Edit tour

Windows Analysis Report
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe

Overview

General Information

Sample URL:	https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe
Analysis ID:	1589827
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops large PE files

Infects executable files (exe, dll, sys, html)

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Checks for available system drives (often done to infect USB drives)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Usage Of Web Request Commands And Cmdlets

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses the system / local time for branch decision (may execute only at specific dates)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

cmd.exe (PID: 6764 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

wget.exe (PID: 6912 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

CloudCompare_v2.14.alpha_setup_x64.exe (PID: 5016 cmdline: "C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe" MD5: 4FA9171C45161772572CB136422EA7FD)

CloudCompare_v2.14.alpha_setup_x64.tmp (PID: 6908 cmdline: "C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp" /SL5="$B01CE,353634964,780800,C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe" MD5: CA9D0BC1FC3C0AEBE22047A2DCBCD715)

vcredist_2013_x64.exe (PID: 4264 cmdline: "C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe" /install /quiet /norestart MD5: 49B1164F8E95EC6409EA83CDB352D8DA)

vcredist_2013_x64.exe (PID: 6120 cmdline: "C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe" /install /quiet /norestart -burn.unelevated BurnPipe.{1EB8EC4C-F5D1-4ECA-9DD0-7714AF65556E} {84117F68-D40E-4241-8A1A-B0F8298D254D} 4264 MD5: 49B1164F8E95EC6409EA83CDB352D8DA)

VC_redist.x64.exe (PID: 4592 cmdline: "C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe" /install /quiet /norestart MD5: 223A76CD5AB9E42A5C55731154B85627)

VC_redist.x64.exe (PID: 2492 cmdline: "C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe" -burn.filehandle.attached=680 -burn.filehandle.self=684 /install /quiet /norestart MD5: 3F32F1A9BD60AE065B89C2223676592E)

VC_redist.x64.exe (PID: 6552 cmdline: "C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5DEBEB27-EE90-4179-8801-9F2879D6FF33} {CFB915F2-7D0C-4BB0-A831-01B27FBD1688} 2492 MD5: 3F32F1A9BD60AE065B89C2223676592E)

VC_redist.x64.exe (PID: 2488 cmdline: "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded BurnPipe.{3CE290E6-406D-4F39-9839-02C576C54025} {EA2D85BC-101D-4701-8D4D-A4BF8B19AB71} 6552 MD5: 35E545DAC78234E4040A99CBB53000AC)

VC_redist.x64.exe (PID: 4280 cmdline: "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.filehandle.attached=508 -burn.filehandle.self=520 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded BurnPipe.{3CE290E6-406D-4F39-9839-02C576C54025} {EA2D85BC-101D-4701-8D4D-A4BF8B19AB71} 6552 MD5: 35E545DAC78234E4040A99CBB53000AC)

VC_redist.x64.exe (PID: 2128 cmdline: "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5A86F4D1-A9EC-4B64-B083-BE7A62BB96B8} {9AF4D465-6A98-4E12-88F2-BC1C1719DF24} 4280 MD5: 35E545DAC78234E4040A99CBB53000AC)

SrTasks.exe (PID: 5668 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1 MD5: 2694D2D28C368B921686FE567BD319EB)

conhost.exe (PID: 4444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msiexec.exe (PID: 6280 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

vcredist_x64.exe (PID: 2356 cmdline: "C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe" /burn.runonce MD5: 3284088A2D414D65E865004FDB641936)

vcredist_x64.exe (PID: 6076 cmdline: "C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe" MD5: 3284088A2D414D65E865004FDB641936)

SrTasks.exe (PID: 824 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2 MD5: 2694D2D28C368B921686FE567BD319EB)

conhost.exe (PID: 5596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

VC_redist.x64.exe (PID: 6256 cmdline: "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" /burn.runonce MD5: 3F32F1A9BD60AE065B89C2223676592E)

VC_redist.x64.exe (PID: 864 cmdline: "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" MD5: 3F32F1A9BD60AE065B89C2223676592E)

VC_redist.x64.exe (PID: 4944 cmdline: "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 MD5: 3F32F1A9BD60AE065B89C2223676592E)

LogonUI.exe (PID: 708 cmdline: "LogonUI.exe" /flags:0x4 /state0:0xa3f5a855 /state1:0x41c64e6d MD5: 893144FE49AA16124B5BD3034E79BBC6)

cleanup

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 744, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1, ProcessId: 6764, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 744, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1, ProcessId: 6764, ProcessName: cmd.exe

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe" /burn.runonce, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe, ProcessId: 4264, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FE7BC4 _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,ReadFile,CryptHashData,ReadFile,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext,	11_2_00FE7BC4
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FC8566 CryptHashPublicKeyInfo,GetLastError,	11_2_00FC8566
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FC86E7 DecryptFileW,	11_2_00FC86E7
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004BBD11 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,DecryptFileW,LocalFree,	20_2_004BBD11
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004BBAF6 DecryptFileW,DecryptFileW,	20_2_004BBAF6
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004E4C0F CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	20_2_004E4C0F
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A5BD11 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,DecryptFileW,LocalFree,	21_2_00A5BD11
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A5BAF6 DecryptFileW,DecryptFileW,	21_2_00A5BAF6
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A84C0F CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	21_2_00A84C0F
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E5BAF6 DecryptFileW,DecryptFileW,	22_2_00E5BAF6
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E84C0F CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	22_2_00E84C0F
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E5BD11 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,DecryptFileW,LocalFree,	22_2_00E5BD11
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_005486E7 DecryptFileW,	24_2_005486E7
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_00567BC4 _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,ReadFile,CryptHashData,ReadFile,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext,	24_2_00567BC4
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_00548566 CryptHashPublicKeyInfo,GetLastError,	24_2_00548566
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003CF961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	28_2_003CF961
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003A9C99 DecryptFileW,DecryptFileW,	28_2_003A9C99
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003A9EB7 DecryptFileW,	28_2_003A9EB7

Source: is-F27EN.tmp.10.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_9a877de2-9

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-E67D7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-RK2D7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-F0B2H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-BU6NB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-78AIN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-5U5RQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-Q3UAG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-A4GQ6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-K8E7Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-T8E89.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-7AMNT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-KMJ88.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-MV458.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-0UCED.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-S20LH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-9Q3NC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-DMGNO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-5NEDU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-9MQ23.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-96G17.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-QLH03.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-0ETAJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-1D8GC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-CRC3K.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-DG0J0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-RKRC4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-TLF74.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-F8008.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-GBVP7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-V81UA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-7D511.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-QJLST.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-2BPFH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-Q8VGT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-3UACU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-4N83B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-GD96M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-5LLNK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-1AVDH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-2NF19.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-6E13D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-VUNA7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-ULPPI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-8GF8G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-Q4FUF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-9564F.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-LNQRQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-F27EN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-OU74J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-EHH64.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-JJ5J0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-5DUDN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-AJ0MH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-TJIIT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-LIKHT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-NKH37.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-1T592.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-TRDII.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-86FV8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-V60H0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-T6I4U.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-ORCGS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-DE3LQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-OHVSP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-VQV6S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-02UTJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-NUL4B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-192GB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-MF4VL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-82NCD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-GMPDH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-9V9PD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-VD2K0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-O99L5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-4FB87.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-FVJ9O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-OL3SL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-N98JH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-UP0V3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-Q06N3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\gamepads	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\gamepads\is-T476D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\iconengines	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\iconengines\is-2O479.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-VN2GT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-R83R7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-2F3I0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-AM7K6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-26VGE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-8LGJR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-H2EK5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-FFN20.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-G554D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\platforms	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\platforms\is-JL72O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-NO2LL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-A6DSE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-9UK7J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-5R3DL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-4H4J7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-EKSJ8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-EVN8N.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-1BHUB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-K59TJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-UQ6Q7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-SFOAI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-H5T2H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-HMUPJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-EV193.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-09N3S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-SVRC0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-7SBVS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-23FRJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-51UVB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-S1TGF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-DDST8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-E63HF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-58SRQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-AKS9N.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-U95IF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-VJOEG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-QQLBV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-DG6LF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-QP8K8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-RGJQE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-8BQMI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-MPFLG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-EJTBC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-8A210.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-232MC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-84SFH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-8RLKI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-C1KHU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-3FSQ4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-L6IDA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-MN40I.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-O1011.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\Bilateral	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\Bilateral\is-7E84J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\Bilateral\is-I54SL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\ColorRamp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\ColorRamp\is-QD1K5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\DrawNormals	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\DrawNormals\is-16Q60.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\DrawNormals\is-079CG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\DrawNormals\is-1T3F7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL\is-VLK83.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL\is-CSNSK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL\is-KV0SK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL\is-V57QR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\SSAO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\SSAO\is-NGK93.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\SSAO\is-16B4L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\styles	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\styles\is-HV0JM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-443P6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-CGINU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-GP11Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-1E24F.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-S6F83.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-9AV9B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-1CVRR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-A4SLN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-J6M97.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-ITE62.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-KN4UH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-PFR24.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-TL72C.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-VNUAS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-2S2PK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-6DHOH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-THVTA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-TRV8H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-UBV0R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-2QKRK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-F6T7O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-10N3O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-0NGBU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-OQE25.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-HJ7JF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-QC8LA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-7DSMM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-PCIMT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-5O1M6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-3HP9U.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-GJN0R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-9VPOJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-8LM9M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\unins000.msg	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4DE0A2C8-03F9-4B3F-BAFC-1D5F2141464B}_is1

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1028\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1029\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1031\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1036\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1040\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1041\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1042\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1045\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1046\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1049\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1055\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\2052\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\3082\license.rtf

Source:	Binary string: MFCM120U.amd64.pdb source: mfcm120u.dll.19.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: VC_redist.x64.exe, 0000001C.00000002.5094773956.00000000003DB000.00000002.00000001.01000000.00000014.sdmp, VC_redist.x64.exe, 0000001D.00000002.5086434755.00000000003DB000.00000002.00000001.01000000.00000014.sdmp, VC_redist.x64.exe, 0000001E.00000002.5082503451.00000000003DB000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb source: VC_redist.x64.exe, 00000014.00000000.4866316131.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000014.00000002.5111247731.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000015.00000000.4867826152.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000015.00000002.5106004440.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000016.00000002.5102890508.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 00000016.00000003.5002147253.0000000000980000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000016.00000000.4875152360.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 0000001F.00000000.5129153010.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 0000001F.00000002.5138174837.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000002.5484844134.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000000.5130814743.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000000.5133213302.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000002.5484898708.00000000009CE000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdbH source: vcredist_x64.exe, 00000019.00000002.5497241555.000000006BA05000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb source: vcredist_2013_x64.exe, 0000000B.00000002.4863161318.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000B.00000000.4635010313.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000D.00000002.4862972062.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000D.00000000.4636956599.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_x64.exe, 00000018.00000000.4892550754.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000018.00000002.4899692937.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000019.00000002.5485472293.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000019.00000000.4894071572.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe.13.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixDepCA.pdb source: vcredist_2013_x64.exe, 0000000B.00000003.4804245294.000000000088D000.00000004.00000020.00020000.00000000.sdmp, vcredist_2013_x64.exe, 0000000B.00000003.4806048727.00000000008C6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: is-F27EN.tmp.10.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb`E source: vcredist_x64.exe.13.dr
Source:	Binary string: MFCM120U.amd64.pdb8@ source: mfcm120u.dll.19.dr
Source:	Binary string: C:\agent\_work\36\s\wix\build\ship\x86\WixStdBA.pdb source: VC_redist.x64.exe, 00000021.00000002.5497369648.000000006F853000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: E:\builds\xerces-c-3.1.4\Build\Win64\VC12\Release\xerces-c_3_1.pdb source: is-UP0V3.tmp.10.dr
Source:	Binary string: E:\builds\openssl-1.0.1h\x64\out32dll\libeay32.pdb source: is-DG0J0.tmp.10.dr
Source:	Binary string: C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb4 source: VC_redist.x64.exe, 00000014.00000000.4866316131.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000014.00000002.5111247731.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000015.00000000.4867826152.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000015.00000002.5106004440.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000016.00000002.5102890508.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 00000016.00000003.5002147253.0000000000980000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000016.00000000.4875152360.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 0000001F.00000000.5129153010.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 0000001F.00000002.5138174837.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000002.5484844134.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000000.5130814743.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000000.5133213302.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000002.5484898708.00000000009CE000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: E:\builds\xerces-c-3.1.4\Build\Win64\VC12\Release\xerces-c_3_1.pdb; source: is-UP0V3.tmp.10.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb`X source: vcredist_x64.exe, 00000018.00000000.4892550754.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000018.00000002.4899692937.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000019.00000002.5485472293.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000019.00000000.4894071572.000000000056B000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdb source: vcredist_x64.exe, 00000019.00000002.5497241555.000000006BA05000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ESN.amd64.pdb source: mfc140esn.dll.19.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb` source: vcredist_2013_x64.exe, 0000000B.00000002.4863161318.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000B.00000000.4635010313.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000D.00000002.4862972062.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000D.00000000.4636956599.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: E:\builds\openssl-1.0.1h\x64\out32dll\libeay32.pdbU source: is-DG0J0.tmp.10.dr

Spreading

Infects executable files (exe, dll, sys, html)

Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140jpn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140esn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140ita.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140deu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140chs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfcm140u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140enu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfcm120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc120u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\concrt140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140fra.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vccorlib140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vcomp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140cht.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140rus.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfcm140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfcm120u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140kor.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140_2.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140_codecvt_ids.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcr120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vcamp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vccorlib120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140_1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc120.dll	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FC9065 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	11_2_00FC9065
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FE6CB2 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,	11_2_00FE6CB2
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FE5D1F _memset,FindFirstFileW,FindClose,	11_2_00FE5D1F
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004A1700 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,FindClose,	20_2_004A1700
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004A3B2C FindFirstFileW,FindClose,	20_2_004A3B2C
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004DC2AF FindFirstFileExW,FindNextFileW,FindClose,FindClose,	20_2_004DC2AF
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004BB79F FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	20_2_004BB79F
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A5B79F FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	21_2_00A5B79F
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A41700 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,FindClose,	21_2_00A41700
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A43B2C FindFirstFileW,FindClose,	21_2_00A43B2C
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A7C2AF FindFirstFileExW,FindNextFileW,FindClose,FindClose,	21_2_00A7C2AF
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E5B79F FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	22_2_00E5B79F
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E41700 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,FindClose,	22_2_00E41700
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E43B2C FindFirstFileW,FindClose,	22_2_00E43B2C
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E7C2AF FindFirstFileExW,FindNextFileW,FindClose,FindClose,	22_2_00E7C2AF
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_00566CB2 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,	24_2_00566CB2
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_00549065 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	24_2_00549065
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_00565D1F _memset,FindFirstFileW,FindClose,	24_2_00565D1F
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 25_2_6B9FA685 _memset,FindFirstFileW,FindClose,	25_2_6B9FA685
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_00393BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	28_2_00393BC3
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003D4315 FindFirstFileW,FindClose,	28_2_003D4315
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003A993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	28_2_003A993E

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\NULL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FD6FEC InternetReadFile,WriteFile,WriteFile,GetLastError,GetLastError,

11_2_00FD6FEC

Source: is-F27EN.tmp.10.dr

String found in binary or memory: 04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)

Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/UnknownNScdata-sectionsDOMMemoryManagerXML
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-errorlthttp://apache.org/xml/features/dom/byte-o
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/features/dom-has-psvi-infoInvalidDatatypeFacetExceptionen_UShttp://apache.org/
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/features/dom/user-adopts-DOMDocument-2147483648
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotationsIDREFquotcanonical-formhttp://apache.or
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd-9223372036854775808http://apache.org/
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/features/pretty-print/space-first-level-elementsEMPTYDoXIhttp://xml.org/sax/fe
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/features/validation/dynamic-1http://apache.org/xml/features/validation/identit
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/features/validation/ignoreCachedDTDREFhttp://apache.org/xml/features/validatin
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/features/validation/use-cachedGrammarInParsevalidationvalidate-if-schemaxmlwhi
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/messages/XML4CErrorswell-formedhttp://apache.org/xml/parser-use-DOMDocument-fr
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/messages/XMLValidityXMLXIncludeExceptionerror-handlernohttp://apache.org/xml/f
Source: is-UP0V3.tmp.10.dr	String found in binary or memory: http://apache.org/xml/properties/low-water-marksplit-cdata-sectionsSGXMLScanner
Source: VC_redist.x64.exe	String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: VC_redist.x64.exe, 0000001C.00000002.5094773956.00000000003DB000.00000002.00000001.01000000.00000014.sdmp, VC_redist.x64.exe, 0000001D.00000002.5086434755.00000000003DB000.00000002.00000001.01000000.00000014.sdmp, VC_redist.x64.exe, 0000001E.00000002.5082503451.00000000003DB000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: VC_redist.x64.exe, 00000014.00000000.4866316131.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000014.00000002.5111247731.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000015.00000000.4867826152.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000015.00000002.5106004440.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000016.00000002.5102890508.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 00000016.00000003.5002147253.0000000000980000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000016.00000000.4875152360.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 0000001F.00000000.5129153010.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 0000001F.00000002.5138174837.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000002.5484844134.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000000.5130814743.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000000.5133213302.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000002.5484898708.00000000009CE000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: http://appsyndication.org/2006/appsynapplicationc:
Source: is-F27EN.tmp.10.dr	String found in binary or memory: http://bugreports.qt.io/
Source: is-F27EN.tmp.10.dr	String found in binary or memory: http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.Netsca
Source: is-FVJ9O.tmp.10.dr, is-F27EN.tmp.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: is-F27EN.tmp.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: is-FVJ9O.tmp.10.dr, is-F27EN.tmp.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: is-FVJ9O.tmp.10.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/D7
Source: CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: is-F27EN.tmp.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: is-FVJ9O.tmp.10.dr, is-F27EN.tmp.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: is-F27EN.tmp.10.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: is-FVJ9O.tmp.10.dr, is-F27EN.tmp.10.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: is-FVJ9O.tmp.10.dr, is-F27EN.tmp.10.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: is-F27EN.tmp.10.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: is-FVJ9O.tmp.10.dr, is-F27EN.tmp.10.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: is-FVJ9O.tmp.10.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, is-FVJ9O.tmp.10.dr, is-F27EN.tmp.10.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: is-F27EN.tmp.10.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: is-FVJ9O.tmp.10.dr, is-F27EN.tmp.10.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: is-FVJ9O.tmp.10.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://subca.ocsp-certum.com02
Source: vcredist_2013_x64.exe, 0000000D.00000003.4855360186.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, vcredist_2013_x64.exe, 0000000D.00000003.4641577754.000000000157D000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000015.00000002.5108320544.0000000003810000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 00000015.00000002.5108192968.00000000036A0000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64.exe, 00000018.00000003.4893735867.0000000000ECD000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000003.4895186091.000000000097C000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000002.5491628116.0000000002870000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 0000001D.00000002.5088805698.0000000003250000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 0000001D.00000002.5089033184.0000000003400000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 00000021.00000002.5490078826.0000000003350000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000021.00000002.5494063209.0000000003870000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: vcredist_2013_x64.exe, 0000000D.00000003.4851447301.000000000371B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000002.5494494333.0000000002C90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010(
Source: VC_redist.x64.exe, 00000015.00000002.5108320544.0000000003810000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 0000001D.00000002.5089033184.0000000003400000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 00000021.00000002.5494063209.0000000003870000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010Hd
Source: vcredist_2013_x64.exe, 0000000D.00000003.4851447301.000000000371B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000002.5494494333.0000000002C90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010and
Source: vcredist_2013_x64.exe, 0000000D.00000003.4851447301.000000000371B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000002.5494494333.0000000002C90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010lureH
Source: wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certum.pl/CPS0
Source: CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.5160966733.00000000022EA000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000003.5147495318.00000000024BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cloudcompare.org/
Source: CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4271509144.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000003.4281307366.00000000035B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cloudcompare.org/8http://www.cloudcompare.org/8http://www.cloudcompare.org/.2.14.alpha
Source: CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.5160966733.00000000022EA000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000003.5147495318.00000000024BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cloudcompare.org/q
Source: is-DG0J0.tmp.10.dr	String found in binary or memory: http://www.openssl.org/V
Source: is-DG0J0.tmp.10.dr	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: is-DG0J0.tmp.10.dr	String found in binary or memory: http://www.openssl.org/support/faq.html.
Source: is-F27EN.tmp.10.dr	String found in binary or memory: http://www.phreedom.org/md5)
Source: is-F27EN.tmp.10.dr	String found in binary or memory: http://www.phreedom.org/md5)08:27
Source: CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000000.4271005670.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: is-FVJ9O.tmp.10.dr	String found in binary or memory: https://sectigo.com/CPS0C
Source: wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.certum.pl/CPS0
Source: wget.exe, 00000002.00000002.4225448124.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe
Source: wget.exe, 00000002.00000002.4225320965.0000000000B75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe0r
Source: wget.exe, 00000002.00000002.4225320965.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exeOF_P
Source: wget.exe, 00000002.00000002.4225320965.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exeamDat
Source: is-FVJ9O.tmp.10.dr, is-F27EN.tmp.10.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000000.4279340551.0000000000401000.00000020.00000001.01000000.00000005.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000000.4279340551.0000000000401000.00000020.00000001.01000000.00000005.sdmp	String found in binary or memory: https://www.remobjects.com/ps

System Summary

Drops large PE files

Source: C:\Windows\SysWOW64\wget.exe

File dump: CloudCompare_v2.14.alpha_setup_x64.exe.2.dr 355083480

Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca56.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{53CF6934-A98D-3D84-9146-FC4EDF3D5641}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICCC7.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\msvcp120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\msvcr120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\vcamp120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\vccorlib120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\vcomp120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca5c.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca5c.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca5d.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{010792BA-551A-3AC0-A7EF-0FAB4156C382}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSID3DC.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120chs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120cht.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120deu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120enu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120esn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120fra.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120ita.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120jpn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120kor.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120rus.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc120u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfcm120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfcm120u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca64.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca64.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca65.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1B27.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{382F1166-A409-4C5B-9B1E-85ED538B8291}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1C70.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\concrt140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\msvcp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\msvcp140_1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\msvcp140_2.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\msvcp140_codecvt_ids.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\vcamp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\vccorlib140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\vcomp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\vcruntime140_threads.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca75.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca75.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca76.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2366.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{E1902FC6-C423-4719-AB8A-AC7B2694B367}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI258A.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140chs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140cht.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140deu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140enu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140esn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140fra.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140ita.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140jpn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140kor.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140rus.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfc140u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfcm140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\system32\mfcm140u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca89.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52ca89.msi	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\52ca5c.msi

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004E406A	20_2_004E406A
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004DF018	20_2_004DF018
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D71EE	20_2_004D71EE
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D2299	20_2_004D2299
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D2560	20_2_004D2560
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D757C	20_2_004D757C
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004DA7B3	20_2_004DA7B3
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D281B	20_2_004D281B
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004DEB90	20_2_004DEB90
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D1C7D	20_2_004D1C7D
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004C5D9B	20_2_004C5D9B
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004CDE46	20_2_004CDE46
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D1FEF	20_2_004D1FEF
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004A7FA9	20_2_004A7FA9
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A7F018	21_2_00A7F018
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A8406A	21_2_00A8406A
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A771EE	21_2_00A771EE
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A72299	21_2_00A72299
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A72560	21_2_00A72560
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A7757C	21_2_00A7757C
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A7A7B3	21_2_00A7A7B3
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A7281B	21_2_00A7281B
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A7EB90	21_2_00A7EB90
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A71C7D	21_2_00A71C7D
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A65D9B	21_2_00A65D9B
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A6DE46	21_2_00A6DE46
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A47FA9	21_2_00A47FA9
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A71FEF	21_2_00A71FEF
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E65D9B	22_2_00E65D9B
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E8406A	22_2_00E8406A
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E7F018	22_2_00E7F018
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E771EE	22_2_00E771EE
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E72299	22_2_00E72299
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E72560	22_2_00E72560
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E7757C	22_2_00E7757C
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E7A7B3	22_2_00E7A7B3
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E7281B	22_2_00E7281B
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E7EB90	22_2_00E7EB90
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E71C7D	22_2_00E71C7D
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E6DE46	22_2_00E6DE46
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E71FEF	22_2_00E71FEF
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E47FA9	22_2_00E47FA9
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003BC0FA	28_2_003BC0FA
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_00396184	28_2_00396184
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003C022D	28_2_003C022D
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003CA3B0	28_2_003CA3B0
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003C0662	28_2_003C0662
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_0039A7EF	28_2_0039A7EF
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003CA85E	28_2_003CA85E
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003BF919	28_2_003BF919
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003A69CC	28_2_003A69CC
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003C0A97	28_2_003C0A97
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003C2B21	28_2_003C2B21
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003C2D50	28_2_003C2D50
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003CED4C	28_2_003CED4C
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003BFE15	28_2_003BFE15

Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: String function: 00561D32 appears 59 times
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: String function: 00565A1A appears 73 times
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: String function: 6B9F10E3 appears 70 times
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: String function: 00562F06 appears 462 times
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: String function: 0055FD42 appears 35 times
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: String function: 00560126 appears 655 times
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: String function: 6B9FAFD3 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: String function: 00FE2F06 appears 462 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: String function: 00FE5A1A appears 73 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: String function: 00FE1D32 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: String function: 00FDFD42 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: String function: 00FE0126 appears 655 times
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: String function: 00A429F6 appears 54 times
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: String function: 00A70B80 appears 33 times
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: String function: 00A87952 appears 79 times
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: String function: 00A413B3 appears 502 times
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: String function: 00A853E7 appears 684 times
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: String function: 00A858CE appears 34 times
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: String function: 00E70B80 appears 33 times
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: String function: 00E87952 appears 79 times
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: String function: 00E429F6 appears 54 times
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: String function: 00E853E7 appears 684 times
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: String function: 00E413B3 appears 502 times
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: String function: 00E858CE appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: String function: 004A13B3 appears 501 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: String function: 004E58CE appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: String function: 004A29F6 appears 54 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: String function: 004D0B80 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: String function: 004E7952 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: String function: 004E53E7 appears 684 times
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: String function: 003D012F appears 678 times
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: String function: 003D061A appears 34 times
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: String function: 003937D3 appears 496 times
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: String function: 00391F20 appears 54 times
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: String function: 003D31C7 appears 85 times

