237A62BA228E1571875A22D0DB024A22414114
SHA-512:117A30A2F6E7B9B4F3AA597E3663419FC325DB2C3385B067FABA080D8FE6AA2CD8B100FF4CA3B600D61D6122786AD000E5FC9891857D06FA2E40AFEACE697BA1
Malicious:false
Reputation:unknown
Preview:."ui_alert_savefile" =. "...%@.............................";."ui_alert_openfile" =. "....%@.";."ui_alert_timed_shot_setting" =."...........";."ui_alert_ok" =."..";."ui_alert_cancel" =. "..";."ui_alert_question" =. "..";."ui_alert_recording" =."........... ....................";."ui_alert_usingsetting" = ."..............................";."ui_alert_not_exist_resource_location" =."......... %@....";."ui_alert_no_camera" = ".................";."ui_alert_movie_maxinum_file" =."................";."ui_alert_exit_system" =.".......?";."ui_alert_exit_system_doing_recording" =."..............";."ui_alert_exit_system_doing_timedshot" =.

C:\Program Files (x86)\xploview\avcodec-55.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:dropped
Size (bytes):7795214
Entropy (8bit):6.644520135855707
Encrypted:false
SSDEEP:
MD5:F6966D8E3366EB735A5960EE84D46124
SHA1:FAF10B2C6BCEC41F5C78136249C0B4F7E8B07EE7
SHA-256:DA149875C843FBEC1AC5BFF0E0B49B635FFA0E21A7283709987DBB8A9D58AA02
SHA-512:642A5194A50C9E9369AF447A2D37F6B1BE3306B9F5E6A708E0481FD20A82B1DCF1441819C46D6217B8F87DEAA7F9B97FCE247FFD9B322DE1DAE7CFE1BE06CEDB
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{R..v........#.....TV...v...].`........pV...,l......................... ......`.w...@... ......................@...!...p...................................l...................................................t...............................text...DRV......TV.................`.P`.data....$...pV..&...XV.............@.`..rdata.......W......~W.............@.`@.rodata......`o.. ...>o.............@.`@/4......H.....o......^o.............@.0@.bss....4.]..pu.......................`..edata...!...@..."...@u.............@.0@.idata.......p.......bu.............@.0..CRT..................u.............@.0..tls.... .............u.............@.0..reloc...l.......n....u.............@.0B........................................................................................................................................................................................

C:\Program Files (x86)\xploview\avformat-55.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:dropped
Size (bytes):1653774
Entropy (8bit):6.247716147338313
Encrypted:false
SSDEEP:
MD5:5B7B1CA6B8ED4F91A371A189983D790D
SHA1:561B3E6FB1B1890B04E09EF73CA01C89374173F4
SHA-256:C28D5215DB67B7A7710E891BFF9FFE711F8AA8A5564B45BF9A0DDBE192BC22CC
SHA-512:6369335C44E072D954A7B2F734AE1F9927CDD0D86DC6DC002C46F24DE7D7C04FC39E37BB8F5BBF0AEB7AC554B1FF7A8F6BE8F92F3F5BE72D2A29DA5A9E685CD3
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 2%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{R.<.........#.........8......`.............da.................................W....@... .........................X........+...........................0..(p........................... ......................L................................text...............................`.P`.data... ...........................@.`..rdata..t).......*...`..............@.`@/4......`...........................@.0@.bss....t.............................`..edata..X...........................@.0@.idata...+.......,..................@.0..CRT................................@.0..tls.... .... ......................@.0..reloc..(p...0...r..................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\xploview\avutil-52.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:dropped
Size (bytes):329742
Entropy (8bit):6.587161485304755
Encrypted:false
SSDEEP:
MD5:B31316C26817DD19CF5803E4E8A9865C
SHA1:A981D940C9E7E541AF96BD577E56211F4A8ED035
SHA-256:9BA54E3A9741EAA99BBABE6B542B7705951B0A60FA18D8F124EE2A8A667435CB
SHA-512:5B03A8906C5EE4530356942DCF7F41B77650241CFC67ECCBAF87A7E0ED1FF859DF47CE2F0BBEEF55B76BC46B901D44F0F5A51B87C274938A50BA7D4AD8D8C3A2
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{R...........#................`..............f.........................p.......A....@... .........................{-... ...............................P...............................@...................... "...............................text..............................`.P`.data...............................@.`..rdata..............................@.`@/4.......q...`...r...B..............@.0@.bss..................................`..edata..{-..........................@.0@.idata....... ......................@.0..CRT.........0......................@.0..tls.... ....@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\xploview\libgcc_s_dw2-1.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:dropped
Size (bytes):112142
Entropy (8bit):6.297752217685046
Encrypted:false
SSDEEP:
MD5:E2AC23418781F632311513944EDD0A4C
SHA1:EBAA4B8424ED90B4ADE2B93CE2386F1DC52C90E8
SHA-256:B4CC93CF4D7C2906C1929C079CD98EF00C7A33832E132AC57ADDE71857082E36
SHA-512:4D87EF2E95E344D82BBD02DB028C43923C1AB9689CB85929D2975EAF8FBADE5F0D09BA473DC78689C2B6E2345ADB0F5DFE5FB8C8983842B86A5A9C4E583F1CEE
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....IPR...........#.....P..........`........`.....n......................... ......oV........ ........................._.......<....................................................................................................................text...(N.......P..................`.P`.data...$....`.......T..............@.0..rdata.......p.......V..............@.`@/4.......-...........j..............@.0@.bss..................................0..edata.._...........................@.0@.idata..<...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\xploview\libiconv-2.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:dropped
Size (bytes):978432
Entropy (8bit):7.389576051888232
Encrypted:false
SSDEEP:
MD5:FD1DC6C680299A2ED1EEDCC3EABDA601
SHA1:E702404882B03014ABEB2ADEAD38A9E87AD90046
SHA-256:CB016E794D3311C71F21D87803E10A0E1133995F62A485EB37B321CD9B9E1087
SHA-512:2AED2D9F2D086A52A25F320DF3F2BDA144C6ADDE7D7F3BB8974EBCDEE7D65130246B357A54E383DAA88C22578193009EF0AC1F627C7094C413DC157ADCBC3DF9
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S.mA..........."...8...........................h.........................@................ .........................l............ .......................0.......................................................................................text...............................`..`.data...@...........................@....bss.....................................edata..l................................idata..............................@....rsrc........ ......................@....reloc.......0..................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\xploview\profile.dat

