Windows Analysis Report
Codecs.exe

Compliance

Source: Codecs.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source:	Binary string: c\H263\VCM\Release\TxsH263.pdb source: _INS5576._MP, 00000002.00000003.2050210386.000000000084B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c\H263\VCM\Release\TxsH263.pdb5 source: _INS5576._MP, 00000002.00000003.2050210386.000000000084B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: M:\Txs\Arcturus\Codec\H263\VCM\Release\TxsH263.pdb source: _INS5576._MP, 00000002.00000003.2049998616.0000000000829000.00000004.00000020.00020000.00000000.sdmp, TxsH263.dll.2.dr, TxsH263.dll.0.dr
Source:	Binary string: M:\Txs\Arcturus\Codec\H263\VCM\Release\TxsH263.pdb5 source: _INS5576._MP, 00000002.00000003.2049998616.0000000000829000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\Local\Temp\plf1B90.tmp			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\Local\Temp\			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\Local\			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\			Jump to behavior

Networking

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.4:49736

Source: _INS5576._MP, 00000002.00000002.2065081493.000000000048B000.00000002.00000001.01000000.00000008.sdmp, IsUninst.exe.orig.2.dr, IsUninst.728.2.dr, IsUninst.exe.2.dr, _INS5576._MP.1.dr	String found in binary or memory: http://www.installshield.com
Source: Codecs.exe, 00000000.00000002.2213741410.00000000005B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.marchnetworks.com

System Summary

Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	File created: C:\Windows\_iserr31.ini			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	File created: C:\Windows\_isenv31.ini			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	File created: C:\Windows\_delis32.ini			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\IsUninst.exe			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\SysWOW64\txsadp32.acm			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\SysWOW64\TxsH263.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	File created: C:\Windows\_INS33IS._MP			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP

File deleted: C:\Windows\_iserr31.ini

Jump to behavior

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP A8657371F03E2E66DB951C3DCD3AEB42C576894908CA2EB1B3806AA0404CB083

Source: _isres.dll.2.dr

Static PE information: No import functions for PE file found

Source: Codecs.exe, 00000000.00000002.2213553415.0000000000418000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamestub32i.exe vs Codecs.exe
Source: Codecs.exe	Binary or memory string: OriginalFilenamestub32i.exe vs Codecs.exe

Source: Codecs.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean13.winEXE@7/40@0/0

Source: C:\Users\user\Desktop\Codecs.exe

File created: C:\Users\user\AppData\Local\Temp\plf1B90.tmp

Jump to behavior

Source: Codecs.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe

File read: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\SETUP.INI

Jump to behavior

Source: C:\Users\user\Desktop\Codecs.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Codecs.exe

File read: C:\Users\user\Desktop\Codecs.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Codecs.exe "C:\Users\user\Desktop\Codecs.exe"
Source: C:\Users\user\Desktop\Codecs.exe	Process created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe "C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe" /SMS
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDEL.EXE
Source: C:\Users\user\Desktop\Codecs.exe	Process created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe "C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe" /SMS			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDEL.EXE			Jump to behavior

Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: acgenral.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: samcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: msacm32.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: lz32.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: riched32.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: riched20.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: usp10.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: msls31.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: acspecfc.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: mscms.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: ddraw.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: msi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: coloradapterclient.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: dxgi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: dciman32.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: acgenral.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: samcli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: msacm32.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: acspecfc.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: mscms.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: mpr.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: ddraw.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: msi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: coloradapterclient.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: dxgi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: dciman32.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: acgenral.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: samcli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: msacm32.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: sfc.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: acspecfc.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: mscms.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: ddraw.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: msi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: coloradapterclient.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: dxgi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: dciman32.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: acgenral.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: samcli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: msacm32.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: acwow64.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Section loaded: sfc_os.dll			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Codecs.exe