Source: CloudCompare_v2.14.alpha_setup_x64.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-E67D7.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-F8008.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79

Source: is-F0B2H.tmp.10.dr	Static PE information: Number of sections : 13 > 10
Source: is-TLF74.tmp.10.dr	Static PE information: Number of sections : 19 > 10
Source: is-BU6NB.tmp.10.dr	Static PE information: Number of sections : 12 > 10
Source: is-RKRC4.tmp.10.dr	Static PE information: Number of sections : 19 > 10
Source: is-78AIN.tmp.10.dr	Static PE information: Number of sections : 12 > 10

Source: classification engine

Classification label: mal56.spre.evad.win@37/669@0/1

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FDF9C6 FormatMessageW,GetLastError,LocalFree,

11_2_00FDF9C6

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FB13BA GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	11_2_00FB13BA
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004A62C2 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	20_2_004A62C2
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A462C2 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	21_2_00A462C2
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E462C2 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	22_2_00E462C2
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_005313BA GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	24_2_005313BA
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003944E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	28_2_003944E9

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FE726D CLSIDFromProgID,CoCreateInstance,

11_2_00FE726D

Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe

Code function: 25_2_6B9FA6F8 FindResourceExA,GetLastError,LoadResource,GetLastError,SizeofResource,GetLastError,LockResource,GetLastError,

25_2_6B9FA6F8

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FCEDC2 ChangeServiceConfigW,GetLastError,

11_2_00FCEDC2

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp

File created: C:\Program Files\CloudCompare

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6800:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5596:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4444:120:WilError_03

Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe

File created: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: `N	20_2_004A10E1
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: xN	20_2_004A10E1
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: version.dll	20_2_004A10E1
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: wininet.dll	20_2_004A10E1
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: comres.dll	20_2_004A10E1
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: clbcatq.dll	20_2_004A10E1
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: N	20_2_004A10E1
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: crypt32.dll	20_2_004A10E1
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: feclient.dll	20_2_004A10E1
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Command line argument: cabinet.dll	20_2_004A10E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: cabinet.dll	21_2_00A410E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: msi.dll	21_2_00A410E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: version.dll	21_2_00A410E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: wininet.dll	21_2_00A410E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: comres.dll	21_2_00A410E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: clbcatq.dll	21_2_00A410E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: msasn1.dll	21_2_00A410E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: crypt32.dll	21_2_00A410E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: feclient.dll	21_2_00A410E1
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Command line argument: cabinet.dll	21_2_00A410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: `	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: x	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: version.dll	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: wininet.dll	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: comres.dll	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: clbcatq.dll	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: msasn1.dll	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: crypt32.dll	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: feclient.dll	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: `	22_2_00E410E1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Command line argument: `	22_2_00E410E1
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Command line argument: cabinet.dll	28_2_00391070
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Command line argument: msi.dll	28_2_00391070
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Command line argument: version.dll	28_2_00391070
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Command line argument: wininet.dll	28_2_00391070
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Command line argument: comres.dll	28_2_00391070
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Command line argument: clbcatq.dll	28_2_00391070
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Command line argument: msasn1.dll	28_2_00391070
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Command line argument: crypt32.dll	28_2_00391070
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Command line argument: feclient.dll	28_2_00391070

Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: vcredist_2013_x64.exe, 0000000B.00000003.4804245294.000000000088D000.00000004.00000020.00020000.00000000.sdmp, vcredist_2013_x64.exe, 0000000B.00000003.4806048727.00000000008C6000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: SELECT `WixDependency`.`WixDependency`, `WixDependencyProvider`.`Component_`, `WixDependency`.`ProviderKey`, `WixDependency`.`MinVersion`, `WixDependency`.`MaxVersion`, `WixDependency`.`Attributes` FROM `WixDependencyProvider`, `WixDependency`, `WixDependencyRef` WHERE `WixDependency`.`WixDependency` = `WixDependencyRef`.`WixDependency_` AND `WixDependencyProvider`.`WixDependencyProvider` = `WixDependencyRef`.`WixDependencyProvider_`SELECT `WixDependencyProvider`.`WixDependencyProvider`, `WixDependencyProvider`.`Component_`, `WixDependencyProvider`.`ProviderKey`, `WixDependencyProvider`.`Attributes` FROM `WixDependencyProvider`Failed to ignored dependency "%ls" to the string dictionary.;Failed to create the string dictionary.Failed to get the string value of the IGNOREDEPENDENCIES property.IGNOREDEPENDENCIESUnknownFailed to set the dependency name "%ls" into the message record.Failed to set the dependency key "%ls" into the message record.The dependency "%ls" is missing or is not the required version.Found dependent "%ls", name: "%ls".Failed to set the number of dependencies into the message record.Failed to set the message identifier into the message record.Not enough memory to create the message record.wixdepca.cppUnexpected message response %d from user or bootstrapper application.Failed to create the dependency record for message %d.Failed to enumerate all of the rows in the dependency query view.Failed to get WixDependency.Attributes.Failed to get WixDependency.MaxVersion.Failed to get WixDependency.MinVersion.Failed to get WixDependency.ProviderKey.Failed to get WixDependencyProvider.Component_.Failed to get WixDependency.WixDependency.Failed dependency check for %ls.Skipping dependency check for %ls because the component %ls is not being (re)installed.Failed to open the query view for dependencies.Failed to initialize the unique dependency string list.Failed to check if the WixDependency table exists.Skipping the dependency check since no dependencies are authored.WixDependencyFailed to enumerate all of the rows in the dependency provider query view.Failed to get WixDependencyProvider.Attributes.Failed to get WixDependencyProvider.ProviderKey.Failed to get WixDependencyProvider.Component.Failed to get WixDependencyProvider.WixDependencyProvider.Failed dependents check for %ls.Skipping dependents check for %ls because the component %ls is not being uninstalled.Failed to open the query view for dependency providers.Failed to check if the WixDependencyProvider table exists.Skipping the dependents check since no dependency providers are authored.WixDependencyProviderSkipping the dependencies check since IGNOREDEPENDENCIES contains "ALL".Failed to check if "ALL" was set in IGNOREDEPENDENCIES.ALLFailed to get the ignored dependents.Failed to ensure required dependencies for (re)installing components.ALLUSERSFailed to initialize the registry functions.Failed to initialize.WixDependencyRequireFailed to ensure absent dependents for uninstalling com

Source: vcredist_2013_x64.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x64.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x64.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x64.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: vcredist_x64.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x64.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe"
Source: unknown	Process created: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe "C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe"
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Process created: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp "C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp" /SL5="$B01CE,353634964,780800,C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe"
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe "C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe" /install /quiet /norestart
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Process created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe "C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe" /install /quiet /norestart -burn.unelevated BurnPipe.{1EB8EC4C-F5D1-4ECA-9DD0-7714AF65556E} {84117F68-D40E-4241-8A1A-B0F8298D254D} 4264
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe "C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe" /install /quiet /norestart
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Process created: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe "C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe" -burn.filehandle.attached=680 -burn.filehandle.self=684 /install /quiet /norestart
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Process created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe "C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5DEBEB27-EE90-4179-8801-9F2879D6FF33} {CFB915F2-7D0C-4BB0-A831-01B27FBD1688} 2492
Source: unknown	Process created: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe "C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Process created: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe "C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe"
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded BurnPipe.{3CE290E6-406D-4F39-9839-02C576C54025} {EA2D85BC-101D-4701-8D4D-A4BF8B19AB71} 6552
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.filehandle.attached=508 -burn.filehandle.self=520 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded BurnPipe.{3CE290E6-406D-4F39-9839-02C576C54025} {EA2D85BC-101D-4701-8D4D-A4BF8B19AB71} 6552
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5A86F4D1-A9EC-4B64-B083-BE7A62BB96B8} {9AF4D465-6A98-4E12-88F2-BC1C1719DF24} 4280
Source: unknown	Process created: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe"
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548
Source: unknown	Process created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x4 /state0:0xa3f5a855 /state1:0x41c64e6d
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe"	Jump to behavior
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Process created: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp "C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp" /SL5="$B01CE,353634964,780800,C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe "C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe" /install /quiet /norestart	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe "C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe" /install /quiet /norestart	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Process created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe "C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe" /install /quiet /norestart -burn.unelevated BurnPipe.{1EB8EC4C-F5D1-4ECA-9DD0-7714AF65556E} {84117F68-D40E-4241-8A1A-B0F8298D254D} 4264	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Process created: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe "C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe" -burn.filehandle.attached=680 -burn.filehandle.self=684 /install /quiet /norestart
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Process created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe "C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5DEBEB27-EE90-4179-8801-9F2879D6FF33} {CFB915F2-7D0C-4BB0-A831-01B27FBD1688} 2492
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded BurnPipe.{3CE290E6-406D-4F39-9839-02C576C54025} {EA2D85BC-101D-4701-8D4D-A4BF8B19AB71} 6552
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Process created: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe "C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe"
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.filehandle.attached=508 -burn.filehandle.self=520 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded BurnPipe.{3CE290E6-406D-4F39-9839-02C576C54025} {EA2D85BC-101D-4701-8D4D-A4BF8B19AB71} 6552
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5A86F4D1-A9EC-4B64-B083-BE7A62BB96B8} {9AF4D465-6A98-4E12-88F2-BC1C1719DF24} 4280
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe"
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: usoapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: sxproxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: bcd.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vss_ps.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: feclient.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: msi.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: version.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: wldp.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: profapi.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: feclient.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: msimg32.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: explorerframe.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: riched20.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: usp10.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: msls31.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: textshaping.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: propsys.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: edputil.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: urlmon.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: srvcli.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: netutils.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: sspicli.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: appresolver.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: slc.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: sppc.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: userenv.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: msi.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: version.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: wldp.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: profapi.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: srclient.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: spp.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: powrprof.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: vssapi.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: vsstrace.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: umpdc.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: usoapi.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: sxproxy.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: feclient.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: srpapi.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: netapi32.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: wkscli.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: netutils.dll
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: wininet.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: msasn1.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: wininet.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: msasn1.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: windowscodecs.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: explorerframe.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: riched20.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: usp10.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: msls31.dll
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srclient.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srcore.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: wer.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: bcd.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: msxml3.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vss_ps.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: msimg32.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: windowscodecs.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: explorerframe.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: riched20.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: usp10.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: msls31.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: textshaping.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: propsys.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: edputil.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: urlmon.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: netutils.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: appresolver.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: bcp47langs.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: slc.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: userenv.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: sppc.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: srclient.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: spp.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: powrprof.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: vssapi.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: vsstrace.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: umpdc.dll
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Section loaded: usoapi.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: msimg32.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: windowscodecs.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: explorerframe.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: riched20.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: usp10.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: msls31.dll
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: logoncontroller.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: slc.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: dsreg.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: windows.ui.logon.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: wincorlib.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: dcomp.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: windows.ui.xamlhost.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: windows.ui.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: windowmanagementapi.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: inputhost.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: languageoverlayutil.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: bcp47mrm.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: windows.ui.xaml.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: dwrite.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: windows.globalization.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: d2d1.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\LogonUI.exe	Section loaded: directmanipulation.dll

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: CloudCompare.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\CloudCompare\CloudCompare.exe
Source: CloudCompare.lnk0.10.dr	LNK file: ..\..\..\Program Files\CloudCompare\CloudCompare.exe

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Window detected: Number of UI elements: 19
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Window detected: Number of UI elements: 23
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Window detected: Number of UI elements: 19
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Window detected: Number of UI elements: 23
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Window detected: Number of UI elements: 23