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):4006
Entropy (8bit):3.475675677730268
Encrypted:false
SSDEEP:
MD5:F5D4416A8EB490825A415617F70A6430
SHA1:BA4C3C10C140567AFF10C0D8DEF6006295550A18
SHA-256:1FEA6810206ADAECA93205151E0296902A2ECE48D6EC53F274E5E2FC63FCBBEE
SHA-512:07D4ADFCC794D1C6BBBB5721691C1DFD2326B0F13BDABB3A0A297D9945FD753D05B164C4788A3D28152E8457F365D541BC1B2127D7AE8920F1C1053EEFAB1EBA
Malicious:false
Reputation:unknown
Preview:..[.l.a.n.g.u.a.g.e.s.].....c.o.u.n.t.=.1.3.........[.l.a.n.g.u.a.g.e.s.\.l.a.n.g.u.a.g.e.0.].....i.n.d.e.n.t.i.f.i.e.r.=.E.n.g.l.i.s.h.....l.a.n.g.i.d.=.1.0.3.3.....s.h.o.w.n.a.m.e.=.E.n.g.l.i.s.h.........[.l.a.n.g.u.a.g.e.s.\.l.a.n.g.u.a.g.e.1.].....i.n.d.e.n.t.i.f.i.e.r.=.F.r.e.n.c.h.....l.a.n.g.i.d.=.1.0.3.6.....s.h.o.w.n.a.m.e.=.F.r.a.n...a.i.s.........[.l.a.n.g.u.a.g.e.s.\.l.a.n.g.u.a.g.e.1.0.].....i.n.d.e.n.t.i.f.i.e.r.=.H.u.n.g.a.r.i.a.n.....l.a.n.g.i.d.=.1.0.3.8.....s.h.o.w.n.a.m.e.=.M.a.g.y.a.r.........[.l.a.n.g.u.a.g.e.s.\.l.a.n.g.u.a.g.e.1.1.].....i.n.d.e.n.t.i.f.i.e.r.=.P.o.l.i.s.h.....l.a.n.g.i.d.=.1.0.4.5.....s.h.o.w.n.a.m.e.=.P.o.l.s.k.i.........[.l.a.n.g.u.a.g.e.s.\.l.a.n.g.u.a.g.e.1.2.].....i.n.d.e.n.t.i.f.i.e.r.=.S.l.o.v.a.k.....l.a.n.g.i.d.=.1.0.5.1.....s.h.o.w.n.a.m.e.=.S.l.o.v.e.n.s.k...........[.l.a.n.g.u.a.g.e.s.\.l.a.n.g.u.a.g.e.2.].....i.n.d.e.n.t.i.f.i.e.r.=.S.p.a.n.i.s.h.....l.a.n.g.i.d.=.3.0.8.2.....s.h.o.w.n.a.m.e.=.E.s.p.a...o.l.........[.l.a.n.g.u.a.g.e.

C:\Program Files (x86)\xploview\swscale-2.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:dropped
Size (bytes):395790
Entropy (8bit):6.599099868229562
Encrypted:false
SSDEEP:
MD5:C3A36BEED2F4A32B95F444F1EFE70219
SHA1:D51908B417F8143ACB36A0E3B69027F92B666CA5
SHA-256:2674B2CE07FDD6204B56C44F392B318FC5F0F43426610F73103CAD3635257A20
SHA-512:0B7C6F5E5317D7042A6E51D28A1757BF790A10C27C930E8205993BAC8DA0E3D1E10BA060D921881C669974094456C9C1FA9896946777C7D3AE15E827C3BF37D5
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{R...........#.....,..........`........@.....j.................................g....@... ........................."....................................... ...................................................0................................text....+.......,..................`.P`.data........@.......0..............@.0..rdata...,...P.......2..............@.`@.rodata.@............`..............@.P@/4.......}.......~...b..............@.0@.bss..................................`..edata.."...........................@.0@.idata..............................@.0..CRT................................@.0..tls.... ...........................@.0..reloc.. ...........................@.0B........................................................................................................................................................................................

C:\Program Files (x86)\xploview\xploview.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):3024896
Entropy (8bit):6.3978773904781745
Encrypted:false
SSDEEP:
MD5:04486E6AD3ED10A8230D26431265A6B8
SHA1:6DA6CC00F1E79EC353D5689C10229E38C8820DD0
SHA-256:D6A9DAD004B79AC1E2CD19366CE7140C104DBC1BFE69495B6D60C679A2A37E83
SHA-512:A4E61B789975A6BF67DB3D3A94495CCE4DDC2E1E3E8CCD58F6E60D6FB02CA906F7C8D6DEFA5C310CA70A3EAB093B66B080625C7947B49320D8C0D1619BE9F24D
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........u.CY.`.Y.`.Y.`...@.`.....`...{.`..Me.[.`.Pl..[.`.bJc.C.`.bJd.~.`.bJe...`.Y.`.h.`.Y.a.3.`.Pl..p.`.Pl..I.`..Ji.~.`..J..X.`.Y...X.`..Jb.X.`.RichY.`.........................PE..L......].............................|............@.......................................@.................................h.".......%.......................,..?.... .p...................L. ....... .@...............t............................text...x........................... ..`.rdata...z.......|..................@..@.data........ #..z....#.............@....gfids.......$.......#.............@..@.giats........%......@%.............@..@.tls..........%......B%.............@....rsrc.........%......D%.............@..@.reloc...?....,..@....+.............@..B................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xploview.lnk

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 30 08:57:14 2019, mtime=Wed Mar 13 17:06:47 2024, atime=Wed Oct 30 08:57:14 2019, length=3024896, window=hide
Category:dropped
Size (bytes):1018
Entropy (8bit):4.594356817032982
Encrypted:false
SSDEEP:
MD5:015F326857077E0479D1F7B7AD61C004
SHA1:C9837E7382102C61942DE119623365780D220FF1
SHA-256:8133DF5E26913F13703C8B9BB2E6405B6ACE0E73A36A22188D578F4939A92B4F
SHA-512:1A897AEB6034E05AA66654F393CA5D5941D654B440AE6975738B1935C806FC6910AC0695BB247BE52B05ADD70F8517581489F3D5562C7B6C8257D2281FF556DB
Malicious:false
Reputation:unknown
Preview:L..................F.... ....9.g......6qu...9.g.....(...........................P.O. .:i.....+00.../C:\.....................1.....mX...PROGRA~2.........O.ImX.....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....Z.1.....mX...xploview..B......mX.mX......\......................a.x.p.l.o.v.i.e.w.....f.2..(..^O'O .xploview.exe..J......^O'OmX......\........................x.p.l.o.v.i.e.w...e.x.e.......[...............-.......Z............q.......C:\Program Files (x86)\xploview\xploview.exe..8.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.x.p.l.o.v.i.e.w.\.x.p.l.o.v.i.e.w...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.x.p.l.o.v.i.e.w.\.........*................@Z|...K.J.........`.......X.......301389...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.........A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM..