File written: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\SETUP.INI

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Automated click: Next >

Source: C:\Users\user\Desktop\Codecs.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: c\H263\VCM\Release\TxsH263.pdb source: _INS5576._MP, 00000002.00000003.2050210386.000000000084B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c\H263\VCM\Release\TxsH263.pdb5 source: _INS5576._MP, 00000002.00000003.2050210386.000000000084B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: M:\Txs\Arcturus\Codec\H263\VCM\Release\TxsH263.pdb source: _INS5576._MP, 00000002.00000003.2049998616.0000000000829000.00000004.00000020.00020000.00000000.sdmp, TxsH263.dll.2.dr, TxsH263.dll.0.dr
Source:	Binary string: M:\Txs\Arcturus\Codec\H263\VCM\Release\TxsH263.pdb5 source: _INS5576._MP, 00000002.00000003.2049998616.0000000000829000.00000004.00000020.00020000.00000000.sdmp

Persistence and Installation Behavior

Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_WUTL951.DLL			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Ctl3d32.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\IsUninst.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.728			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\_isres.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\SysWOW64\TxsH263.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\4d7894.DLL (copy)			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.exe (copy)			Jump to dropped file
Source: C:\Users\user\Desktop\Codecs.exe	File created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_Setup.dll			Jump to dropped file
Source: C:\Users\user\Desktop\Codecs.exe	File created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\TxsH263.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP			Jump to dropped file
Source: C:\Users\user\Desktop\Codecs.exe	File created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.exe.orig			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\SysWOW64\txsadp32.acm			Jump to dropped file
Source: C:\Users\user\Desktop\Codecs.exe	File created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe			Jump to dropped file
Source: C:\Users\user\Desktop\Codecs.exe	File created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\txsadp32.acm			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\ZDataI51.dll			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\IsUninst.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\SysWOW64\TxsH263.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\SysWOW64\txsadp32.acm			Jump to dropped file

Source: C:\Users\user\Desktop\Codecs.exe	File created: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\txsadp32.acm			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.728			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.exe.orig			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File created: C:\Windows\SysWOW64\txsadp32.acm			Jump to dropped file

Boot Survival

Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.txsadpcm			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.txsadpcm			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 vidc.T263			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 vidc.T263			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_ISDel.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_WUTL951.DLL			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Dropped PE file which has not been started: C:\Windows\IsUninst.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Ctl3d32.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\_isres.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.728			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Dropped PE file which has not been started: C:\Windows\SysWOW64\TxsH263.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\4d7894.DLL (copy)			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.exe (copy)			Jump to dropped file
Source: C:\Users\user\Desktop\Codecs.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\_Setup.dll			Jump to dropped file
Source: C:\Users\user\Desktop\Codecs.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\TxsH263.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.exe.orig			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	Dropped PE file which has not been started: C:\Windows\SysWOW64\txsadp32.acm			Jump to dropped file
Source: C:\Users\user\Desktop\Codecs.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\txsadp32.acm			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\ZDataI51.dll			Jump to dropped file

Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\Local\Temp\plf1B90.tmp			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\Local\Temp\			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\Local\			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\AppData\Local\Temp\pft1C0F~tmp\			Jump to behavior
Source: C:\Users\user\Desktop\Codecs.exe	File opened: C:\Users\user\			Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: _INS5576._MP, 00000002.00000000.1685120946.0000000000481000.00000008.00000001.01000000.00000008.sdmp, _INS5576._MP.1.dr	Binary or memory string: PROGMANPROGMAN[CreateGroup(%s,)][CreateGroup()][AddItem(,,,,-1,-1,,,,1,0)][DeleteGroup(%s)][CreateGroup(%s)][DeleteItem(%s)][ShowGroup(%s,%ld)][Reload(%s)][CreateGroup()][ReplaceItem()][AddItem(,,,,-1,-1,,,,1,0)]PROGMAN.EXE[ExitProgMan(%d)]Explorer.exesystem.iniProgMan.exeShellBootGROUPS+%sCTRL+%sALTSHIFT+%sALTSHIFTNUM%s%s%s%sCTRL%sSHIFTALTCTRLNUM%s%s%s%sF1F2F3F4F5F6F7F8F9F10F11F12F13F14F15F16LEFTUPRIGHTDOWNHOMEENDPAGEUPDOWNINSERT+*-~!@#$%^&*()_+{}|:?><Ctrl + Shift + Alt + Page UpPage DownEndHomeLeftUpRightDownInsertNum 0Num 1Num 2Num 3Num 4Num 5Num 6Num 7Num 8Num 9Num *Num +Num -F1F2F3F4F5F6F7F8F9F10F11F12F13F14F15F16(),,%ldGROUPS,,,,,,,,,,*.*...%.2u-%.2u-%.2u%.2d:%.2d%.2u-%.2u-%.4u%.2d:%.2d%1c%1c%1c%1c%d.%d%s_fty%d.231*.*
Source: _INS5576._MP, 00000002.00000003.1992463935.0000000000836000.00000004.00000020.00020000.00000000.sdmp, setup.ins.0.dr	Binary or memory string: Progman.exe(
Source: Setup.exe, 00000001.00000002.2141513574.000000000040F000.00000004.00000001.01000000.00000006.sdmp, Setup.exe, 00000001.00000000.1660522023.000000000040F000.00000008.00000001.01000000.00000006.sdmp, Setup.exe.0.dr	Binary or memory string: LOGO_MSG_LOGOSTATUS_30LOGO_MSG_LOGOCLOSE_30LgoStatusWinLgoBitmapClsLgoBitmapWinstaticsetup.bmpsetup16.bmpShell_TrayWnd file%d
Source: _INS5576._MP, 00000002.00000000.1685120946.0000000000481000.00000008.00000001.01000000.00000008.sdmp, _INS5576._MP, 00000002.00000002.2065063633.0000000000481000.00000004.00000001.01000000.00000008.sdmp, _INS5576._MP.1.dr	Binary or memory string: [ExitProgMan(%d)]
Source: Setup.exe, 00000001.00000002.2141513574.000000000040F000.00000004.00000001.01000000.00000006.sdmp, Setup.exe, 00000001.00000000.1660522023.000000000040F000.00000008.00000001.01000000.00000006.sdmp, Setup.exe.0.dr	Binary or memory string: Shell_TrayWnd
Source: _INS5576._MP, 00000002.00000000.1685120946.0000000000481000.00000008.00000001.01000000.00000008.sdmp, _INS5576._MP, 00000002.00000002.2065063633.0000000000481000.00000004.00000001.01000000.00000008.sdmp, _INS5576._MP.1.dr	Binary or memory string: Progman
Source: _INS5576._MP, 00000002.00000002.2065852635.0000000002F70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Progman.exe
Source: IsUninst.exe.orig.2.dr, IsUninst.728.2.dr, IsUninst.exe.2.dr	Binary or memory string: PROGMANPROGMAN[DeleteGroup(%s)][CreateGroup(%s)][DeleteItem(%s)][ShowGroup(%s,%ld)]GROUPSCtrl + Shift + Alt + Page UpPage DownEndHomeLeftUpRightDownInsertNum 0Num 1Num 2Num 3Num 4Num 5Num 6Num 7Num 8Num 9Num *Num +Num -F1F2F3F4F5F6F7F8F9F10F11F12F13F14F15F16(),,%ld,,,,,,,,,,LogWindow