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-E67D7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-RK2D7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-F0B2H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-BU6NB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-78AIN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-5U5RQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-Q3UAG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-A4GQ6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-K8E7Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-T8E89.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-7AMNT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-KMJ88.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-MV458.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-0UCED.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-S20LH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-9Q3NC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-DMGNO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-5NEDU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-9MQ23.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-96G17.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-QLH03.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-0ETAJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-1D8GC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-CRC3K.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-DG0J0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-RKRC4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-TLF74.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-F8008.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-GBVP7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-V81UA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-7D511.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-QJLST.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-2BPFH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-Q8VGT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-3UACU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-4N83B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-GD96M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-5LLNK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-1AVDH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-2NF19.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-6E13D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-VUNA7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-ULPPI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-8GF8G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-Q4FUF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-9564F.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-LNQRQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-F27EN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-OU74J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-EHH64.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-JJ5J0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-5DUDN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-AJ0MH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-TJIIT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-LIKHT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-NKH37.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-1T592.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-TRDII.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-86FV8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-V60H0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-T6I4U.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-ORCGS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-DE3LQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-OHVSP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-VQV6S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-02UTJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-NUL4B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-192GB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-MF4VL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-82NCD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-GMPDH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-9V9PD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-VD2K0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-O99L5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-4FB87.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-FVJ9O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-OL3SL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-N98JH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-UP0V3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\is-Q06N3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\gamepads	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\gamepads\is-T476D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\iconengines	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\iconengines\is-2O479.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-VN2GT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-R83R7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-2F3I0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-AM7K6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-26VGE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-8LGJR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-H2EK5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-FFN20.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\imageformats\is-G554D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\platforms	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\platforms\is-JL72O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-NO2LL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-A6DSE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-9UK7J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-5R3DL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-4H4J7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-EKSJ8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-EVN8N.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-1BHUB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-K59TJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-UQ6Q7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-SFOAI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-H5T2H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-HMUPJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-EV193.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-09N3S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-SVRC0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-7SBVS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-23FRJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-51UVB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-S1TGF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-DDST8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-E63HF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-58SRQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-AKS9N.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-U95IF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-VJOEG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-QQLBV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-DG6LF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-QP8K8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-RGJQE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-8BQMI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-MPFLG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-EJTBC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-8A210.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-232MC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-84SFH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-8RLKI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-C1KHU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-3FSQ4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-L6IDA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-MN40I.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\plugins\is-O1011.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\Bilateral	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\Bilateral\is-7E84J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\Bilateral\is-I54SL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\ColorRamp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\ColorRamp\is-QD1K5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\DrawNormals	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\DrawNormals\is-16Q60.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\DrawNormals\is-079CG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\DrawNormals\is-1T3F7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL\is-VLK83.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL\is-CSNSK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL\is-KV0SK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\EDL\is-V57QR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\SSAO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\SSAO\is-NGK93.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\shaders\SSAO\is-16B4L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\styles	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\styles\is-HV0JM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-443P6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-CGINU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-GP11Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-1E24F.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-S6F83.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-9AV9B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-1CVRR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-A4SLN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-J6M97.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-ITE62.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-KN4UH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-PFR24.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-TL72C.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-VNUAS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-2S2PK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-6DHOH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-THVTA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-TRV8H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-UBV0R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-2QKRK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-F6T7O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-10N3O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-0NGBU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-OQE25.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-HJ7JF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-QC8LA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-7DSMM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-PCIMT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-5O1M6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-3HP9U.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-GJN0R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-9VPOJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\translations\is-8LM9M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Directory created: C:\Program Files\CloudCompare\unins000.msg	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4DE0A2C8-03F9-4B3F-BAFC-1D5F2141464B}_is1

Jump to behavior

Source:	Binary string: MFCM120U.amd64.pdb source: mfcm120u.dll.19.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: VC_redist.x64.exe, 0000001C.00000002.5094773956.00000000003DB000.00000002.00000001.01000000.00000014.sdmp, VC_redist.x64.exe, 0000001D.00000002.5086434755.00000000003DB000.00000002.00000001.01000000.00000014.sdmp, VC_redist.x64.exe, 0000001E.00000002.5082503451.00000000003DB000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb source: VC_redist.x64.exe, 00000014.00000000.4866316131.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000014.00000002.5111247731.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000015.00000000.4867826152.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000015.00000002.5106004440.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000016.00000002.5102890508.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 00000016.00000003.5002147253.0000000000980000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000016.00000000.4875152360.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 0000001F.00000000.5129153010.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 0000001F.00000002.5138174837.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000002.5484844134.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000000.5130814743.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000000.5133213302.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000002.5484898708.00000000009CE000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdbH source: vcredist_x64.exe, 00000019.00000002.5497241555.000000006BA05000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb source: vcredist_2013_x64.exe, 0000000B.00000002.4863161318.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000B.00000000.4635010313.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000D.00000002.4862972062.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000D.00000000.4636956599.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_x64.exe, 00000018.00000000.4892550754.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000018.00000002.4899692937.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000019.00000002.5485472293.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000019.00000000.4894071572.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe.13.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixDepCA.pdb source: vcredist_2013_x64.exe, 0000000B.00000003.4804245294.000000000088D000.00000004.00000020.00020000.00000000.sdmp, vcredist_2013_x64.exe, 0000000B.00000003.4806048727.00000000008C6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: is-F27EN.tmp.10.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb`E source: vcredist_x64.exe.13.dr
Source:	Binary string: MFCM120U.amd64.pdb8@ source: mfcm120u.dll.19.dr
Source:	Binary string: C:\agent\_work\36\s\wix\build\ship\x86\WixStdBA.pdb source: VC_redist.x64.exe, 00000021.00000002.5497369648.000000006F853000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: E:\builds\xerces-c-3.1.4\Build\Win64\VC12\Release\xerces-c_3_1.pdb source: is-UP0V3.tmp.10.dr
Source:	Binary string: E:\builds\openssl-1.0.1h\x64\out32dll\libeay32.pdb source: is-DG0J0.tmp.10.dr
Source:	Binary string: C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb4 source: VC_redist.x64.exe, 00000014.00000000.4866316131.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000014.00000002.5111247731.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000015.00000000.4867826152.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000015.00000002.5106004440.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000016.00000002.5102890508.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 00000016.00000003.5002147253.0000000000980000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000016.00000000.4875152360.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 0000001F.00000000.5129153010.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 0000001F.00000002.5138174837.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000002.5484844134.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000000.5130814743.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000000.5133213302.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000002.5484898708.00000000009CE000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: E:\builds\xerces-c-3.1.4\Build\Win64\VC12\Release\xerces-c_3_1.pdb; source: is-UP0V3.tmp.10.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb`X source: vcredist_x64.exe, 00000018.00000000.4892550754.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000018.00000002.4899692937.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000019.00000002.5485472293.000000000056B000.00000002.00000001.01000000.00000012.sdmp, vcredist_x64.exe, 00000019.00000000.4894071572.000000000056B000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdb source: vcredist_x64.exe, 00000019.00000002.5497241555.000000006BA05000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ESN.amd64.pdb source: mfc140esn.dll.19.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb` source: vcredist_2013_x64.exe, 0000000B.00000002.4863161318.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000B.00000000.4635010313.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000D.00000002.4862972062.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp, vcredist_2013_x64.exe, 0000000D.00000000.4636956599.0000000000FEB000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: E:\builds\openssl-1.0.1h\x64\out32dll\libeay32.pdbU source: is-DG0J0.tmp.10.dr

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FDC2AB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

11_2_00FDC2AB

Source: CloudCompare_v2.14.alpha_setup_x64.exe.2.dr	Static PE information: section name: .didata
Source: CloudCompare_v2.14.alpha_setup_x64.tmp.9.dr	Static PE information: section name: .didata
Source: is-E4N2C.tmp.10.dr	Static PE information: section name: .wixburn
Source: is-F2TE4.tmp.10.dr	Static PE information: section name: .wixburn
Source: is-T476D.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-2O479.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-VN2GT.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-R83R7.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-2F3I0.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-AM7K6.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-26VGE.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-8LGJR.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-H2EK5.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-FFN20.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-G554D.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-JL72O.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-NO2LL.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-A6DSE.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-9UK7J.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-5R3DL.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-4H4J7.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-EKSJ8.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-EVN8N.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-1BHUB.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-K59TJ.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-UQ6Q7.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-SFOAI.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-H5T2H.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-H5T2H.tmp.10.dr	Static PE information: section name: _RDATA
Source: is-HMUPJ.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-EV193.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-09N3S.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-SVRC0.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-SVRC0.tmp.10.dr	Static PE information: section name: _RDATA
Source: is-E67D7.tmp.10.dr	Static PE information: section name: .didata
Source: is-F0B2H.tmp.10.dr	Static PE information: section name: .rodata
Source: is-F0B2H.tmp.10.dr	Static PE information: section name: .xdata
Source: is-BU6NB.tmp.10.dr	Static PE information: section name: .xdata
Source: is-78AIN.tmp.10.dr	Static PE information: section name: .xdata
Source: is-7SBVS.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-23FRJ.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-51UVB.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-S1TGF.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-DDST8.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-E63HF.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-58SRQ.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-AKS9N.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-U95IF.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-VJOEG.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-9Q3NC.tmp.10.dr	Static PE information: section name: _RDATA
Source: is-QQLBV.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-DG6LF.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-QP8K8.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-RGJQE.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-8BQMI.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-MPFLG.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-EJTBC.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-8A210.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-232MC.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-84SFH.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-RKRC4.tmp.10.dr	Static PE information: section name: /4
Source: is-RKRC4.tmp.10.dr	Static PE information: section name: /19
Source: is-RKRC4.tmp.10.dr	Static PE information: section name: /35
Source: is-RKRC4.tmp.10.dr	Static PE information: section name: /47
Source: is-RKRC4.tmp.10.dr	Static PE information: section name: /61
Source: is-RKRC4.tmp.10.dr	Static PE information: section name: /73
Source: is-RKRC4.tmp.10.dr	Static PE information: section name: /86
Source: is-RKRC4.tmp.10.dr	Static PE information: section name: /97
Source: is-RKRC4.tmp.10.dr	Static PE information: section name: /108
Source: is-TLF74.tmp.10.dr	Static PE information: section name: /4
Source: is-TLF74.tmp.10.dr	Static PE information: section name: /19
Source: is-TLF74.tmp.10.dr	Static PE information: section name: /35
Source: is-TLF74.tmp.10.dr	Static PE information: section name: /47
Source: is-TLF74.tmp.10.dr	Static PE information: section name: /61
Source: is-TLF74.tmp.10.dr	Static PE information: section name: /73
Source: is-TLF74.tmp.10.dr	Static PE information: section name: /86
Source: is-TLF74.tmp.10.dr	Static PE information: section name: /97
Source: is-TLF74.tmp.10.dr	Static PE information: section name: /108
Source: is-8RLKI.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-C1KHU.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-3FSQ4.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-L6IDA.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-MN40I.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-O1011.tmp.10.dr	Static PE information: section name: .qtmetad
Source: is-QJLST.tmp.10.dr	Static PE information: section name: .didat

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FDA225 push ecx; ret	11_2_00FDA238
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D0BC6 push ecx; ret	20_2_004D0BD9
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004ECD63 push ecx; ret	20_2_004ECD76
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A70BC6 push ecx; ret	21_2_00A70BD9
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A8CD63 push ecx; ret	21_2_00A8CD76
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E70BC6 push ecx; ret	22_2_00E70BD9
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E8CD63 push ecx; ret	22_2_00E8CD76
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_0055A225 push ecx; ret	24_2_0055A238
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 25_2_6B9FC354 pushad ; ret	25_2_6B9FC355
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 25_2_6B9FEE85 push ecx; ret	25_2_6B9FEE98
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003BE876 push ecx; ret	28_2_003BE889

Persistence and Installation Behavior

Infects executable files (exe, dll, sys, html)

Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140jpn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140esn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140ita.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140deu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140chs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfcm140u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140enu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfcm120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc120u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\concrt140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140fra.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vccorlib140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vcomp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140cht.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140rus.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfcm140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfcm120u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140kor.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140_2.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140_codecvt_ids.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcr120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vcamp140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\vccorlib120.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\msvcp140_1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	System file written: C:\Windows\System32\mfc120.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-OHVSP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\iconv.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\is-FFN20.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-JJ5J0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKShHealing.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca74.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\libgmp-10.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\netcdf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QPHOTOSCAN_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\qtga.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-DDST8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\python310.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QEDL_GL_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QRDB_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140chs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QSRA_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-AKS9N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\libpq.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\concrt140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\Qt5Svg.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140fra.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QCOMPASS_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\qwebp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-VQV6S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QHPR_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca84.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-4N83B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-4FB87.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\is-26VGE.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-VJOEG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	File created: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-E67D7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-5DUDN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\is-G554D.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\proj.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QJSON_RPC_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QPCL_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\qicns.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\Qt5Core.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120esn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-7SBVS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-Q06N3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-232MC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\gdal202.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\libcurl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QM3C2_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	File created: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File created: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKG2d.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\swscale-7.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140_2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKG3d.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-RGJQE.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-QJLST.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-FVJ9O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\msvcp140.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-84SFH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\Qt5Concurrent.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca83.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\swresample-4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\qsvg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QPOISSON_RECON_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-TJIIT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-CRC3K.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca7f.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\geos_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-TLF74.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.be\vcredist_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QPCV_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\CC_FBO_LIB.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\Qt5Gui.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca6f.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QDRACO_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\CCAppCommon.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca85.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\qgif.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-DG6LF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-TRDII.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QCORK_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vccorlib120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca7e.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-S20LH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\CCCoreLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QTREEISO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca6e.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\CloudCompare.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-NUL4B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKSTEP209.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QMANUAL_SEG_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-LNQRQ.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca7d.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\DotProduct_x64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\Qt5WebSockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKGeomAlgo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QAUTO_SEG_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140esn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	File created: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140deu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm140u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-ORCGS.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QELLIPSER_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-EJTBC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKMath.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QCORE_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-82NCD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-UP0V3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca82.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-GMPDH.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca69.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-ULPPI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QRANSAC_SD_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKSTEPBase.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca62.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-MPFLG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\xerces-c_3_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-EKSJ8.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca73.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-DE3LQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QDOT_PRODUCT_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-23FRJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-5NEDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\is-AM7K6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-A6DSE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\iconengines\is-2O479.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\platforms\is-JL72O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-1AVDH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QRIEGL_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-H5T2H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\QCC_IO_LIB.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\tbbmalloc.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca60.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-NKH37.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-OL3SL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\vcruntime140.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKTopAlgo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\is-VN2GT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-GBVP7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\libxml2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QE57_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca80.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-AJ0MH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-OU74J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\expat.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\QCC_DB_LIB.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcamp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\libmysql.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\Qt5Gamepad.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\is-E4N2C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-MV458.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-9Q3NC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-3UACU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-N98JH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\avcodec-60.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-8A210.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-MF4VL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\platforms\qwindows.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\msvcp140_2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\opencv_world340.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-7AMNT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QHOUGH_NORMALS_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-8RLKI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-K8E7Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-S1TGF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140ita.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKernel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-78AIN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-QQLBV.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca81.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca87.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140enu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\is-F2TE4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca71.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-HMUPJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-UQ6Q7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-L6IDA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca61.rbf (copy)	Jump to dropped file
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\gamepads\xinputgamepad.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-3FSQ4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-192GB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\avformat-60.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QBROOM_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-F27EN.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca7b.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-E63HF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKSTEPAttr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QCANUPO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca5b.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-SFOAI.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca6b.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-51UVB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QANIMATION_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-K59TJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-0UCED.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\rdblib.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140_atomic_wait.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\is-R83R7.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140rus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-A4GQ6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-Q3UAG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\qjpeg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-GD96M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QMPLANE_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\MeshIO.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm120u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-VD2K0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-F8008.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QCSF_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\python3.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\spatialite.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-9564F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-U95IF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-O1011.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-02UTJ.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca7c.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca6c.rbf (copy)	Jump to dropped file
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-96G17.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-6E13D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-8BQMI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKSTEP.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QLAS_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140_codecvt_ids.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-MN40I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QPCL_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-4H4J7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-LIKHT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-EV193.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-EVN8N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\laszip3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\geos.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\CCPluginAPI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\styles\is-HV0JM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-BU6NB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\qtiff.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-O99L5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-5U5RQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\libmpfr-4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\Qt5Widgets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-5LLNK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-EHH64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKMesh.dll (copy)	Jump to dropped file
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-2BPFH.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\QCC_GL_LIB.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca86.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-2NF19.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QMESH_BOOLEAN_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca6d.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\openjp2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-1D8GC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-RK2D7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-9UK7J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-86FV8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-58SRQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\iconengines\qsvgicon.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-DMGNO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\styles\qwindowsvistastyle.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-Q8VGT.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcamp120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-SVRC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-RKRC4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\Q3DMASC_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-VUNA7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QFACETS_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QCOLORIMETRIC_SEGMENTER_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\tbb.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120chs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-V60H0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QCLOUDLAYERS_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\is-8LGJR.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca59.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca72.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKBRep.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-0ETAJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-Q4FUF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120fra.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\gamepads\is-T476D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QFBX_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\Qt5OpenGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-09N3S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-QLH03.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-8GF8G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QSSAO_GL_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca63.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca7a.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140cht.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-F0B2H.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\freexl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\szip.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\Qt5Network.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca5a.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QSTEP_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QCSV_MATRIX_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\is-2F3I0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\concrt140.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QADDITIONAL_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\qwbmp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-V81UA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKXSBase.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\QVOXFALL_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-9V9PD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-NO2LL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcruntime140_threads.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-QP8K8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-DG0J0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 52ca70.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-KMJ88.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\TKGeomBase.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\is-T6I4U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\hdf5.dll (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\wget.exe	File created: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\msvcp140_1.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\is-H2EK5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-5R3DL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-1BHUB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120jpn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\plugins\is-C1KHU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\hdf5_hl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\imageformats\qico.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\Program Files\CloudCompare\avutil-58.dll (copy)	Jump to dropped file

Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	File created: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File created: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm140u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcamp120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\concrt140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140fra.dll	Jump to dropped file
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vccorlib140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	File created: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140_atomic_wait.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm120u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140_2.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcruntime140_threads.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc140.dll	Jump to dropped file
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140_codecvt_ids.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcamp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vccorlib120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp140_1.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc120.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1028\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1029\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1031\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1036\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1040\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1041\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1042\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1045\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1046\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1049\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\1055\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\2052\license.rtf
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	File created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	File created: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	File created: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\3082\license.rtf

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore

Jump to behavior

Source: C:\Windows\System32\SrTasks.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloudCompare			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloudCompare\CloudCompare.lnk			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {042d26ef-3dbe-4c25-95d3-4c1b11b235a7}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {042d26ef-3dbe-4c25-95d3-4c1b11b235a7}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {042d26ef-3dbe-4c25-95d3-4c1b11b235a7}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {042d26ef-3dbe-4c25-95d3-4c1b11b235a7}	Jump to behavior
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {804e7d66-ccc2-4c12-84ba-476da31d103d}
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {804e7d66-ccc2-4c12-84ba-476da31d103d}
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {804e7d66-ccc2-4c12-84ba-476da31d103d}
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {804e7d66-ccc2-4c12-84ba-476da31d103d}

Source: C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\LogonUI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\LogonUI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\LogonUI.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\iconv.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-OHVSP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\is-FFN20.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca74.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKShHealing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-JJ5J0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\netcdf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\libgmp-10.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QPHOTOSCAN_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\qtga.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-DDST8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QEDL_GL_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\python310.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QRDB_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140chs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QSRA_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-AKS9N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\libpq.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\concrt140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\Qt5Svg.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140fra.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QCOMPASS_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\qwebp.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca84.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-VQV6S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QHPR_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-4N83B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-4FB87.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\is-26VGE.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-VJOEG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-5DUDN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\is-G554D.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcomp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\proj.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QPCL_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QJSON_RPC_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\qicns.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\Qt5Core.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120esn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-7SBVS.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-Q06N3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QM3C2_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\gdal202.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-232MC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\libcurl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKG2d.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\swscale-7.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp140_2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKG3d.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-RGJQE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-QJLST.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-FVJ9O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\msvcp140.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-84SFH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\Qt5Concurrent.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca83.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120rus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\qsvg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\swresample-4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QPOISSON_RECON_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-TJIIT.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca7f.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-CRC3K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\geos_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-TLF74.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QPCV_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\CC_FBO_LIB.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\Qt5Gui.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca6f.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QDRACO_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\CCAppCommon.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca85.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\qgif.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-TRDII.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QCORK_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-DG6LF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vccorlib120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca7e.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120enu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QTREEISO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-S20LH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\CCCoreLib.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca6e.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\CloudCompare.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-NUL4B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QMANUAL_SEG_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKSTEP209.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca7d.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-LNQRQ.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120ita.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKGeomAlgo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\Qt5WebSockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\DotProduct_x64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QAUTO_SEG_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140deu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm140u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-ORCGS.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QELLIPSER_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-EJTBC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKMath.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QCORE_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-82NCD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-UP0V3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca82.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca69.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-GMPDH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QRANSAC_SD_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-ULPPI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKSTEPBase.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca62.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\xerces-c_3_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-MPFLG.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca73.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-EKSJ8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QDOT_PRODUCT_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-DE3LQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-23FRJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-5NEDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\is-AM7K6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-A6DSE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\iconengines\is-2O479.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\platforms\is-JL72O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-1AVDH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QRIEGL_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-H5T2H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\QCC_IO_LIB.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\tbbmalloc.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca60.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-NKH37.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-OL3SL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\vcruntime140.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKTopAlgo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-GBVP7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\is-VN2GT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\libxml2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QE57_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca80.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-AJ0MH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\QCC_DB_LIB.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\expat.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-OU74J.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcamp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\Qt5Gamepad.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\libmysql.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-MV458.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-9Q3NC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\avcodec-60.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-3UACU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-N98JH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-MF4VL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-8A210.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\platforms\qwindows.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\opencv_world340.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\msvcp140_2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-7AMNT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QHOUGH_NORMALS_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-8RLKI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-S1TGF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120deu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-K8E7Q.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140ita.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKernel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-78AIN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-QQLBV.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca81.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca87.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca71.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-UQ6Q7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-HMUPJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-L6IDA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca61.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\gamepads\xinputgamepad.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-3FSQ4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\avformat-60.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-192GB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QBROOM_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-F27EN.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca7b.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-E63HF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QCANUPO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKSTEPAttr.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca5b.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-SFOAI.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca6b.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QANIMATION_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-51UVB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-K59TJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-0UCED.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp140_atomic_wait.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\rdblib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\is-R83R7.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140rus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-A4GQ6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-Q3UAG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\qjpeg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QMPLANE_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-GD96M.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm120u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\MeshIO.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-VD2K0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-F8008.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QCSF_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\python3.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\spatialite.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-9564F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-U95IF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-O1011.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-02UTJ.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca7c.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca6c.rbf (copy)	Jump to dropped file
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Dropped PE file which has not been started: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-96G17.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-6E13D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-8BQMI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKSTEP.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp140_codecvt_ids.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QLAS_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-MN40I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QPCL_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-4H4J7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-LIKHT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-EV193.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\laszip3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-EVN8N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\geos.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-BU6NB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\CCPluginAPI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\styles\is-HV0JM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\qtiff.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-O99L5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-5U5RQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\libmpfr-4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\Qt5Widgets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKMesh.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-EHH64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-5LLNK.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Dropped PE file which has not been started: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-2BPFH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\QCC_GL_LIB.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca86.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-2NF19.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca6d.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QMESH_BOOLEAN_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\openjp2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-RK2D7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-1D8GC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-9UK7J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-86FV8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-58SRQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\iconengines\qsvgicon.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-DMGNO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\styles\qwindowsvistastyle.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-Q8VGT.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcamp120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-SVRC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-RKRC4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\Q3DMASC_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QFACETS_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-VUNA7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QCOLORIMETRIC_SEGMENTER_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\tbb.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120chs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-V60H0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QCLOUDLAYERS_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\is-8LGJR.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca59.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca72.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKBRep.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-0ETAJ.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120fra.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-Q4FUF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\gamepads\is-T476D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QFBX_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\Qt5OpenGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-09N3S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-QLH03.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-8GF8G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QSSAO_GL_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca63.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca7a.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140cht.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-F0B2H.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\szip.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\freexl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\Qt5Network.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca5a.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QSTEP_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QCSV_MATRIX_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcomp120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\is-2F3I0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QADDITIONAL_IO_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\concrt140.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\qwbmp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-V81UA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\QVOXFALL_PLUGIN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKXSBase.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-9V9PD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcruntime140_threads.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-NO2LL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-QP8K8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-DG0J0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 52ca70.rbf (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\TKGeomBase.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-KMJ88.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\is-T6I4U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\hdf5.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\msvcp140_1.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\is-H2EK5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-5R3DL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-1BHUB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120jpn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\hdf5_hl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\imageformats\qico.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\plugins\is-C1KHU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Dropped PE file which has not been started: C:\Program Files\CloudCompare\avutil-58.dll (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Evaded block: after key decision

Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe

Evasive API call chain: GetLocalTime,DecisionNodes

Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Windows\System32\SrTasks.exe TID: 4504	Thread sleep time: -280000s >= -30000s			Jump to behavior
Source: C:\Windows\System32\SrTasks.exe TID: 940	Thread sleep time: -290000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FDF835 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00FDF8D6h	11_2_00FDF835
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FDF835 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00FDF8CFh	11_2_00FDF835
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004E506D GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 004E5108h	20_2_004E506D
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004E506D GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 004E5101h	20_2_004E506D
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A8506D GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00A85108h	21_2_00A8506D
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A8506D GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00A85101h	21_2_00A8506D
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E8506D GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00E85108h	22_2_00E8506D
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E8506D GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00E85101h	22_2_00E8506D
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_0055F835 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0055F8D6h	24_2_0055F835
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_0055F835 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0055F8CFh	24_2_0055F835
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003CFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 003CFE5Dh	28_2_003CFDC2
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003CFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 003CFE56h	28_2_003CFDC2

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File Volume queried: C:\Windows FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FC9065 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	11_2_00FC9065
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FE6CB2 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,	11_2_00FE6CB2
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FE5D1F _memset,FindFirstFileW,FindClose,	11_2_00FE5D1F
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004A1700 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,FindClose,	20_2_004A1700
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004A3B2C FindFirstFileW,FindClose,	20_2_004A3B2C
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004DC2AF FindFirstFileExW,FindNextFileW,FindClose,FindClose,	20_2_004DC2AF
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004BB79F FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	20_2_004BB79F
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A5B79F FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	21_2_00A5B79F
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A41700 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,FindClose,	21_2_00A41700
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A43B2C FindFirstFileW,FindClose,	21_2_00A43B2C
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A7C2AF FindFirstFileExW,FindNextFileW,FindClose,FindClose,	21_2_00A7C2AF
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E5B79F FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	22_2_00E5B79F
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E41700 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,FindClose,	22_2_00E41700
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E43B2C FindFirstFileW,FindClose,	22_2_00E43B2C
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E7C2AF FindFirstFileExW,FindNextFileW,FindClose,FindClose,	22_2_00E7C2AF
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_00566CB2 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,	24_2_00566CB2
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_00549065 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	24_2_00549065
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_00565D1F _memset,FindFirstFileW,FindClose,	24_2_00565D1F
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 25_2_6B9FA685 _memset,FindFirstFileW,FindClose,	25_2_6B9FA685
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_00393BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	28_2_00393BC3
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003D4315 FindFirstFileW,FindClose,	28_2_003D4315
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003A993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	28_2_003A993E