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xploview\Uninstall.lnk

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Dec 7 08:10:02 2019, mtime=Wed Mar 13 17:06:45 2024, atime=Sat Dec 7 08:10:02 2019, length=59904, window=hide
Category:dropped
Size (bytes):1889
Entropy (8bit):3.6224674960630567
Encrypted:false
SSDEEP:
MD5:F39019145D3056DB539BAC53F317FAF8
SHA1:F9270CF3CA1B2A3F202E30F2511CF10D4DAA120A
SHA-256:F668F08C1F1088883290359805F510C48979670A96B84B414F56DA4A26F4DC48
SHA-512:15E390D5D791080219C42314CCE56645C4706686481DABB272933F9C658BAD9FC011F11D0382E54CF0D5FE622E6A71CD0B7F19CCC51CD9882EE9B74D6E5FCF02
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...25......W.5qu..25.............................A....P.O. .:i.....+00.../C:\...................V.1.....mX...Windows.@......OwHmX.....3.......................I.W.i.n.d.o.w.s.....Z.1.....mX...SysWOW64..B......O.ImX.....Y.........................S.y.s.W.O.W.6.4.....b.2......OBI .msiexec.exe.H......OBImX...............................m.s.i.e.x.e.c...e.x.e.......N...............-.......M............q.......C:\Windows\SysWOW64\msiexec.exe........\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.m.s.i.e.x.e.c...e.x.e.)./.x. .{.1.4.1.1.0.D.9.2.-.6.3.2.D.-.4.C.9.A.-.A.8.4.9.-.9.8.5.4.2.B.A.E.0.B.D.A.}.S.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.1.4.1.1.0.D.9.2.-.6.3.2.D.-.4.C.9.A.-.A.8.4.9.-.9.8.5.4.2.B.A.E.0.B.D.A.}.\.S.y.s.t.e.m.F.o.l.d.e.r.m.s.i.e.x.e.c...e.x.e.........%SystemRoot%\Installer\{14110D92-632D-4C9A-A849-98542BAE0BDA}\SystemFoldermsiexec.exe....................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xploview\xploview.lnk

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 30 08:57:14 2019, mtime=Wed Mar 13 17:06:46 2024, atime=Wed Oct 30 08:57:14 2019, length=3024896, window=hide
Category:dropped
Size (bytes):1024
Entropy (8bit):4.592352693395382
Encrypted:false
SSDEEP:
MD5:0825D4C0604CD6EEA17E0909E2959205
SHA1:D540704EBC269DC41E7F6F21A0D47AF5439E8E5D
SHA-256:7A52FE782586B0D739D533649CB16128E247DE4C78852ED9AC04D2C72F44F4A0
SHA-512:2C93EB86B19C536A0AE743B6C840D0D299271B1A3D94A18D2D97BF92B597B51E8D160F0A5F58B522D35F9C566D66EB7E29BA7B85F6169DC3439771D7E7443BF2
Malicious:false
Reputation:unknown
Preview:L..................F.... ....9.g......_6qu...9.g.....(...........................P.O. .:i.....+00.../C:\.....................1.....mX...PROGRA~2.........O.ImX.....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....Z.1.....mX...xploview..B......mX.mX......\....................hte.x.p.l.o.v.i.e.w.....f.2..(..^O'O .xploview.exe..J......^O'OmX......\........................x.p.l.o.v.i.e.w...e.x.e.......[...............-.......Z............q.......C:\Program Files (x86)\xploview\xploview.exe..;.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.x.p.l.o.v.i.e.w.\.x.p.l.o.v.i.e.w...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.x.p.l.o.v.i.e.w.\.........*................@Z|...K.J.........`.......X.......301389...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.........A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8.........9...1SPS..mD..pH.H@..=x.....h....H.....K.

C:\Users\Public\Desktop\xploview.lnk

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 30 08:57:14 2019, mtime=Wed Mar 13 17:06:47 2024, atime=Wed Oct 30 08:57:14 2019, length=3024896, window=hide
Category:dropped
Size (bytes):1006
Entropy (8bit):4.608481485378153
Encrypted:false
SSDEEP:
MD5:5CBB0878F271B1E11B665E99026DE2CB
SHA1:C0C1A220A43AA76671B98372C9C09EA5D19252C3
SHA-256:C245FBFDF80B23A49C18DCCF23953FD1FC16575871863F7A030F2FAD62D9EA9B
SHA-512:9C4DD190C59B802E89C49D39DDCA287CCFA349309CAFE556892DE8B3F1FDFE20272D023937B62607AE91DF14B24F8B82D0BF5D508C7DB8466398F2DBE1840666
Malicious:false
Reputation:unknown
Preview:L..................F.... ....9.g....8..6qu...9.g.....(...........................P.O. .:i.....+00.../C:\.....................1.....mX...PROGRA~2.........O.ImX.....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....Z.1.....mX...xploview..B......mX.mX......\......................a.x.p.l.o.v.i.e.w.....f.2..(..^O'O .xploview.exe..J......^O'OmX......\........................x.p.l.o.v.i.e.w...e.x.e.......[...............-.......Z............q.......C:\Program Files (x86)\xploview\xploview.exe..2.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.x.p.l.o.v.i.e.w.\.x.p.l.o.v.i.e.w...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.x.p.l.o.v.i.e.w.\.........*................@Z|...K.J.........`.......X.......301389...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.........A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?..........