Source: Setup.exe, 00000001.00000002.2141513574.000000000040F000.00000004.00000001.01000000.00000006.sdmp, Setup.exe, 00000001.00000000.1660522023.000000000040F000.00000008.00000001.01000000.00000006.sdmp, Setup.exe.0.dr	Binary or memory string: %08lx._MP%04xSETUPDIRyYEnableLangDlgNCmdLineSerialNoFileNameSMSMifTypeFreeDiskSpaceAppNameStartupIsdelNamesetup.iniISMSG32_TERMINATEISMSG16_TERMINATEISDEL_MSG_DELDONE32ISDEL_MSG_DELEXISTS32ISDEL_MSG_DELENABLE32_delis32.iniLAYOUT.BINSETUP.INS_ISDEL.EXEBOOT16.EXEBOOT32.EXEWUTL95I.DLLZDATA.DLLINSTALL.EXE_INST32I.EX__INST32A.EX__INST32M.EX__INST32P.EX__INST16.EX_InstallShieldSetup30_SETUP.DLL -f%s %s -m2 -m1 -m -q1%04x" -x1" -x -c -cx -z1EXETEMP_INS5566._MP.INS%s_ISTMP%d.DIR_INS33IS._MPexeostypedirmainNOT_POSSIBLE_VALUEalt%dSharedErrors_iserr31.ini_isenv31.iniISUNINST.EXEISUN16.EXEEXPLORER.EXEBootShellProgMan.exesystem.ini_INS0432.INI.\.
Source: _INS5576._MP, 00000002.00000002.2065063633.0000000000481000.00000004.00000001.01000000.00000008.sdmp	Binary or memory string: PROGMANPROGMAN[CreateGroup(%s,)][CreateGroup()][AddItem(,,,,-1,-1,,,,1,0)][DeleteGroup(%s)][CreateGroup(%s)][DeleteItem(%s)][ShowGroup(%s,%ld)][Reload(%s)][CreateGroup()][ReplaceItem()][AddItem(,,,,-1,-1,,,,1,0)]PROGMAN.EXE[ExitProgMan(%d)]Explorer.exesystem.iniProgMan.exeShellBootGROUPS+%sCTRL+%sALTSHIFT+%sALTSHIFTNUM%s%s%s%sCTRL%sSHIFTALTCTRLNUM%s%s%s%sF1F2F3F4F5F6F7F8F9F10F11F12F13F14F15F16LEFTUPRIGHTDOWNHOMEENDPAGEUPDOWNINSERT+*-~!@#$%^&*()_+{}|:?><Ctrl + Shift + Alt + Page UpPage DownEndHomeLeftUpRightDownInsertNum 0Num 1Num 2Num 3Num 4Num 5Num 6Num 7Num 8Num 9Num *Num +Num -F1F2F3F4F5F6F7F8F9F10F11F12F13F14F15F16(),,%ldGROUPS,,,,,,,,,,*.*...%.2u-%.2u-%.2u%.2d:%.2d%.2u-%.2u-%.4u%.2d:%.2d%1c%1c%1c%1c%d.%d%s_fty%d.231*.*d
Source: _INS5576._MP, 00000002.00000000.1685120946.0000000000481000.00000008.00000001.01000000.00000008.sdmp, _INS5576._MP, 00000002.00000002.2065063633.0000000000481000.00000004.00000001.01000000.00000008.sdmp, IsUninst.exe.orig.2.dr, IsUninst.728.2.dr, IsUninst.exe.2.dr	Binary or memory string: PROGMAN
Source: _INS5576._MP, 00000002.00000000.1685120946.0000000000481000.00000008.00000001.01000000.00000008.sdmp, _INS5576._MP, 00000002.00000002.2065063633.0000000000481000.00000004.00000001.01000000.00000008.sdmp, _INS5576._MP.1.dr	Binary or memory string: view.bmpISAVIEWCMPTWINDOWISAVIEWCMPTCLASS ISAVIEWCMPTCLASSISAVIEWCMPTCLASS%ld.%ld%ld %s%s%s 41943034194303.940964096.9 %s%s%s T Progman -f -x1 -ci -q1%04xISBarCls%d %%
Source: Setup.exe, 00000001.00000002.2141513574.000000000040F000.00000004.00000001.01000000.00000006.sdmp, Setup.exe, 00000001.00000000.1660522023.000000000040F000.00000008.00000001.01000000.00000006.sdmp, _INS5576._MP, 00000002.00000000.1685120946.0000000000481000.00000008.00000001.01000000.00000008.sdmp	Binary or memory string: ProgMan.exe
Source: _INS5576._MP, 00000002.00000000.1685120946.0000000000481000.00000008.00000001.01000000.00000008.sdmp, _INS5576._MP, 00000002.00000002.2065063633.0000000000481000.00000004.00000001.01000000.00000008.sdmp, _INS5576._MP.1.dr	Binary or memory string: PROGMAN.EXE