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe

Code function: 20_2_004CFC6A VirtualQuery,GetSystemInfo,

20_2_004CFC6A

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\NULL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL	Jump to behavior

Source: SrTasks.exe, 0000001A.00000003.5076633123.00000273EA68D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: SrTasks.exe, 0000001A.00000003.5138273492.00000273EA632000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963
Source: SrTasks.exe, 0000001A.00000003.5138273492.00000273EA632000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000002.5158627658.0000000000805000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: VC_redist.x64.exe, 0000001D.00000003.5084940424.0000000001012000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SrTasks.exe, 00000011.00000002.5053624908.0000021374422000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:##N
Source: VC_redist.x64.exe, 0000001D.00000003.5084940424.0000000001012000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: SrTasks.exe, 0000001A.00000003.5138273492.00000273EA632000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:II
Source: SrTasks.exe, 0000001A.00000003.5058459875.00000273EA6A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:<<
Source: SrTasks.exe, 0000001A.00000003.5076633123.00000273EA68D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c
Source: wget.exe, 00000002.00000002.4225448124.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FD854A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

11_2_00FD854A

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

11_2_00FDC2AB

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D98C7 mov ecx, dword ptr fs:[00000030h]	20_2_004D98C7
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004DCFDC mov eax, dword ptr fs:[00000030h]	20_2_004DCFDC
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A798C7 mov ecx, dword ptr fs:[00000030h]	21_2_00A798C7
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A7CFDC mov eax, dword ptr fs:[00000030h]	21_2_00A7CFDC
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E798C7 mov ecx, dword ptr fs:[00000030h]	22_2_00E798C7
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E7CFDC mov eax, dword ptr fs:[00000030h]	22_2_00E7CFDC
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003C4812 mov eax, dword ptr fs:[00000030h]	28_2_003C4812

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FE28F3 GetProcessHeap,RtlAllocateHeap,

11_2_00FE28F3

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FD90E2 SetUnhandledExceptionFilter,	11_2_00FD90E2
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FD854A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00FD854A
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Code function: 11_2_00FDA74C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00FDA74C
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D0469 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_004D0469
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D8567 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_004D8567
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D0934 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_004D0934
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Code function: 20_2_004D0AC7 SetUnhandledExceptionFilter,	20_2_004D0AC7
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A70469 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_00A70469
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A78567 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_00A78567
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A70934 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_00A70934
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Code function: 21_2_00A70AC7 SetUnhandledExceptionFilter,	21_2_00A70AC7
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E70469 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_00E70469
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E78567 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_00E78567
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E70934 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_00E70934
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Code function: 22_2_00E70AC7 SetUnhandledExceptionFilter,	22_2_00E70AC7
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_005590E2 SetUnhandledExceptionFilter,	24_2_005590E2
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_0055854A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	24_2_0055854A
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 24_2_0055A74C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_0055A74C
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 25_2_6B9FC9C1 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	25_2_6B9FC9C1
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Code function: 25_2_6B9FB88C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	25_2_6B9FB88C
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003BE188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	28_2_003BE188
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003BE625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	28_2_003BE625
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003BE773 SetUnhandledExceptionFilter,	28_2_003BE773
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Code function: 28_2_003C3BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	28_2_003C3BB0

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe	Process created: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe "C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe" -burn.filehandle.attached=680 -burn.filehandle.self=684 /install /quiet /norestart
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Process created: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe "C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5DEBEB27-EE90-4179-8801-9F2879D6FF33} {CFB915F2-7D0C-4BB0-A831-01B27FBD1688} 2492
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded BurnPipe.{3CE290E6-406D-4F39-9839-02C576C54025} {EA2D85BC-101D-4701-8D4D-A4BF8B19AB71} 6552
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.filehandle.attached=508 -burn.filehandle.self=520 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded BurnPipe.{3CE290E6-406D-4F39-9839-02C576C54025} {EA2D85BC-101D-4701-8D4D-A4BF8B19AB71} 6552
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5A86F4D1-A9EC-4B64-B083-BE7A62BB96B8} {9AF4D465-6A98-4E12-88F2-BC1C1719DF24} 4280
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://www.danielgm.net/cc/release/cloudcompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://www.danielgm.net/cc/release/cloudcompare_v2.14.alpha_setup_x64.exe"
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded burnpipe.{3ce290e6-406d-4f39-9839-02c576c54025} {ea2d85bc-101d-4701-8d4d-a4bf8b19ab71} 6552
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe" -burn.clean.room="c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe" -burn.filehandle.attached=508 -burn.filehandle.self=520 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded burnpipe.{3ce290e6-406d-4f39-9839-02c576c54025} {ea2d85bc-101d-4701-8d4d-a4bf8b19ab71} 6552
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://www.danielgm.net/cc/release/cloudcompare_v2.14.alpha_setup_x64.exe"	Jump to behavior
Source: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded burnpipe.{3ce290e6-406d-4f39-9839-02c576c54025} {ea2d85bc-101d-4701-8d4d-a4bf8b19ab71} 6552
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe "c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe" -burn.clean.room="c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe" -burn.filehandle.attached=508 -burn.filehandle.self=520 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded burnpipe.{3ce290e6-406d-4f39-9839-02c576c54025} {ea2d85bc-101d-4701-8d4d-a4bf8b19ab71} 6552

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FE3123 _memset,_memset,_memset,_memset,_memset,_memset,InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,

11_2_00FE3123

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FE0358 CheckTokenMembership,GetLastError,AllocateAndInitializeSid,GetLastError,FreeSid,

11_2_00FE0358

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe

Code function: 20_2_004D0CF7 cpuid

20_2_004D0CF7

Source: C:\Windows\SysWOW64\wget.exe	Queries volume information: C:\Users\user\Desktop\download VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\logo.png VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe	Queries volume information: C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.ba\logo.png VolumeInformation
Source: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\logo.png VolumeInformation
Source: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	Queries volume information: C:\Windows\Temp\{B69FEE28-8D22-4324-8AA7-89A4537BAC86}\.ba\logo.png VolumeInformation
Source: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\{9CC2C60B-9688-4E94-8D9D-BA74225F9E67}\.ba\logo.png VolumeInformation
Source: C:\Windows\System32\LogonUI.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\LogonUI.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Windows\System32\LogonUI.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FB35AD ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,CreateNamedPipeW,GetLastError,

11_2_00FB35AD

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FDF835 EnterCriticalSection,GetCurrentProcessId,GetCurrentThreadId,GetLocalTime,LeaveCriticalSection,

11_2_00FDF835

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FE01CB LookupAccountNameW,LookupAccountNameW,GetLastError,GetLastError,GetLastError,LookupAccountNameW,GetLastError,

11_2_00FE01CB

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FE851E GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,

11_2_00FE851E

Source: C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe

Code function: 11_2_00FB1B46 _memset,_memset,CoInitializeEx,GetModuleHandleW,GetVersionExW,GetLastError,CoUninitialize,

11_2_00FB1B46

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	5 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	12 System Time Discovery	1 Taint Shared Content	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	13 Command and Scripting Interpreter	22 Windows Service	1 Access Token Manipulation	2 Obfuscated Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Service Execution	11 Registry Run Keys / Startup Folder	22 Windows Service	1 DLL Side-Loading	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	12 Process Injection	1 File Deletion	NTDS	3 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	11 Registry Run Keys / Startup Folder	23 Masquerading	LSA Secrets	26 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Virtualization/Sandbox Evasion	Cached Domain Credentials	21 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	1 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Process Injection	Proc Filesystem	1 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	3 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner
52ca59.rbf (copy)	0%	ReversingLabs
52ca5a.rbf (copy)	0%	ReversingLabs
52ca5b.rbf (copy)	0%	ReversingLabs
52ca60.rbf (copy)	0%	ReversingLabs
52ca61.rbf (copy)	0%	ReversingLabs
52ca62.rbf (copy)	0%	ReversingLabs
52ca63.rbf (copy)	0%	ReversingLabs
52ca69.rbf (copy)	0%	ReversingLabs
52ca6b.rbf (copy)	0%	ReversingLabs
52ca6c.rbf (copy)	0%	ReversingLabs
52ca6d.rbf (copy)	0%	ReversingLabs
52ca6e.rbf (copy)	0%	ReversingLabs
52ca6f.rbf (copy)	0%	ReversingLabs
52ca70.rbf (copy)	0%	ReversingLabs
52ca71.rbf (copy)	0%	ReversingLabs
52ca72.rbf (copy)	0%	ReversingLabs
52ca73.rbf (copy)	0%	ReversingLabs
52ca74.rbf (copy)	0%	ReversingLabs
52ca7a.rbf (copy)	0%	ReversingLabs
52ca7b.rbf (copy)	0%	ReversingLabs
52ca7c.rbf (copy)	0%	ReversingLabs
52ca7d.rbf (copy)	0%	ReversingLabs
52ca7e.rbf (copy)	0%	ReversingLabs
52ca7f.rbf (copy)	0%	ReversingLabs
52ca80.rbf (copy)	0%	ReversingLabs
52ca81.rbf (copy)	0%	ReversingLabs
52ca82.rbf (copy)	0%	ReversingLabs
52ca83.rbf (copy)	0%	ReversingLabs
52ca84.rbf (copy)	0%	ReversingLabs
52ca85.rbf (copy)	0%	ReversingLabs
52ca86.rbf (copy)	0%	ReversingLabs
52ca87.rbf (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\CC_FBO_LIB.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\DotProduct_x64.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\Qt5Concurrent.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\Qt5Core.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\Qt5Gamepad.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\Qt5Gui.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\Qt5Network.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\Qt5OpenGL.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\Qt5Svg.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\Qt5WebSockets.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\Qt5Widgets.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKBRep.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKG2d.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKG3d.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKGeomAlgo.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKGeomBase.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKMath.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKMesh.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKSTEP.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKSTEP209.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKSTEPAttr.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKSTEPBase.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKShHealing.dll (copy)	0%	ReversingLabs
C:\Program Files\CloudCompare\TKTopAlgo.dll (copy)	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.cloudcompare.org/8http://www.cloudcompare.org/8http://www.cloudcompare.org/.2.14.alpha	0%	Avira URL Cloud	safe
http://wixtoolset.org/schemas/thmutil/2010Hd	0%	Avira URL Cloud	safe
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exeOF_P	0%	Avira URL Cloud	safe
http://www.cloudcompare.org/q	0%	Avira URL Cloud	safe
http://wixtoolset.org/schemas/thmutil/2010lureH	0%	Avira URL Cloud	safe
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exeamDat	0%	Avira URL Cloud	safe
http://wixtoolset.org/schemas/thmutil/2010(	0%	Avira URL Cloud	safe
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe0r	0%	Avira URL Cloud	safe
http://www.cloudcompare.org/	0%	Avira URL Cloud	safe
http://wixtoolset.org/schemas/thmutil/2010and	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://apache.org/xml/features/generate-synthetic-annotationsIDREFquotcanonical-formhttp://apache.or	is-UP0V3.tmp.10.dr	false		high
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000000.4271005670.0000000000401000.00000020.00000001.01000000.00000004.sdmp	false		high
http://www.phreedom.org/md5)08:27	is-F27EN.tmp.10.dr	false		high
http://ocsp.sectigo.com0	is-FVJ9O.tmp.10.dr	false		high
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe0r	wget.exe, 00000002.00000002.4225320965.0000000000B75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://wixtoolset.org/schemas/thmutil/2010	vcredist_2013_x64.exe, 0000000D.00000003.4855360186.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, vcredist_2013_x64.exe, 0000000D.00000003.4641577754.000000000157D000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000015.00000002.5108320544.0000000003810000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 00000015.00000002.5108192968.00000000036A0000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64.exe, 00000018.00000003.4893735867.0000000000ECD000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000003.4895186091.000000000097C000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000002.5491628116.0000000002870000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 0000001D.00000002.5088805698.0000000003250000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 0000001D.00000002.5089033184.0000000003400000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 00000021.00000002.5490078826.0000000003350000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000021.00000002.5494063209.0000000003870000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.openssl.org/V	is-DG0J0.tmp.10.dr	false		high
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exeOF_P	wget.exe, 00000002.00000002.4225320965.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://apache.org/xml/features/validation/dynamic-1http://apache.org/xml/features/validation/identit	is-UP0V3.tmp.10.dr	false		high
http://apache.org/xml/features/validation/ignoreCachedDTDREFhttp://apache.org/xml/features/validatin	is-UP0V3.tmp.10.dr	false		high
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s	wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	false		high
http://apache.org/xml/features/pretty-print/space-first-level-elementsEMPTYDoXIhttp://xml.org/sax/fe	is-UP0V3.tmp.10.dr	false		high
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#	is-FVJ9O.tmp.10.dr	false		high
http://www.cloudcompare.org/8http://www.cloudcompare.org/8http://www.cloudcompare.org/.2.14.alpha	CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4271509144.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000003.4281307366.00000000035B0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://bugreports.qt.io/	is-F27EN.tmp.10.dr	false		high
http://www.openssl.org/support/faq.html.	is-DG0J0.tmp.10.dr	false		high
http://repository.certum.pl/ccsca2021.cer0	wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.openssl.org/support/faq.html	is-DG0J0.tmp.10.dr	false		high
http://apache.org/xml/features/dom-has-psvi-infoInvalidDatatypeFacetExceptionen_UShttp://apache.org/	is-UP0V3.tmp.10.dr	false		high
http://apache.org/xml/UnknownNScdata-sectionsDOMMemoryManagerXML	is-UP0V3.tmp.10.dr	false		high
http://apache.org/xml/properties/low-water-marksplit-cdata-sectionsSGXMLScanner	is-UP0V3.tmp.10.dr	false		high
http://wixtoolset.org/schemas/thmutil/2010lureH	vcredist_2013_x64.exe, 0000000D.00000003.4851447301.000000000371B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000002.5494494333.0000000002C90000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://appsyndication.org/2006/appsynapplicationc:	VC_redist.x64.exe, 00000014.00000000.4866316131.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000014.00000002.5111247731.00000000004EE000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x64.exe, 00000015.00000000.4867826152.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000015.00000002.5106004440.0000000000A8E000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 00000016.00000002.5102890508.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 00000016.00000003.5002147253.0000000000980000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 00000016.00000000.4875152360.0000000000E8E000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x64.exe, 0000001F.00000000.5129153010.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 0000001F.00000002.5138174837.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000002.5484844134.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000020.00000000.5130814743.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000000.5133213302.00000000009CE000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x64.exe, 00000021.00000002.5484898708.00000000009CE000.00000002.00000001.01000000.00000015.sdmp	false		high
https://www.remobjects.com/ps	CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000000.4279340551.0000000000401000.00000020.00000001.01000000.00000005.sdmp	false		high
http://subca.ocsp-certum.com02	wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.innosetup.com/	CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000000.4279340551.0000000000401000.00000020.00000001.01000000.00000005.sdmp	false		high
https://sectigo.com/CPS0C	is-FVJ9O.tmp.10.dr	false		high
http://crl.certum.pl/ctnca2.crl0l	wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	false		high
http://repository.certum.pl/ctnca2.cer09	wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	false		high
http://ccsca2021.ocsp-certum.com05	wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe	wget.exe, 00000002.00000002.4225448124.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.certum.pl/CPS0	wget.exe, 00000002.00000002.4225716734.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.phreedom.org/md5)	is-F27EN.tmp.10.dr	false		high
http://www.cloudcompare.org/q	CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.5160966733.00000000022EA000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000003.5147495318.00000000024BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://apache.org/xml/messages/XMLValidityXMLXIncludeExceptionerror-handlernohttp://apache.org/xml/f	is-UP0V3.tmp.10.dr	false		high
http://apache.org/xml/features/continue-after-fatal-errorlthttp://apache.org/xml/features/dom/byte-o	is-UP0V3.tmp.10.dr	false		high
http://apache.org/xml/messages/XML4CErrorswell-formedhttp://apache.org/xml/parser-use-DOMDocument-fr	is-UP0V3.tmp.10.dr	false		high
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	is-FVJ9O.tmp.10.dr	false		high
http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor	VC_redist.x64.exe, 0000001C.00000002.5094773956.00000000003DB000.00000002.00000001.01000000.00000014.sdmp, VC_redist.x64.exe, 0000001D.00000002.5086434755.00000000003DB000.00000002.00000001.01000000.00000014.sdmp, VC_redist.x64.exe, 0000001E.00000002.5082503451.00000000003DB000.00000002.00000001.01000000.00000014.sdmp	false		high
https://www.certum.pl/CPS0	wget.exe, 00000002.00000003.4224842312.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224842312.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.4224908994.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4275062715.0000000002540000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.4277624515.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	false		high
http://apache.org/xml/features/dom/user-adopts-DOMDocument-2147483648	is-UP0V3.tmp.10.dr	false		high
http://wixtoolset.org/schemas/thmutil/2010(	vcredist_2013_x64.exe, 0000000D.00000003.4851447301.000000000371B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000002.5494494333.0000000002C90000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cloudcompare.org/	CloudCompare_v2.14.alpha_setup_x64.exe, 00000009.00000003.5160966733.00000000022EA000.00000004.00001000.00020000.00000000.sdmp, CloudCompare_v2.14.alpha_setup_x64.tmp, 0000000A.00000003.5147495318.00000000024BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exeamDat	wget.exe, 00000002.00000002.4225320965.0000000000B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://wixtoolset.org/schemas/thmutil/2010and	vcredist_2013_x64.exe, 0000000D.00000003.4851447301.000000000371B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x64.exe, 00000019.00000002.5494494333.0000000002C90000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://wixtoolset.org/schemas/thmutil/2010Hd	VC_redist.x64.exe, 00000015.00000002.5108320544.0000000003810000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 0000001D.00000002.5089033184.0000000003400000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 00000021.00000002.5494063209.0000000003870000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.Netsca	is-F27EN.tmp.10.dr	false		high
http://apache.org/xml/features/validation/use-cachedGrammarInParsevalidationvalidate-if-schemaxmlwhi	is-UP0V3.tmp.10.dr	false		high
http://apache.org/xml/features/nonvalidating/load-external-dtd-9223372036854775808http://apache.org/	is-UP0V3.tmp.10.dr	false		high
http://appsyndication.org/2006/appsyn	VC_redist.x64.exe	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.241.226.205	unknown	United States		46606	UNIFIEDLAYER-AS-1US	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589827
Start date and time:	2025-01-13 08:12:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 17m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	36
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.spre.evad.win@37/669@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 147 Number of non-executed functions: 259