C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\2057.dll

Download File
Process:C:\Users\user\Desktop\xploview v3.3.31.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):55296
Entropy (8bit):5.109921060702604
Encrypted:false
SSDEEP:
MD5:E44EC8298EADE7462918E5122F8781A1
SHA1:E29EA9A99204471E8437C202A564669330F146BF
SHA-256:F3A1B7CB94D2EB01AD75119A81168CB7AA8603E547FF089B0E6C18C4CDD95566
SHA-512:DA8F60C632E0F2936B48E37A0CCF325A7EC72B014C8C69FC9B78481B7E73C5305C57813CD82BFB21180C5A86F3A9D5EC069CB31F5ED9B9E2719AF807AB278E6E
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 5%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q....{...{...{...p..{...l..{..Rich.{..........................PE..L......Q...........!......................................................................@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\disk1.cab

Download File
Process:C:\Users\user\Desktop\xploview v3.3.31.exe
File Type:Microsoft Cabinet archive data, many, 7248670 bytes, 38 files, at 0x2c +A "xploview.exe" +A "xvid.ax_1", ID 1234, number 1, 579 datablocks, 0x1 compression
Category:dropped
Size (bytes):7248670
Entropy (8bit):7.998244924297387
Encrypted:true
SSDEEP:
MD5:BEEB1B125D87AAFB0B0AAA8EB735B75F
SHA1:769BF4843CE89157C4422C43A4CA3301E82AF653
SHA-256:94EB9BC84F8961BFB86324050C671A970907BCD154CA3BE369092C8DFD10FE20
SHA-512:FE374E04A5B0A3A90DC1AB2FA583E2E808643F369E1A9AEF1B48DC5EEAD2658E260DFDF1F96DD166E95BFE340A3A724FB1DC75AD5F96F570FF5A7CB9ED926A7C
Malicious:false
Reputation:unknown
Preview:MSCF......n.....,...........&...........C....(........^O'W .xploview.exe..V...(....jCG. .xvid.ax_1......~0...jCG. .xvidcore.dll_1......X:...jCG. .xvidvfw.dll_1.......>...7E-. .Louserzable.strings.H.....>....E. .Louserzable.strings_1.:...Q/>....E. .Louserzable.strings_2..!...E>...jCG. .Exit.png..1..pg>...jCG. .FullScreen.PNG..+....>...jCG. .Help.png..7....>...VO$. .log.bmp.."....C...jCG. .RecordingMovie.png. +....D...jCG. .Setting.png..+...JD...jCG. .TakeAShot.png.6+...vD...jCG. .TimedShot.png......D....E. .Louserzable.strings_3.......D....E. .Louserzable.strings_4.R.....D....Eo. .Louserzable.strings_5.K...n.D....E. .Louserzable.strings_6.E.....D....Ez. .Louserzable.strings_7.R.....E....E.. .png.R...P.N....E.. .horz.png.R.....X....E.. .left90.png.R.....a....E.. .right90.png.....F"k...pC.[ .rotate.png.R....1k....E%. .verz.png.....1.t.../I(. .Louserzable.strings_8.......t.../I.. .Louserzable.strings_9.......t.../IU. .Louserzable.strings_11.H.....t.../I.. .Louserzable.strings_12.....

C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\holder0.aiph

Download File
Process:C:\Users\user\Desktop\xploview v3.3.31.exe
File Type:data
Category:dropped
Size (bytes):7248670
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:A83EE30F7EDBF87BCD8ADC591411A3F2
SHA1:51B6E9D980BB9F36B1F9EF582148D0AAEA8FBC0E
SHA-256:42F646080A04A95DAE11D034B8294E514474FCEBA367CC178E9BB6095FF780E6
SHA-512:8AF875B7206C72634EE16E22D4126EB7A903B76B1306CEB5277CB4524A31FF03C6D450607748C458C7CBF51BEEB38D2333578780825F116DDFB33F15B68D0A7D
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\xploview\xploview 3.3.31\install\xploview.msi

Download File
Process:C:\Users\user\Desktop\xploview v3.3.31.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: xploview, Author: xploview, Keywords: Installer, MSI, Database, Comments: Cette base de donnes d'installation contient le code et les donnes ncessaires l'installation de xploview., Create Time/Date: Fri Dec 11 11:47:46 2009, Name of Creating Application: Advanced Installer 10.3 build 51779, Security: 0, Template: ;1033, Last Saved By: ;1036, Revision Number: {E6DF6D85-6778-4DF2-8DF1-EC824E2CF20A}3.3.31;{0BE0A0C9-9B1C-46B9-A32A-422A093FCECF}3.3.31;{7C1E419B-F709-4E2E-BC1E-8C3A45F89897}, Number of Pages: 200, Number of Characters: 63
Category:dropped
Size (bytes):1670656
Entropy (8bit):6.371526707139742
Encrypted:false
SSDEEP:
MD5:6F33CAAD70B64FAC1BD1E8E8A0BF989A
SHA1:6E50F8EC739D760403DDC10B00909621BDCC4705
SHA-256:81014E48DD7F3A1ABBC7A319815926290FA236EB91CD0634CD2085ED365BDE91
SHA-512:5035E7F5A8F65391AA8CBD658C11753576D5542E329AF0BAA81C86E8420D64F26FC82874EF99AF8DF934C05D3F60B4C7CE3052563D3BC82F231FFC697E2AFFE2
Malicious:false
Reputation:unknown
Preview:......................>.......................................................r...s...t...u...v...w...........v...w...x...y...z.......f...............x...y...........[...................................................................................................................................................................................................................................................................................................................................................................P...............C...'........................................................................................... ...!..."...#...$...%...&...2...8...)...*...+...,...-......./...0...1.......3...4...5...6...7...;...9...:...?...<...=...>...D...@...A...B...F...N...E...H...G...L...I...J...K...O...M...Q...q...R......._...S...T...U...V...W...X...Y...Z...[...\...]...^...p...`...i...b...c...d...e...f...g...h...i...j...k...l...m...n...o.......h...k...........................y...z...