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, VSSVC.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtSetValueKey calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe

Simulations

Behavior and APIs

Time	Type	Description
02:18:15	API Interceptor	57x Sleep call for process: SrTasks.exe modified
07:18:16	Autostart	Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {042d26ef-3dbe-4c25-95d3-4c1b11b235a7} "C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe" /burn.runonce
07:18:39	Autostart	Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {804e7d66-ccc2-4c12-84ba-476da31d103d} "C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" /burn.runonce

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	659624
Entropy (8bit):	6.34353451383787
Encrypted:	false
SSDEEP:	12288:FOB4p+q4N8d4l2ms4cTHN+m+gy/vEPYysExtvsIvXi1ZG2EKZm+GWodEEpvY/p:iAtvsIvL2EKZm+GWodEEpvYh
MD5:	C2028BA6C66363B36EA659CA8816265D
SHA1:	5E2BDA10AD417466290DC08FD6EE8BC5FCF0EBBD
SHA-256:	3B92E964404E3F94531E7D7C4C7419561D9ECA6ACCD98DC3979C9E3596DB444C
SHA-512:	28E87D7360C4BD2EB30152173DA6FDF30340B5FF0186A68F26514088DCC15758851AFD01A179E976A91A9A85F9C1EE0CFA40308ED9D42654739ACF6F6DD773F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C..=...n...n...n..*n...n...n...n..<n...n.@&n...n..>n...n...n4..n...nJ..n...n...n..=n...n..:n...n..?n...nRich...n........................PE..d...0.&Y.........." .....>...................................................`.......>....`.........................................PU.. ...p2..<....@...........G.......>...P.......X..................................p............P...............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data........P...8...@..............@....pdata...G.......H...x..............@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

Process:	C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	649728
Entropy (8bit):	7.039680213745585
Encrypted:	false
SSDEEP:	6144:MQOW+qYe7k6z8Mm6VKLjg1SL41q6iecU5PyAWIMWvh2MHg/sKuHNsEYhr/0p4D53:MQfi+r4w1SyqdexyHnMYsKutsEYR8pm
MD5:	31670756C84482C651BB895F9A6B87E5
SHA1:	A543B94A82DAD65923F4F2A666D5BB7020811BC8
SHA-256:	980069AFCB062404F1ACA91CACD514C28E55513244B44141D29359369EF950CB
SHA-512:	C1C1B5B88AB548A518CAF295954A3E833B0F7393ABF55011130707B76BF024034713313D8323026F2AD91D3ECB8635D7914AC336E3E627FEBB4C006657D509EE
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.....,...,...,.}i,...,.m.-...,.m.-...,.m.-...,.m.-...,.}.-...,.}y,...,#u.-...,.l.-...,...,...,.l.-...,.l.-...,.l.,...,.l.-...,Rich...,........PE..d...z..g.........." .....l..........,Z.......................................0............`..............................................?......@...............\............ ..H........................... ...(... ................................................text....j.......l.................. ..`.rdata..j=.......>...p..............@..@.data....%..........................@....pdata..\...........................@..@.rsrc...............................@..@.reloc..H.... ......................@..B................................................................................................................................................................................................................................

Process:	C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe
File Type:	Microsoft Cabinet archive data, many, 5691140 bytes, 14 files, at 0x44 +A "mfc140.dll_amd64" +A "mfc140chs.dll_amd64", flags 0x4, number 1, extra bytes 20 in head, 371 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	5701492
Entropy (8bit):	7.997611715541784
Encrypted:	true
SSDEEP:
MD5:	5866203168B27F18C1B47ABFA6823E02
SHA1:	3B696BE0A4CF750965D74263E43B8E302CB1B318
SHA-256:	7D48E0905EBEA9B14A07CFF687705DFDC50D795CD4C32E5ED87A0E344884B430
SHA-512:	037F793F60BE84F1DA005D47E21783E719A85B5C12C4D20050AD9D3254AC99BA8EB30B4B1378BAC69379DBC659427DC1AE4A19062ECD337D47D480D047AFB669
Malicious:	false
Reputation:	low
Preview:	MSCF......V.....D.............................V.p(..........4...s...P.U.......]Y.- .mfc140.dll_amd64.h...P.U...]Y.- .mfc140chs.dll_amd64.P.....V...]Y.- .mfc140cht.dll_amd64.h8...]W...]Y.- .mfc140deu.dll_amd64.p...p.X...]Y.- .mfc140enu.dll_amd64.h4...Y...]Y.- .mfc140esn.dll_amd64.h8..H.Z...]Y.- .mfc140fra.dll_amd64.p0....\...]Y.- .mfc140ita.dll_amd64.P... E]...]Y.- .mfc140jpn.dll_amd64.h...p+^...]Y.- .mfc140kor.dll_amd64.P(...._...]Y.- .mfc140rus.dll_amd64.PVV.(8`...]Y.- .mfc140u.dll_amd64..x..x.....]Y.- .mfcm140.dll_amd64..x........]Y.- .mfcm140u.dll_amd64.'..\|.6..CK.:{\|Se._.M[..4XD....)..........-R..V^....,..@iK...g.]........Y.....-.i+o..D.-7.G..)(w.9_nnn.......{.w.w^.y}.....Y,c,.~d......_...c,..T.#.H...#}'..4cq...J.d..,\.....2..y.3.c..X.h...$s...V.d....)?.G.e...B.y1s.<W.q.{../.^.\N..+..5s&..d;._"..rofJ;.y%.I.w.......2....E...X<..Y.M`.o..W..X....'X[...h..qxO..j....1...#..'w.$rv..I...6e.......Yg...)`.Q@.p6..M x..6......a./.X.".K.;.-.{.g.fV].. ...Xz.3l...<.1....

Process:	C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe
File Type:	data
Category:	dropped
Size (bytes):	740
Entropy (8bit):	2.5636834423859614
Encrypted:	false
SSDEEP:
MD5:	D340D6DE6BDE261AC065DF85F67F4E09
SHA1:	61532764D05D26F7C85C3BE3152CD0E3616099CE
SHA-256:	5ACA688CFB9C6D1D7910EEA03C9431634104CE1C67FBB4D1DC35C902E97C1136
SHA-512:	8CB49C03441BE64D84A7B90F5568CEB6E6728C10184BD868FBEE3E2E27FD18B2B768E72F3AC79D5D88AC9484B88A068BFE7CB9BF5CD03C529DCAAAEEF7ED37F1
Malicious:	false
Reputation:	low
Preview:	B.......................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.............................W.i.x.B.u.n.d.l.e.N.a.m.e.....<...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.3. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.2...0...4.0.6.6.4.........W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....D...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.i.s.-.U.Q.9.E.2...t.m.p.\.v.c.r.e.d.i.s.t._.2.0.1.3._.x.6.4...e.x.e.........................

Process:	C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
File Type:	data
Category:	dropped
Size (bytes):	860
Entropy (8bit):	2.5622574762223893
Encrypted:	false
SSDEEP:
MD5:	9BA32203A21BB0583763AB40DA877C09
SHA1:	A339764C730E0E6E107F06CE6CA9FFC79B48E72B
SHA-256:	D52C12100BD9F419ECC7D49DD8B7203682F6F96AF23B5D049D18804439FA86DB
SHA-512:	D59969326B6CA7F6372C1145605CEE03FDAA5FEE71D6D0AF9DDDD07E92A107FB9A1E0EF94A5D7F5FA929FF6D37C94E9B64FDF5BA08E1C8C03D71E6F604FA7034
Malicious:	false
Reputation:	low
Preview:	G...................................................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.....................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.........................W.i.x.B.u.n.d.l.e.N.a.m.e.....B...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...3.6...3.2.5.3.2.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....*...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.D.o.w.n.l.o.a.d.s.\.V.C._.r.e.d.i.s.t...x.6.4...e.x.e.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r.........C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.D.o.w.n.l.o.a.d.s.\.........................