C:\Windows\Installer\MSIE7B6.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):79360
Entropy (8bit):6.126402073639983
Encrypted:false
SSDEEP:
MD5:317D2DFC6244A981EF100B8312F579A9
SHA1:E35DC1A7316C8BCBA4CEA481DAF27B36EA3CC383
SHA-256:DC3516C65036E305964105E11F6865E1D5A3B171D8D2F765FDE18C8F36BF727C
SHA-512:D2E4182C88AEBFC98B653EDB902C74BEAC38694B7CB9FAD13F78A814FFE2F8BABD7C5244F59B865A2116DEC8D58466A367199AD99F1BBC836210FA63F3D59C96
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x.y.+.y.+.y.+.u.+.y.+.q.+.y.+.Z.+.y.+Eq.+.y.+.y.+py.+Hn.+.y.+Hn.+.y.+Hn.+.y.+Rich.y.+................PE..L......Q...........!.........r......f........................................P......t.....@......................... '..E.......x............................@..0....................................................................................text...%........................... ..`.rdata...^.......`..................@..@.data........0.......$..............@....reloc.......@.......(..............@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIE8E1.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):679708
Entropy (8bit):5.775445925547484
Encrypted:false
SSDEEP:
MD5:01EAE42FAC5A3DA96B40BF137F7A4FF3
SHA1:739CEE4DF7A25159545B6376EEB3DC1C13FA1AF2
SHA-256:69799177ABF8CDD09F987E5C02095158353765B30BC2587D762F69F4697A3137
SHA-512:7431D33B2D43B8DCEA76E9F00075E8D7E1924784D3AB1CFB815A4DABFE0C57B07FE41EA21C550F7FC3BB4F1B4A7ACD379872FC7BDF1FD15133FD6CF128DAB03B
Malicious:false
Reputation:unknown
Preview:...@IXOS.@.....@.mX.@.....@.....@.....@.....@.....@......&.{14110D92-632D-4C9A-A849-98542BAE0BDA}..xploview..xploview.msi.@.....@.....@.....@......xploview.exe..&.{BE8DDB59-D912-40B1-A611-AB1DCF8F99F2}.....@.....@.....@.....@.......@.....@.....@.......@......xploview......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@$....@.....@.]....&.{1B75D046-319F-482B-8D3B-309F6CC7B0D1}M.02:\SYSTEM\CurrentControlSet\Control\MediaResources\icm\vidc.XVID\Description.@.......@.....@.....@......&.{1A1320FB-00A5-48E6-8CEC-49108623BBC4}>.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xploview\.@.......@.....@.....@......&.{12DEE231-33BD-49F3-A8CF-A85D529F8F4C}J.C:\Program Files (x86)\xploview\Resource\zh_Hant.lproj\Louserzable.strings.@.......@.....@.....@......&.{BE505CFC-20B5-4F48-B714-8EE38CE14DA4},.C:\Program Files (x86)\xploview\xploview.exe.@.......@.....@.....@......&.{362F759C-D7

C:\Windows\Installer\MSIE9CD.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):279040
Entropy (8bit):6.1880880265533795
Encrypted:false
SSDEEP:
MD5:E55EB9B476813090DCA22E3060CF07FE
SHA1:1B2F0BA3AAEE20705DE1609471012BF74FA7F77E
SHA-256:282AF92D86475416194CEBE4CEB1195FBF11627A55922FF4CBEED8EC08EE3CD8
SHA-512:D379C94BCF2F5B66EDD66DEE6C2DE589FA9C4227990073D2C4C34BF9478440D78D30FF2D49F0214A853D80BD1E7BB1C8CB62ED249EAD00DD8DD2143ECFA19423
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?o..?o..?o..(`..?o..(...?o..(0.*?o..3...?o..70..?o.t.v..?o..72..?o..7...?o..72..?o..?n..>o..(...?o..(3..?o..(5..?o.Rich.?o.................PE..L...T..Q...........!.........`.......?....................................................@.............................;.......................................,+...................................c..@...............d.......@....................text............................... ..`.rdata.............................@..@.data....0..........................@....reloc...q.......r..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{14110D92-632D-4C9A-A849-98542BAE0BDA}

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.1753237063139834
Encrypted:false
SSDEEP:
MD5:0678E70CFC1B5ADAFCE2225E701E3B99
SHA1:6AC4C32D184396C6AAC7DED0B886BBDF2CB705A3
SHA-256:0EBC367F42588E744668FDEE11DC8582579D5030A4012FC0BDC66DD88D18D31A
SHA-512:3370FE4D505605880C461E5312039562978A2CAC61310383D4998824920F4A9844EF2C5E6121B29CBB2DE77F53D92BDA85DBE8A18A9FEB6E0BB7E8BE8D7EEC69
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\{14110D92-632D-4C9A-A849-98542BAE0BDA}\SystemFoldermsiexec.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows icon resource - 8 icons, 32x32, 16 colors, 4 bits/pixel, 24x24, 16 colors, 4 bits/pixel
Category:dropped
Size (bytes):14534
Entropy (8bit):5.08612958031438
Encrypted:false
SSDEEP:
MD5:C2649AD15118FD46780D6FCBC38447D0
SHA1:F32EFACB590F5028A9F5DA7236CC74086A3C87EC
SHA-256:F0F4D5BF1DE9D2463031520AFF51FEB1E7D432ECEA447534A91CBBD79832AC89
SHA-512:322EA628ED541713457248341B2CD0A95B6DD3661C9E1E4A22285368872A1B2A89808E272E2A6195B34FD47BD02C33AA893D0C324FBE35E4D65C5E5F401A81AE
Malicious:false
Reputation:unknown
Preview:...... ..........................n... ..........V...........................h....... .... ............... ......*........ .h...^4..(... ...@.....................................................................................................................................................................................................................................ww.w............fg.fh...........fg.fg..........x.x.............f....v..........fx...fo.........fo...f..........w....f...........................w..w............wx.w.....................................................................................................................................................................................................................................?...?...?...?...?...?...?...?...?...?...?...?...............................................................?....(.......0........... .....................................................................................................

C:\Windows\Installer\{14110D92-632D-4C9A-A849-98542BAE0BDA}\xploview.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
Category:dropped
Size (bytes):370070
Entropy (8bit):5.04639427803764
Encrypted:false
SSDEEP:
MD5:18C7F991A0F75E7C8884624E4D6A22EA
SHA1:249DA782294F145AC3529A39651D5C7DCD777567
SHA-256:B3D23E17CEA25538BABDA03049EC53B930676C70DD64B71A74975011DCB5B3AE
SHA-512:14CC5333034450CDCFADA876311E19A79C90C3FD35F1C9D3D1A1F016DBDE0EC58093FA6C27173B4CBC034C24D7452D1613798B2C0C2BD1A58896B7B1BAF57A24
Malicious:false
Reputation:unknown
Preview:............ .( ..f......... .(.... ..@@.... .(B...(..00.... ..%...j.. .... ............... .h.......(............. ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):454234
Entropy (8bit):5.3561647006468975
Encrypted:false
SSDEEP:
MD5:A2EA985B626CF1CE326228F70A81F654
SHA1:4FEBDE54CDE8C127BD7D3B0D44FDA0CF3C7B3944
SHA-256:20091C163FB3BD5D964A639FB9702580282311074C2005251DF5A7CE9C040E02
SHA-512:C4D7560333EA0662602565744170DDE70E94C612B400729F99F250D803A63D6F8F6FE63BBAE770003ABF83E3038CDD4C4E64C8172F845D59137CCBF4E745DCED
Malicious:false
Reputation:unknown
Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\SysWOW64\xvid.ax

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):153088
Entropy (8bit):6.248451298877227
Encrypted:false
SSDEEP:
MD5:5E8CD1804C1A035311F5DA9C1048F024
SHA1:3F14D1E78B537CD8E5ABCCBFDD5A12E554877BE6
SHA-256:D23BD3E5CC1D5C5866371A9FCF4C6F37F7CDAD28F32F05C89F823F4CE57C956B
SHA-512:6A54A045344541EE5B2BCDF12FE061185A19634670DEC0A22025E7C3459FBF62CD8BD2478C1F602A1A92B323E6BE61C8095650367C53C387398B608018B7A26D
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......CX..9...9...9.. ....9.. ....9...9..9...A9..9...A(.=9...A/.h9...A>..9...A8..9...A=..9..Rich.9..........................PE..L...G..M...........!.....v..........LU...............................................p......................................t........0...@..............................................................@............................................text...:t.......v.................. ..`.rdata..8T.......V...z..............@..@.data....3..........................@....rsrc....@...0...B..................@..@.reloc..\*.......,...*..............@..B................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\xvidcore.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):645632
Entropy (8bit):6.4496553463549455
Encrypted:false
SSDEEP:
MD5:E3833540C755C06EC18D414047448B14
SHA1:EA3E89DF5E8E993BFB083DDFA863C6BDB77547AA
SHA-256:61035C844DFCF54007DFA34FF0878AAC64E4738CF80C65DFA906AB4128BCB284
SHA-512:EB4E88EE4BBFF75F890029A2CBF3BED95618FDDF38E237A59FFFC1B37745266E2E216829E120298616D355B48FD6BFBAFCEDFFF9CF4D0E0696FE313CB53E5DEA
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................m......|........................j.E....{......x....Rich...........................PE..L......M...........!................'........@.......................................c..............................p...`.......(....`.......................p..T<..................................@...@............@..,............................text............................... ..`.rodata..2.......4.................. ..`.rotext......0...................... ..`.rdata......@....... ..............@..@.data....[..........................@....rsrc........`......................@..@.reloc...J...p...L..................@..B........................................................................................................................................................................................................................................

C:\Windows\SysWOW64\xvidvfw.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):240640
Entropy (8bit):6.047542800841335
Encrypted:false
SSDEEP:
MD5:348AC3C5B87056E24C9E0039332BFB66
SHA1:12A3C2D91F43C040DE61D011FAC42A3F986BEC6F
SHA-256:0C12F48296D008E8256D7A74A73827F083F33C4A339EFDB962D7E21BDF65D9CB
SHA-512:9543AC8586739891B9932D1D325EE6774685705665C86F5CB2531C64B9B3C02D1C48F7AB9F8FBD613F9176CB7854E9739990DCCEF77C129390C2FD59A295F7B2
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..L#...#...#...*.......*...6....;..2...#.......*...U...*..."...*..."...*..."...Rich#...................PE..L.....M...........!.....f...B.......................................................C..................................]...$...........<..............................................................@...............P............................text...$e.......f.................. ..`.rdata..=B.......D...j..............@..@.data....=..........................@....rsrc...<...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF8F4D45E7DE4FAB82.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.07975375586365396
Encrypted:false
SSDEEP:
MD5:98848A9BB59F20873F2B0B3A6E6FA463
SHA1:C6836C0CD6B63D2CBECDF4D77BFA34A3482DC9BB
SHA-256:C33DE06EC076673E8A1147220D697AB1009956F46C955EB3F03D84EAD98B4277
SHA-512:FB84AC4E8EE217F31C613C09AFF34A6827F177280D2DFAD01F9A1C51B562BBD18AE2ACEB881D314177525BA3F46F28E5CE74BDC59CD36CC85D49FC8525A7DEBF
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF997262B57C28CB9D.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):32768
Entropy (8bit):1.4845433965676178
Encrypted:false
SSDEEP:
MD5:70A0FC7C8610F1BF343BBF2ECDD17FB9
SHA1:60831AFE5A299B9BF8233554D81291403E16D2BE
SHA-256:705E9BC13655440ADBA3B245EC80D3D5250335F8B1E0EA929037AC578F587065
SHA-512:DF9FA0816A2F9E2C93CE0B286E194E5D957C462AFD14894BE235B6EAAAEFF1D6914EA8AAB793896E4B87AED8ED1462C4B5600F242738046D024B9E34C4DACFC2
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF9CFCC61464F0D98C.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.8831320852448628
Encrypted:false
SSDEEP:
MD5:24A4743C604B9F7DC5E5C718CB60B49E
SHA1:DAFC32FB57498277B14C185F346F0B7B5129EF1E
SHA-256:45A138EE80EA6BE514AC34722AEA58A4EE614B04257AD129DAE43373D7AD92F6
SHA-512:451441FDF9155B84D06E0A8005FFA53E351B195362C66E0C5C6CDF1940086FADAA408C8E81893EBA3A5C67563DC7B88178BF000F226B38C17616FAD1C1626818
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFD4B532A75B4F91C4.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Reputation:unknown
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFDA48E8573C803973.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):73728
Entropy (8bit):0.2574216892070107
Encrypted:false
SSDEEP:
MD5:58F134A2FBEF7CC4B3292B6A6BDC4A06
SHA1:4FC0C8408CFB4E124E13B1B6816544CD2B334827
SHA-256:B53995A67F27861AE196111A35D3E43D52A08976B030E123EA216AB6683E5622
SHA-512:E49F72DE7ACF58FF3A1A44C101B5EA1C93B279270E5B9BA35CBC6C662B327CF31E77A59E9E21E8754CB97F57765B87B54148E647CAFAC20516981DB5D1B5D555
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.734391236863114
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.53%
  • InstallShield setup (43055/19) 0.43%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:xploview v3.3.31.exe
File size:10'056'544 bytes
MD5:0e9b5834cee3dc5760f1ec3ecf75580b
SHA1:c883426efb8332abbde75a495abaa54cc25501e0
SHA256:5fbdba70a71b9204b58002679e4db29024d201cc35650e6c616c8643e575cabf
SHA512:9e05d08724d388c8dd190e22f0096f2c3bc5b291fcd079403c48638da3ef446bd65075786b72c9374dd00badb3aa89facf61d55f4e74a7adedabf16bac605c1c
SSDEEP:196608:NQ8KxEDLocXkt43u0Y0rrVZH71g6ZSIBd2IFpVr82QNgiD4u:LK2DLocXbg0rrPS6L2Ivp8VgUZ
TLSH:2EA60219B3F49225E4B70B30597287B25AB5BCA0DD32D12F53C8960D2D72B84DA727F2
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9.O~W.O~W.O~W.F...Z~W.Q,..H~W.F....~W.F...u~W.F...\~W.O~V...W.F....~W.F...N~W.RichO~W.........................PE..L......Q...

File Icon

Icon Hash:301c2672999bc62d

Static PE Info

General

Entrypoint:0x430bf7
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x51CAE298 [Wed Jun 26 12:46:16 2013 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:0
File Version Major:5
File Version Minor:0
Subsystem Version Major:5
Subsystem Version Minor:0
Import Hash:a702490d9998129db37a9f38c84de0b0
Instruction
call 00007FE7DC8263D5h
jmp 00007FE7DC81C29Eh
mov edi, edi
push ebp
mov ebp, esp
mov edx, dword ptr [ebp+08h]
push ebx
push esi
push edi
xor edi, edi
cmp edx, edi
je 00007FE7DC81C429h
mov ebx, dword ptr [ebp+0Ch]
cmp ebx, edi
jnbe 00007FE7DC81C440h
call 00007FE7DC81FF2Dh
push 00000016h
pop esi
mov dword ptr [eax], esi
push edi
push edi
push edi
push edi
push edi
call 00007FE7DC81FEB6h
add esp, 14h
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
ret
mov esi, dword ptr [ebp+10h]
cmp esi, edi
jne 00007FE7DC81C429h
xor eax, eax
mov word ptr [edx], ax
jmp 00007FE7DC81C3F6h
mov ecx, edx
movzx eax, word ptr [esi]
mov word ptr [ecx], ax
inc ecx
inc ecx
inc esi
inc esi
cmp ax, di
je 00007FE7DC81C425h
dec ebx
jne 00007FE7DC81C410h
xor eax, eax
cmp ebx, edi
jne 00007FE7DC81C3F5h
mov word ptr [edx], ax
call 00007FE7DC81FEE4h
push 00000022h
pop ecx
mov dword ptr [eax], ecx
mov esi, ecx
jmp 00007FE7DC81C3D5h
mov edx, dword ptr [esp+04h]
mov ecx, dword ptr [esp+08h]
test edx, 00000003h
jne 00007FE7DC81C45Eh
mov eax, dword ptr [edx]
cmp al, byte ptr [ecx]
jne 00007FE7DC81C450h
or al, al
je 00007FE7DC81C448h
cmp ah, byte ptr [ecx+01h]
jne 00007FE7DC81C447h
or ah, ah
je 00007FE7DC81C43Fh
shr eax, 10h
cmp al, byte ptr [ecx+02h]
jne 00007FE7DC81C43Bh
or al, al
je 00007FE7DC81C433h
cmp ah, byte ptr [ecx+03h]
jne 00007FE7DC81C432h
add ecx, 04h
add edx, 04h
or ah, ah
jne 00007FE7DC81C3F4h
mov edi, edi
xor eax, eax
ret
nop
sbb eax, eax
shl eax, 1
add eax, 01h
ret
test edx, 00000001h
Programming Language:
  • [ASM] VS2008 SP1 build 30729
  • [C++] VS2008 build 21022
  • [ C ] VS2008 SP1 build 30729
  • [C++] VS2008 SP1 build 30729
  • [IMP] VS2008 SP1 build 30729
  • [LNK] VS2008 SP1 build 30729
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x52fec0xc8.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x590000xd5dc.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x670000x33a0.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x521a80x40.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x460000x444.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x528640xc0.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x4481f0x44a000bed4f9024bd65a7f2899aa81730bfc7False0.5653887750455373data6.585677870572202IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x460000xe7ac0xe800ab62f59be994ce8c356e99cbbd1ebe6eFalse0.3014715786637931data4.588744159675867IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x550000x3ebc0x2000adc6664bb557a3e69bd73b243a3a2a6dFalse0.3619384765625data3.9545188052681777IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x590000xd5dc0xd600148700eb9908384ffa7b7aa031de0c8bFalse0.4212908878504673data5.234368263794012IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x670000x48d20x4a002f1877439405ddde88737c612e785f3cFalse0.5420713682432432data5.450730274899008IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
IMAGE_FILE0x599200x6ISO-8859 text, with no line terminatorsEnglishUnited States2.1666666666666665
IMAGE_FILE0x599280x6ISO-8859 text, with no line terminatorsEnglishUnited States2.1666666666666665
RTF_FILE0x599300x2e9Rich Text Format data, version 1, ANSI, code page 1252EnglishUnited States0.5503355704697986
RTF_FILE0x59c1c0xa1Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033EnglishUnited States0.906832298136646
RT_ICON0x59cc00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.2634146341463415
RT_ICON0x5a3280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.3575268817204301
RT_ICON0x5a6100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4426229508196721
RT_ICON0x5a7f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5033783783783784
RT_ICON0x5a9200xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5146588486140725
RT_ICON0x5b7c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7026173285198556
RT_ICON0x5c0700x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.7644009216589862
RT_ICON0x5c7380x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.6047687861271677
RT_ICON0x5cca00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.4612033195020747
RT_ICON0x5f2480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.7181050656660413
RT_ICON0x602f00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.780327868852459
RT_ICON0x60c780x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.775709219858156
RT_MENU0x610e00x5cdataEnglishUnited States0.8478260869565217
RT_MENU0x6113c0x2adataEnglishUnited States1.0714285714285714
RT_DIALOG0x611680x84dataEnglishUnited States0.7424242424242424
RT_DIALOG0x611ec0x2a6dataEnglishUnited States0.5132743362831859
RT_DIALOG0x614940x3b4dataEnglishUnited States0.43248945147679324
RT_DIALOG0x618480xbcdataEnglishUnited States0.7180851063829787
RT_DIALOG0x619040x204dataEnglishUnited States0.560077519379845
RT_DIALOG0x61b080x282dataEnglishUnited States0.48598130841121495
RT_DIALOG0x61d8c0xccdataEnglishUnited States0.6911764705882353
RT_DIALOG0x61e580x146dataEnglishUnited States0.5736196319018405
RT_DIALOG0x61fa00x226dataEnglishUnited States0.4690909090909091
RT_DIALOG0x621c80x388dataEnglishUnited States0.45464601769911506
RT_DIALOG0x625500x1b4dataEnglishUnited States0.5458715596330275
RT_DIALOG0x627040x136dataEnglishUnited States0.6064516129032258
RT_STRING0x6283c0x45cdataEnglishUnited States0.3844086021505376
RT_STRING0x62c980x760dataEnglishUnited States0.3225635593220339
RT_STRING0x633f80x2f8dataEnglishUnited States0.4039473684210526
RT_STRING0x636f00x598dataEnglishUnited States0.2807262569832402
RT_STRING0x63c880x3e4StarOffice Gallery theme i, 1627418368 objects, 1st nEnglishUnited States0.39558232931726905
RT_STRING0x6406c0x7a6dataEnglishUnited States0.2763023493360572
RT_STRING0x648140x744dataEnglishUnited States0.26344086021505375
RT_STRING0x64f580x7b8dataEnglishUnited States0.22672064777327935
RT_STRING0x657100x598dataEnglishUnited States0.3952513966480447
RT_STRING0x65ca80x82dataEnglishUnited States0.6307692307692307
RT_GROUP_ICON0x65d2c0xaedataEnglishUnited States0.5977011494252874
RT_VERSION0x65ddc0x360dataEnglishUnited States0.4398148148148148
RT_MANIFEST0x6613c0x4a0ASCII text, with very long lines (940), with CRLF line terminatorsEnglishUnited States0.4375
DLLImport
KERNEL32.dllEnterCriticalSection, LoadLibraryExW, GetModuleHandleW, GetModuleFileNameW, InitializeCriticalSection, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, LoadLibraryW, GetCurrentThreadId, CloseHandle, GetShortPathNameW, CreateEventW, LeaveCriticalSection, GetCommandLineW, SetCurrentDirectoryW, CreateThread, WaitForSingleObject, SetEvent, GetDriveTypeW, GetVersionExW, SetFileAttributesW, CopyFileW, GetExitCodeThread, GetCurrentProcess, FlushInstructionCache, SetLastError, lstrcmpiW, FreeLibrary, GetLastError, WriteFile, CreateFileW, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, GetCurrentProcessId, RaiseException, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, LCMapStringA, GetConsoleMode, GetConsoleCP, InitializeCriticalSectionAndSpinCount, lstrlenW, MultiByteToWideChar, GetFileAttributesW, WideCharToMultiByte, GetModuleHandleA, RtlUnwind, LCMapStringW, GetStringTypeA, LocalAlloc, LocalFree, GetProcAddress, InterlockedExchange, LoadLibraryA, GetTempPathW, GetTempFileNameW, DeleteFileW, FindFirstFileW, FindNextFileW, RemoveDirectoryW, FindClose, CreateDirectoryW, GetLogicalDriveStringsW, GetFileSize, ReadFile, GetDiskFreeSpaceExW, GetEnvironmentVariableW, SetFilePointer, SetEndOfFile, EnumResourceLanguagesW, GetLocaleInfoW, GetSystemDefaultLangID, GetUserDefaultLangID, GetSystemTime, CreateProcessW, GetExitCodeProcess, GetWindowsDirectoryW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, GetVersion, GlobalMemoryStatus, OutputDebugStringW, GetLocalTime, FlushFileBuffers, lstrcpynW, GetSystemDirectoryW, MulDiv, TerminateThread, MoveFileW, Sleep, ResetEvent, CreateFileA, CreateNamedPipeW, ConnectNamedPipe, FormatMessageW, GetTempPathA, GetTempFileNameA, DuplicateHandle, GetStdHandle, CreateProcessA, DeleteFileA, LockFile, UnlockFile, GetStringTypeW, GetLocaleInfoA, SearchPathW, OpenProcess, TerminateProcess, GlobalLock, GlobalUnlock, GlobalAlloc, GlobalFree, lstrcmpW, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, InterlockedCompareExchange, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, ExitProcess, HeapCreate, GetModuleFileNameA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale
USER32.dllSetWindowPos, MapWindowPoints, GetClientRect, GetParent, GetWindowRect, SystemParametersInfoW, GetWindowLongW, GetWindow, EndDialog, CreateDialogParamW, SendMessageW, LoadImageW, GetSystemMetrics, GetForegroundWindow, LoadStringW, SetForegroundWindow, EnumWindows, GetWindowThreadProcessId, IsWindowVisible, GetDC, PeekMessageW, TranslateMessage, DispatchMessageW, CreateWindowExW, EnableWindow, ScreenToClient, PostQuitMessage, CallWindowProcW, IsWindow, GetPropW, RedrawWindow, InvalidateRect, SetWindowTextW, GetWindowTextLengthW, SetFocus, GetSystemMenu, EnableMenuItem, DestroyMenu, MsgWaitForMultipleObjects, ModifyMenuW, FindWindowW, MessageBeep, ExitWindowsEx, GetScrollRange, GetScrollPos, GetDlgCtrlID, SetPropW, RemovePropW, TrackPopupMenu, LoadMenuW, GetSubMenu, SetTimer, KillTimer, LoadIconW, ReleaseDC, GetDesktopWindow, OpenClipboard, CloseClipboard, EmptyClipboard, SetClipboardData, UnregisterClassA, PostMessageW, GetWindowTextW, DialogBoxParamW, MessageBoxW, GetActiveWindow, SetWindowLongW, DefWindowProcW, CharNextW, DestroyWindow, GetDlgItem, ShowWindow
GDI32.dllGetDeviceCaps, DeleteObject, GetObjectW, DeleteDC, SetBkMode, GetStockObject, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, BitBlt, CreateFontIndirectW
SHELL32.dllShellExecuteW, SHGetFolderPathW, SHBrowseForFolderW, SHGetMalloc, SHGetPathFromIDListW, ShellExecuteExW, SHGetSpecialFolderLocation
ole32.dllCreateStreamOnHGlobal, CreateILockBytesOnHGlobal, CoTaskMemRealloc, CoTaskMemAlloc, CoCreateInstance, CoTaskMemFree, CoUninitialize, StgCreateDocfileOnILockBytes, CoInitialize
OLEAUT32.dllVarUI4FromStr, OleLoadPicture
SHLWAPI.dllPathFileExistsW
COMCTL32.dllPropertySheetW, DestroyPropertySheetPage, CreatePropertySheetPageW
VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States