Process:	C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe
File Type:	ASCII text, with very long lines (438), with CRLF line terminators
Category:	modified
Size (bytes):	18997
Entropy (8bit):	5.506319070239555
Encrypted:	false
SSDEEP:
MD5:	3B39E211AD9D7E70281225BC12DA70B4
SHA1:	FD423C4E9AAF3BF9616439861F0B9BD44F074AEF
SHA-256:	08FC11C868E620D7B1FCFF0FEE8314694D5593C592E6A013A11D5249FE021E04
SHA-512:	BB688A24BC68BBED0751204B1FB256987790DDC84F87446F6F767783818760E48716C6C90729794225D5D1DF2CB8B4DC2855DA0514813CC25BE9160D9CFA5FB5
Malicious:	false
Reputation:	low
Preview:	[09BC:1520][2025-01-13T02:18:21]i001: Burn v3.14.1.8722, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Windows\Temp\{D8943984-F9C2-4E4C-B1F7-BE52C05F00EB}\.cr\VC_redist.x64.exe..[09BC:1520][2025-01-13T02:18:21]i009: Command Line: '-burn.clean.room=C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe -burn.filehandle.attached=680 -burn.filehandle.self=684 /install /quiet /norestart'..[09BC:1520][2025-01-13T02:18:21]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe'..[09BC:1520][2025-01-13T02:18:21]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\'..[09BC:1520][2025-01-13T02:18:22]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20250113021822.log'..[09BC:1520][2025-01-13T02:18:22]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2015-2

Process:	C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	865
Entropy (8bit):	5.392318416741841
Encrypted:	false
SSDEEP:
MD5:	E4F587F4596AE95FE2BDC41559B04933
SHA1:	A0900C29532460FD1CF53962C475EA4B86195F4B
SHA-256:	25134649FA802B3F6397BD9FE91E2B6006BC835960F44DC7112F5345E9BF9446
SHA-512:	5702D535714C3F9DF0D1E3EC5B12B9F3C57CBEFC4020A361EBD75AC8B5A3D35C02F07E526D754800BBFAE44D86767F6DDFC7856A105B9DBDE14DEDFC06950D70
Malicious:	false
Reputation:	low
Preview:	[17BC:15B8][2025-01-13T02:18:24]i001: Burn v3.7.3424.0, Windows v10.0 (Build 19045: Service Pack 0), path: C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe, cmdline: ''..[17BC:15B8][2025-01-13T02:18:24]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20250113021824.log'..[17BC:15B8][2025-01-13T02:18:24]i100: Detect begin, 2 packages..[17BC:15B8][2025-01-13T02:18:24]i101: Detected package: vcRuntimeMinimum_x64, state: Present, cached: Complete..[17BC:15B8][2025-01-13T02:18:24]i101: Detected package: vcRuntimeAdditional_x64, state: Present, cached: Complete..[17BC:15B8][2025-01-13T02:18:24]i052: Condition 'VersionNT64 >= v6.0 OR (VersionNT64 = v5.2 AND ServicePackLevel >= 1)' evaluates to true...[17BC:15B8][2025-01-13T02:18:24]i199: Detect complete, result: 0x0..

Process:	C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3982
Entropy (8bit):	5.430069489601231
Encrypted:	false
SSDEEP:
MD5:	94141BDC13A2CF35594BC45C4F2BD577
SHA1:	8FAD085184574958DE6C1B9DD2054A8AD68A65B7
SHA-256:	A2E42B24597FF9815BA111355E75C8D7572BA750F68BFCCD9414D35CA938CA74
SHA-512:	60CFC9981460359F08D8354496F186D417AC68582DFD43C562DF835110DF518D2EAC7E9819DB2C905A00E63EBD883055EE7714E8B3CD6D87A751D045F805EA48
Malicious:	false
Reputation:	low
Preview:	[1350:03B0][2025-01-13T02:18:48]i001: Burn v3.14.1.8722, Windows v10.0 (Build 19045: Service Pack 0), path: C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe..[1350:03B0][2025-01-13T02:18:48]i009: Command Line: '"-burn.clean.room=C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548'..[1350:03B0][2025-01-13T02:18:49]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20250113021849.log'..[1350:03B0][2025-01-13T02:18:49]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation'..[1350:04F8][2025-01-13T02:18:49]i000: Setting version variable 'WixBundleFileVersion' to value '14.42.34433.0'..[1350:03B0][2025-01-13T02:18:49]i100: Detect begin, 11 packages..[1350:03B0][2025-01-13T02:18:49]i000: Setting string variable 'Arm64_Check' to value 'AMD64'..[1350:03B0][2025-01-13T02:18:49]i000:

Process:	C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3024000
Entropy (8bit):	6.401341683892991
Encrypted:	false
SSDEEP:
MD5:	CA9D0BC1FC3C0AEBE22047A2DCBCD715
SHA1:	8DF8054C0F3A9969493D74001AE6C6815090BB48
SHA-256:	69FEBFE8BB5D272CE0A488B1C4C7BF2C3CEAD22410F7E907681635DDD910EF42
SHA-512:	75D8B8811B736C6AF7802194508979209E34B6357662902456687E83FE348DE422B37A96A52B336448B9EE22F1B43D7C7B7266F67D9000B663F24CFE989F81AE
Malicious:	false
Reputation:	low
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-...............-..&....................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	548918
Entropy (8bit):	2.2673168244353743
Encrypted:	false
SSDEEP:
MD5:	15637A90593889F24EB9DF770633A36B
SHA1:	25DE1303B0742BBB9E73869147B06BD967B34CDE
SHA-256:	5C3B81FB88EF11CFBC40DD55074742920D477BB22BB4B665C82A508E3DC6BEEA
SHA-512:	6C6B6B81DED5B83101A8021F8DF2D424E9522F7E3FEA88D99DBCB69407B9CC24F6D657563AB6B390236517EF2AC6CF0CE6DE6C8E3F5D16AEFED743BE261E9886
Malicious:	false
Reputation:	low
Preview:	--2025-01-13 02:13:01-- https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe..Resolving www.danielgm.net (www.danielgm.net)... 162.241.226.205..Connecting to www.danielgm.net (www.danielgm.net)\|162.241.226.205\|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 355083480 (339M) [application/x-msdownload]..Saving to: 'C:/Users/user/Desktop/download/CloudCompare_v2.14.alpha_setup_x64.exe'.... 0K .......... .......... .......... .......... .......... 0% 280K 20m39s.. 50K .......... .......... .......... .......... .......... 0% 999K 13m13s.. 100K .......... .......... .......... .......... .......... 0% 1010K 10m43s.. 150K .......... .......... .......... .......... .......... 0% 862K 9m43s.. 200K .......... .......... .......... .......... .......... 0% 1.74M 8m25s.. 250K .......... .......... .......... .......... .......... 0% 1.11M 7m52s.. 300K .......... .......... .......... .......... .......... 0% 1.14M 7m2

Process:	C:\Windows\SysWOW64\wget.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	355083480
Entropy (8bit):	7.999789709819808
Encrypted:	true
SSDEEP:
MD5:	4FA9171C45161772572CB136422EA7FD
SHA1:	07E5617C3EFE1AD8AC181043C8F2D4C1B665FF38
SHA-256:	2E51AC90FDA81441AB9671598E2ACD169E001DC2A969E3331FDD38C02B0AFEC8
SHA-512:	A357E2F286B6512D9CAE295B21292595DC59067D89D159A8473CE5FA80247D84E50A407BCD45166B6D42853DBDBC635244B7453292C5D7CED25F3BEF2F9BA8F0
Malicious:	false
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...n.._.................P...........^.......p....@..................................a*...@......@...................@....... ..6....p...H..........X.)..&...................................`......................."..D....0.......................text....6.......8.................. ..`.itext.......P.......<.............. ..`.data....7...p...8...T..............@....bss.....m...............................idata..6.... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc....H...p...H..................@..@....................................@..@........................................................

Target ID:	0
Start time:	02:13:00
Start date:	13/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe" > cmdline.out 2>&1
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	2
Start time:	02:13:01
Start date:	13/01/2025
Path:	C:\Windows\SysWOW64\wget.exe
Wow64 process (32bit):	true
Commandline:	wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe"
Imagebase:	0x400000
File size:	3'895'184 bytes
MD5 hash:	3DADB6E2ECE9C4B3E1E322E617658B60
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	9
Start time:	02:17:22
Start date:	13/01/2025
Path:	C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe"
Imagebase:	0x400000
File size:	355'083'480 bytes
MD5 hash:	4FA9171C45161772572CB136422EA7FD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Target ID:	10
Start time:	02:17:23
Start date:	13/01/2025
Path:	C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-DL9N7.tmp\CloudCompare_v2.14.alpha_setup_x64.tmp" /SL5="$B01CE,353634964,780800,C:\Users\user\Desktop\download\CloudCompare_v2.14.alpha_setup_x64.exe"
Imagebase:	0x400000
File size:	3'024'000 bytes
MD5 hash:	CA9D0BC1FC3C0AEBE22047A2DCBCD715
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Target ID:	11
Start time:	02:17:58
Start date:	13/01/2025
Path:	C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\vcredist_2013_x64.exe" /install /quiet /norestart
Imagebase:	0xfb0000
File size:	7'200'744 bytes
MD5 hash:	49B1164F8E95EC6409EA83CDB352D8DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	17
Start time:	02:18:14
Start date:	13/01/2025
Path:	C:\Windows\System32\SrTasks.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Imagebase:	0x7ff6093c0000
File size:	59'392 bytes
MD5 hash:	2694D2D28C368B921686FE567BD319EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	20
Start time:	02:18:21
Start date:	13/01/2025
Path:	C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-UQ9E2.tmp\VC_redist.x64.exe" /install /quiet /norestart
Imagebase:	0x4a0000
File size:	25'640'112 bytes
MD5 hash:	223A76CD5AB9E42A5C55731154B85627
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	22
Start time:	02:18:22
Start date:	13/01/2025
Path:	C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Temp\{CE3C8B2F-DD8D-438E-8C6B-737A64F87B6D}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5DEBEB27-EE90-4179-8801-9F2879D6FF33} {CFB915F2-7D0C-4BB0-A831-01B27FBD1688} 2492
Imagebase:	0xe40000
File size:	686'136 bytes
MD5 hash:	3F32F1A9BD60AE065B89C2223676592E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	24
Start time:	02:18:24
Start date:	13/01/2025
Path:	C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe" /burn.runonce
Imagebase:	0x530000
File size:	465'992 bytes
MD5 hash:	3284088A2D414D65E865004FDB641936
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	26
Start time:	02:18:34
Start date:	13/01/2025
Path:	C:\Windows\System32\SrTasks.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
Imagebase:	0x7ff6093c0000
File size:	59'392 bytes
MD5 hash:	2694D2D28C368B921686FE567BD319EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

52ca59.rbf (copy)

52ca5a.rbf (copy)

52ca5b.rbf (copy)

52ca60.rbf (copy)

52ca61.rbf (copy)

52ca62.rbf (copy)

52ca63.rbf (copy)

52ca69.rbf (copy)

52ca6b.rbf (copy)

52ca6c.rbf (copy)

52ca6d.rbf (copy)

52ca6e.rbf (copy)

52ca6f.rbf (copy)

52ca70.rbf (copy)

52ca71.rbf (copy)

52ca72.rbf (copy)

52ca73.rbf (copy)

52ca74.rbf (copy)

52ca7a.rbf (copy)

52ca7b.rbf (copy)

Windows Analysis Report
https://www.danielgm.net/cc/release/CloudCompare_v2.14.alpha_setup_x64.exe

Target ID:	27
Start time:	02:18:35
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	28
Start time:	02:18:41
Start date:	13/01/2025
Path:	C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1032 -burn.embedded BurnPipe.{3CE290E6-406D-4F39-9839-02C576C54025} {EA2D85BC-101D-4701-8D4D-A4BF8B19AB71} 6552
Imagebase:	0x390000
File size:	650'592 bytes
MD5 hash:	35E545DAC78234E4040A99CBB53000AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	30
Start time:	02:18:42
Start date:	13/01/2025
Path:	C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5A86F4D1-A9EC-4B64-B083-BE7A62BB96B8} {9AF4D465-6A98-4E12-88F2-BC1C1719DF24} 4280
Imagebase:	0x390000
File size:	650'592 bytes
MD5 hash:	35E545DAC78234E4040A99CBB53000AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	31
Start time:	02:18:47
Start date:	13/01/2025
Path:	C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe" /burn.runonce
Imagebase:	0x980000
File size:	686'136 bytes
MD5 hash:	3F32F1A9BD60AE065B89C2223676592E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	32
Start time:	02:18:48
Start date:	13/01/2025
Path:	C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Package Cache\{804e7d66-ccc2-4c12-84ba-476da31d103d}\VC_redist.x64.exe"
Imagebase:	0x980000
File size:	686'136 bytes
MD5 hash:	3F32F1A9BD60AE065B89C2223676592E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	34
Start time:	02:18:51
Start date:	13/01/2025
Path:	C:\Windows\System32\LogonUI.exe
Wow64 process (32bit):	false
Commandline:	"LogonUI.exe" /flags:0x4 /state0:0xa3f5a855 /state1:0x41c64e6d
Imagebase:	0x7ff75ff10000
File size:	13'824 bytes
MD5 hash:	893144FE49AA16124B5BD3034E79BBC6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre