Edit tour

Windows Analysis Report
setup64v.8.9.6.msi

Overview

General Information

Sample name:setup64v.8.9.6.msi
Analysis ID:1591569
MD5:b9176cd618155f0e05a0d0569d9af26f
SHA1:3a46c8ff4c280a09e1fd3b105882176a72232fa8
SHA256:2c1bd6e94011565d233dfb144a39fbcf5dfe03ec87cde72e8b7d718166811424
Tags:msiSilverFoxValleyRATwinosuser-kafan_shengui
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
AI detected suspicious sample
Hides threads from debuggers
Query firmware table information (likely to detect VMs)
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • msiexec.exe (PID: 4472 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup64v.8.9.6.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 396 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7428 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 2454DEA836F35E69FAC3DA4D5A5A3836 E Global\MSI0000 MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\Program Files (x86)\Windows NT\cob.cfVirustotal: Detection: 9%Perma Link
Source: C:\Windows\Installer\MSI2EFA.tmpVirustotal: Detection: 9%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 92.2% probability
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\641ff5.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{A298D95F-BAD5-4292-A50E-696F9FC2A245}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI292C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\641ff7.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\641ff7.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2EFA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\641ff7.msiJump to behavior
Source: classification engineClassification label: mal60.evad.winMSI@4/23@0/0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\build.datJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF00B7A93A21B6D61D.TMPJump to behavior
Source: setup64v.8.9.6.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 88.31%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup64v.8.9.6.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 2454DEA836F35E69FAC3DA4D5A5A3836 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 2454DEA836F35E69FAC3DA4D5A5A3836 E Global\MSI0000Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: setup64v.8.9.6.msiStatic file information: File size 30605312 > 1048576
Source: MSI2EFA.tmp.4.drStatic PE information: section name: .00cfg
Source: MSI2EFA.tmp.4.drStatic PE information: section name: .gxfg
Source: MSI2EFA.tmp.4.drStatic PE information: section name: .retplne
Source: MSI2EFA.tmp.4.drStatic PE information: section name: _RDATA
Source: cob.cf.9.drStatic PE information: section name: .00cfg
Source: cob.cf.9.drStatic PE information: section name: .gxfg
Source: cob.cf.9.drStatic PE information: section name: .retplne
Source: cob.cf.9.drStatic PE information: section name: _RDATA
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\cob.cfJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2EFA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2EFA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Windows NT\cob.cfJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Windows\System32\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Windows NT\cob.cfJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2EFA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Windows\System32\msiexec.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media
Windows Management Instrumentation1
DLL Side-Loading
1
Process Injection
31
Masquerading
OS Credential Dumping31
Security Software Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
21
Virtualization/Sandbox Evasion
LSASS Memory21
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account Manager1
Process Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDS11
Peripheral Device Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion
LSA Secrets11
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1591569 Sample: setup64v.8.9.6.msi Startdate: 15/01/2025 Architecture: WINDOWS Score: 60 19 Multi AV Scanner detection for dropped file 2->19 21 AI detected suspicious sample 2->21 6 msiexec.exe 75 30 2->6         started        9 msiexec.exe 5 2->9         started        process3 file4 15 C:\Windows\Installer\MSI2EFA.tmp, PE32+ 6->15 dropped 11 msiexec.exe 1 6->11         started        process5 file6 17 C:\Program Files (x86)\Windows NT\cob.cf, PE32+ 11->17 dropped 23 Query firmware table information (likely to detect VMs) 11->23 25 Hides threads from debuggers 11->25 signatures7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
setup64v.8.9.6.msi5%VirustotalBrowse
setup64v.8.9.6.msi5%ReversingLabs
SourceDetectionScannerLabelLink
C:\Program Files (x86)\Windows NT\cob.cf10%VirustotalBrowse
C:\Windows\Installer\MSI2EFA.tmp10%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
No contacted IP infos
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1591569
Start date and time:2025-01-15 05:03:19 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 54s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:14
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:setup64v.8.9.6.msi
Detection:MAL
Classification:mal60.evad.winMSI@4/23@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .msi
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.175.87.197
  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
No simulations
No context
No context
No context
No context
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Program Files (x86)\Windows NT\cob.cfsetup64v.3.6.7.msiGet hashmaliciousUnknownBrowse
    setup64v.5.9.3.msiGet hashmaliciousUnknownBrowse
      C:\Windows\Installer\MSI2EFA.tmpsetup64v.3.6.7.msiGet hashmaliciousUnknownBrowse
        setup64v.5.9.3.msiGet hashmaliciousUnknownBrowse
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):203055
          Entropy (8bit):6.324637441202488
          Encrypted:false
          SSDEEP:6144:viSmy6iC1DgJTGUazNVhv8J6KqTqLdjvET+M:vis3uTv8J67qLdjWH
          MD5:185BD1974BC60323B4D7CA4472A3BA26
          SHA1:6FDA45E9448B1BC141B880EBD96A308A123F61E7
          SHA-256:47E1E012F89FDB00D51D510F847CEDE30AC2E249EE5D7433C6867E1A88AF9267
          SHA-512:95E1C90920B144222B9EFAC6DC6788C8426BB519F286AB139C12CE69B99D388B99C758D716535D2A5DFFF79B350B5E8546D810EBFF74A5E095081BB8DFD61BBC
          Malicious:false
          Reputation:low
          Preview:...@IXOS.@.....@...Z.@.....@.....@.....@.....@.....@......&.{A298D95F-BAD5-4292-A50E-696F9FC2A245}..Setup..setup64v.8.9.6.msi.@.....@.....@.....@........&.{7EE21D67-B320-4A35-BA36-021A13B9367B}.....@.....@.....@.....@.......@.....@.....@.......@......Setup......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{125CBCBA-123D-4311-82DD-4ABAFFD734C4}&.{A298D95F-BAD5-4292-A50E-696F9FC2A245}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..".C:\Program Files (x86)\Windows NT\....+.C:\Program Files (x86)\Windows NT\build.dat....*.C:\Program Files (x86)\Windows NT\file.dat....CustcomActionK...CustcomAction.@A.........MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....z.g.........." ................@...............................................2.....`.......................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):29011968
          Entropy (8bit):7.999990425123506
          Encrypted:true
          SSDEEP:786432:d4ab5H03UCAPIkPV1jZeYVF/BTDIHubSJ0f2CeG:d466UCAAgbTTo70+C9
          MD5:79C9B7174A528856E6DADE31CFF6E343
          SHA1:E2C80616A5C3C9BBE9992837598AD0B3546C48B4
          SHA-256:48870746C208A07BC7B825FEE643703785D761B12BAB1F8FFB38E1190068C8FD
          SHA-512:4413FA79BDBF3562B242234F1B011F137129EDBD82FEC4CFA49CD5DA0FCC5E4072AFC7F39354141C88D1F3F4984EAE9ED212656887C02DB2299F63F932C49BDA
          Malicious:false
          Reputation:low
          Preview:.....F.&\8......3e......@.Z+V...V.p}.7...:.?Z..-._t;.;...J.....d+.T..N...../.9..L..'..s..Q8T_`.... o.G.(...l...i.W..R...|F.........&..x......gv...c.vW.U..a..P...X)....^`/..H ...!.N.QWj..s. .l%Y.6..D`......F...6...1..N).b..xW....Y2...`...be...[.=t...G....pV....|T#Dn...93..8.....4..s...lTJ`....)1V.p}.7...:.?Z..-. ..R..._4.\..XcB.h..l.&....(^x....4#..2.M.0.V.p}.7...:.?Z..-.YW=eb..".b....,......}'.*.,..W....v+.....P..d.<@w....l....vg...Ehz.;.Je.U......>..].P?d.q.I.!aF.(oC..^Y..c.Y..k.Dw.Xj.......@......z R.....Ehz.;.Je.U..<%......a.....\;".|..=.!B.a-p.$.zA.E).^...&..Hdz%.J././>.3|........0...V?.km:..|.. ....o`...|5.....|.P..Jr...z.F.]..S.....).|...i,...O.....Ehz.;.Je.U...B.(.......... }.~^..W.-,...;.(.._Q.s..@r.....k?.......Ehz.;.Je.U...H./..J?..'.....Ev..q..5.g..u.Hi.....E..X.! V.p}.7...:.?Z..-V.p}.7...:.?Z..-V.p}.7...:.?Z..-V.p}.7...:.?Z..-V.p}.7...:.?Z..-V.p}.7...:.?Z..-V.p}.7...:.?Z..-V.p}.7...:.?Z..-V.p}.7...:.?Z..-V.p}.7...:.?Z..-V.p}.7..
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):195584
          Entropy (8bit):6.305482571651475
          Encrypted:false
          SSDEEP:3072:aTmfSmy6iC1DEnaVkTRArIo3zNVhv8JibKZEi5/6WXXLdJJDEqGEYkEgSKP6/oG:aiSmy6iC1DgJTGUazNVhv8J6KqTqLdjP
          MD5:B851DBB4471BD83C81EBF3D727A29165
          SHA1:F3F0599D7D54C6D53DEA55696B6B80A25E8471FB
          SHA-256:577D8C6640439E1B05A47E377305CCB68DBFE253E56F10430FBDF4BB59537B3A
          SHA-512:15FD4DBDB3922C7355C42DFFFBB302B0E6B3A0B3B85BE1824940CC14316A4AE3107AE836B02EF19D4795F21DA56577D3555AC8C91BFD57F9FF871C33FA51A150
          Malicious:false
          Antivirus:
          • Antivirus: Virustotal, Detection: 10%, Browse
          Joe Sandbox View:
          • Filename: setup64v.3.6.7.msi, Detection: malicious, Browse
          • Filename: setup64v.5.9.3.msi, Detection: malicious, Browse
          Reputation:low
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....z.g.........." ................@...............................................2.....`.........................................`...p......(....p..........L............`......................................p...@...........`...h............................text...?........................... ..`.rdata.............................@..@.data....,..........................@....pdata..L...........................@..@.00cfg..8...........................@..@.gxfg... .... ......................@..@.retplne.....@.........................._RDATA.......P......................@..@.reloc.......`......................@..B.rsrc........p......................@..@........................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):1399664
          Entropy (8bit):7.999882239092758
          Encrypted:true
          SSDEEP:24576:wv9Ze6Mw4ZFRbCqdDi19MuJB/eLKfdfNyCpkow5sTrG7SQsO:k5MwmPtuMu//eLKHkow6TgSQsO
          MD5:AD58F04285FC1F3746A437A5DCF28B45
          SHA1:39165A679E39849DB93D20A2F7C0D339692AEB71
          SHA-256:D507366760F8C2A2A1AFCAA3EC9535AC42C9685FD78FBC44711A61D3E3813A45
          SHA-512:9715200FDBDB24A64B9A67B71B196DC842EFB1D8DDF02EE0664AB3E7B1CCE232F6B54FE7B6A8EE238DEAC077DF493474A32107DE27EB33A9923CB8D98329573E
          Malicious:false
          Reputation:low
          Preview:.@S......La...............?..Q..u-.j.R1 ......=.'YN.@.i7.n.8.9z...$.Y.YW.3qN.&...j.....,0..t(.%e....;.:.u...g."..=..Q..."...+...aL.r.VA.w8<.i.K.m...!.o...2.e;..2...t...p.{..NB.F..n....i.>.........w...&.f2s5?..E..%R.x>.......2.Im&:.>.f5..X.D`u.!./......9&\./=...._.x.........I.u....z..U..O....Ba./l...S.....p3.V.(..c@1o...."H....Z_...B.....>...Q...].D.6.:._.......B..A@X......;.w...s.._Xx\z.....&.| f......Oo..rhs.B.d..=..y]a..F.x..N.....|g...\c...<..O.i.!.$!.4...B..W3V....}..g.!.Yn(c94._.`5s.o..:..u.}.H*.a.+.....Z.3..K.9B.B....cA...%....//d._..QE.E....r0|.";XD.....j6.......z.......oC.\.+}....ZU.....ii.a.Q....2'...#\..h.]!Ib...X.']..k.@....Up.t..o.............Y.h#...l.D..d.. y{.....V.....T-..3......>.b.z_[...<..i....,.\..jRP...g#..R.<?. .(.....6..P...MMU`...........N..^..i......f|.W........@.W0\........t ...N?.).m...6..+.w0XE...*...(...$..9.Ua..zY..A...}^....Z:......e.w.Y.!.h.._E....g..`s.y..!....J....9..Z....ng.....vH.^:...S.<<k38a.r.%.;\.s...y.y
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Setup, Author: QT, Keywords: Installer, Comments: rbfdgh, Template: Intel;1033, Revision Number: {7EE21D67-B320-4A35-BA36-021A13B9367B}, Create Time/Date: Tue Jan 14 15:05:48 2025, Last Saved Time/Date: Tue Jan 14 15:05:48 2025, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
          Category:dropped
          Size (bytes):30605312
          Entropy (8bit):7.998961425494256
          Encrypted:true
          SSDEEP:786432:KsSOzh/I+sDl+U+6/aQhgN4YHQ50WAHc/oW252:KJc/I+WYAtYescgWV
          MD5:B9176CD618155F0E05A0D0569D9AF26F
          SHA1:3A46C8FF4C280A09E1FD3B105882176A72232FA8
          SHA-256:2C1BD6E94011565D233DFB144A39FBCF5DFE03EC87CDE72E8B7D718166811424
          SHA-512:C1F4A65846F3B297146330A47C282F83412F0691A211BB34A0569C3CD412371BEE6C28AAFD8878A212913902076F2F3D3C10DE96BB91D6B93DB9660270F4212E
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Setup, Author: QT, Keywords: Installer, Comments: rbfdgh, Template: Intel;1033, Revision Number: {7EE21D67-B320-4A35-BA36-021A13B9367B}, Create Time/Date: Tue Jan 14 15:05:48 2025, Last Saved Time/Date: Tue Jan 14 15:05:48 2025, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
          Category:dropped
          Size (bytes):30605312
          Entropy (8bit):7.998961425494256
          Encrypted:true
          SSDEEP:786432:KsSOzh/I+sDl+U+6/aQhgN4YHQ50WAHc/oW252:KJc/I+WYAtYescgWV
          MD5:B9176CD618155F0E05A0D0569D9AF26F
          SHA1:3A46C8FF4C280A09E1FD3B105882176A72232FA8
          SHA-256:2C1BD6E94011565D233DFB144A39FBCF5DFE03EC87CDE72E8B7D718166811424
          SHA-512:C1F4A65846F3B297146330A47C282F83412F0691A211BB34A0569C3CD412371BEE6C28AAFD8878A212913902076F2F3D3C10DE96BB91D6B93DB9660270F4212E
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):197418
          Entropy (8bit):6.312660032661474
          Encrypted:false
          SSDEEP:6144:NiSmy6iC1DgJTGUazNVhv8J6KqTqLdjvET+f:Nis3uTv8J67qLdjWY
          MD5:821287AA8B7C0E7AA8202280DD0492E6
          SHA1:380221B60E87C11F3393E5AABACEC5B68EFBC506
          SHA-256:335E02D133A5DBB33DC5016273172298C37EB932B93645D7F1B45A3D03ED9766
          SHA-512:05D13846BA2F74B8ED199DDAAA4BC88B2A4DA7F3D700CD8B6C6BDCA4A0ECA7C97D81A6B34ECE680FD593808B3759E8D61A4B85786DE5E46D4853C65D1741943C
          Malicious:false
          Preview:...@IXOS.@.....@...Z.@.....@.....@.....@.....@.....@......&.{A298D95F-BAD5-4292-A50E-696F9FC2A245}..Setup..setup64v.8.9.6.msi.@.....@.....@.....@........&.{7EE21D67-B320-4A35-BA36-021A13B9367B}.....@.....@.....@.....@.......@.....@.....@.......@......Setup......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{125CBCBA-123D-4311-82DD-4ABAFFD734C4}*.C:\Program Files (x86)\Windows NT\file.dat.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@p....@.....@......".C:\Program Files (x86)\Windows NT\....1\gujfn150\|Windows NT\......Please insert the disk: ..cab1.cab.@.....@......C:\Windows\Installer\641ff5.msi.........@........build.dat..lbd..build.dat.@.....@.....@.......@.............@.........@.....@.....@y...@JR.V.@...1.@...C....file.dat..lcd..file.dat.@.....@p[...@.......@.............@.........@.....@.
          Process:C:\Windows\System32\msiexec.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:modified
          Size (bytes):195584
          Entropy (8bit):6.305482571651475
          Encrypted:false
          SSDEEP:3072:aTmfSmy6iC1DEnaVkTRArIo3zNVhv8JibKZEi5/6WXXLdJJDEqGEYkEgSKP6/oG:aiSmy6iC1DgJTGUazNVhv8J6KqTqLdjP
          MD5:B851DBB4471BD83C81EBF3D727A29165
          SHA1:F3F0599D7D54C6D53DEA55696B6B80A25E8471FB
          SHA-256:577D8C6640439E1B05A47E377305CCB68DBFE253E56F10430FBDF4BB59537B3A
          SHA-512:15FD4DBDB3922C7355C42DFFFBB302B0E6B3A0B3B85BE1824940CC14316A4AE3107AE836B02EF19D4795F21DA56577D3555AC8C91BFD57F9FF871C33FA51A150
          Malicious:false
          Antivirus:
          • Antivirus: Virustotal, Detection: 10%, Browse
          Joe Sandbox View:
          • Filename: setup64v.3.6.7.msi, Detection: malicious, Browse
          • Filename: setup64v.5.9.3.msi, Detection: malicious, Browse
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....z.g.........." ................@...............................................2.....`.........................................`...p......(....p..........L............`......................................p...@...........`...h............................text...?........................... ..`.rdata.............................@..@.data....,..........................@....pdata..L...........................@..@.00cfg..8...........................@..@.gxfg... .... ......................@..@.retplne.....@.........................._RDATA.......P......................@..@.reloc.......`......................@..B.rsrc........p......................@..@........................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.1655232373707007
          Encrypted:false
          SSDEEP:12:JSbX72FjGDAGiLIlHVRpFh/7777777777777777777777777vDHF7eiql0i8Q:JoDQI5BTF
          MD5:FE06205BC0E61F70D4E6FCF73F79CFAE
          SHA1:743AF762BBEB6B8DFB3B56598FC2FFC97CEF2680
          SHA-256:9DAAEF414D86DD0610E905D88D732130C155C52569181C80941668ED35B7C4B7
          SHA-512:C14A69873B6C292EB766A70D29FC1D9E4D6F14DB91180DB9AE75732CA440D2201751BFDAC3A190F92604261B983B083658694B23673D38ED82AC9E8111AB2686
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.4701608255705387
          Encrypted:false
          SSDEEP:48:s8PheuRc06WXJEnT5kGdJYrZdeS5MPrydeSIACpLTi:Dhe1HnTHWeTbcCpL
          MD5:D799CCC02F2FAF6C719440D34F7B302F
          SHA1:C2874B7AA0A6F148418701921EA564C5441482A7
          SHA-256:9E2C1795FA0D1E3EB556C4A26AF42D650787DC32C3631C90E59A13060A365FAB
          SHA-512:BFECD24001820D421C35AA4798C1B0BD003D1ED2A436E14F77C0E85C57F0A65A6BD6EEEDB49FC7398F9BAAFA77A71DB890A3B761EE8DCF77F23D7CA21ED4FB03
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):360000
          Entropy (8bit):5.362954243944784
          Encrypted:false
          SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau+:zTtbmkExhMJCIpEl
          MD5:9B8786B283ECE40DFD5139377F7BE844
          SHA1:E136F78D978C01EFD040F957764F46F0BB9FF2F9
          SHA-256:BD663F238D7C8EBEE8AAF8B186D7DC1012E92D53FC578E767FFD52FD542CC333
          SHA-512:BF7F63AB88F0445C65CDA00ED81947FCFF61B7491F7B41B58F864DF5948AD6864A4B158B1875015EC917690D36EB18718C0B22AD4B226FA76FB7FA873896BBE9
          Malicious:false
          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):69632
          Entropy (8bit):0.10544878668198265
          Encrypted:false
          SSDEEP:24:Ina8Tis1EZLdB5GipVGdB5GipV7VqewGqlrkg4G+mJHG:ILTis1EldeScdeS5MPr4G/JHG
          MD5:2A72B4EDBC0E5CC46E5495AD43EC1225
          SHA1:248A83990ED5EB5EC0023532CC4DF9D03FDFFBD5
          SHA-256:3E70668D527A7960C67AF872C7E39F79FA4DC4273A71EF9B0910ABCF8ECB0406
          SHA-512:C94E9C8F6AAC3E93D4E9431C49F30B032FA31C823DF5BE354DFFED941C104D66578A8D9AA50A19E30363D6D23765ABF6C8EBAB5BF44D94F7F0C79476976F861B
          Malicious:false
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):512
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3::
          MD5:BF619EAC0CDF3F68D496EA9344137E8B
          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
          Malicious:false
          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):512
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3::
          MD5:BF619EAC0CDF3F68D496EA9344137E8B
          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
          Malicious:false
          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):1.1844328575998782
          Encrypted:false
          SSDEEP:48:Pn2uZNveFXJbT5uGdJYrZdeS5MPrydeSIACpLTi:v2pDTNWeTbcCpL
          MD5:E75C185AE1FEB75D06BDF5E23575D0A4
          SHA1:0B7115D30506B5523E3F881BA042430825FAD578
          SHA-256:9D11471CCD463D17298198E83F7E1E2E9DFA01824D9819CF5C8CDE32FD003FD6
          SHA-512:20AE6C0E73D5F0379BB80B5964D24A2E72731A5C8A2A2FDDFC564CEE0AFCDA627715EE20E8314F0DFA0F48D26A59DD81B1EEE8F3714C5D7E11A48CB3211915D3
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):512
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3::
          MD5:BF619EAC0CDF3F68D496EA9344137E8B
          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
          Malicious:false
          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.4701608255705387
          Encrypted:false
          SSDEEP:48:s8PheuRc06WXJEnT5kGdJYrZdeS5MPrydeSIACpLTi:Dhe1HnTHWeTbcCpL
          MD5:D799CCC02F2FAF6C719440D34F7B302F
          SHA1:C2874B7AA0A6F148418701921EA564C5441482A7
          SHA-256:9E2C1795FA0D1E3EB556C4A26AF42D650787DC32C3631C90E59A13060A365FAB
          SHA-512:BFECD24001820D421C35AA4798C1B0BD003D1ED2A436E14F77C0E85C57F0A65A6BD6EEEDB49FC7398F9BAAFA77A71DB890A3B761EE8DCF77F23D7CA21ED4FB03
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):512
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3::
          MD5:BF619EAC0CDF3F68D496EA9344137E8B
          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
          Malicious:false
          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):1.1844328575998782
          Encrypted:false
          SSDEEP:48:Pn2uZNveFXJbT5uGdJYrZdeS5MPrydeSIACpLTi:v2pDTNWeTbcCpL
          MD5:E75C185AE1FEB75D06BDF5E23575D0A4
          SHA1:0B7115D30506B5523E3F881BA042430825FAD578
          SHA-256:9D11471CCD463D17298198E83F7E1E2E9DFA01824D9819CF5C8CDE32FD003FD6
          SHA-512:20AE6C0E73D5F0379BB80B5964D24A2E72731A5C8A2A2FDDFC564CEE0AFCDA627715EE20E8314F0DFA0F48D26A59DD81B1EEE8F3714C5D7E11A48CB3211915D3
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):1.4701608255705387
          Encrypted:false
          SSDEEP:48:s8PheuRc06WXJEnT5kGdJYrZdeS5MPrydeSIACpLTi:Dhe1HnTHWeTbcCpL
          MD5:D799CCC02F2FAF6C719440D34F7B302F
          SHA1:C2874B7AA0A6F148418701921EA564C5441482A7
          SHA-256:9E2C1795FA0D1E3EB556C4A26AF42D650787DC32C3631C90E59A13060A365FAB
          SHA-512:BFECD24001820D421C35AA4798C1B0BD003D1ED2A436E14F77C0E85C57F0A65A6BD6EEEDB49FC7398F9BAAFA77A71DB890A3B761EE8DCF77F23D7CA21ED4FB03
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.07308140290898305
          Encrypted:false
          SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOEHziTYhowVky6lq:2F0i8n0itFzDHF7eiq
          MD5:3966FDBD85D130FAB593BD6A5E316092
          SHA1:8EE8D58DD5D32A3DDF6B60402EEB84FFC1257AFD
          SHA-256:A7A8F5E3C898A16ED2B2864D3F82F70FD90F1085DD6897447580B507C5283A45
          SHA-512:15CD0E932A5CF983033710594ACFAFE51520B3DD025492C9004DB8BB990F646CD03933E5AC5A9D3B9830CC7FF2383696C14EC43BE1D81C330CA70D2875234345
          Malicious:false
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):1.1844328575998782
          Encrypted:false
          SSDEEP:48:Pn2uZNveFXJbT5uGdJYrZdeS5MPrydeSIACpLTi:v2pDTNWeTbcCpL
          MD5:E75C185AE1FEB75D06BDF5E23575D0A4
          SHA1:0B7115D30506B5523E3F881BA042430825FAD578
          SHA-256:9D11471CCD463D17298198E83F7E1E2E9DFA01824D9819CF5C8CDE32FD003FD6
          SHA-512:20AE6C0E73D5F0379BB80B5964D24A2E72731A5C8A2A2FDDFC564CEE0AFCDA627715EE20E8314F0DFA0F48D26A59DD81B1EEE8F3714C5D7E11A48CB3211915D3
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Windows\System32\msiexec.exe
          File Type:data
          Category:dropped
          Size (bytes):512
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3::
          MD5:BF619EAC0CDF3F68D496EA9344137E8B
          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
          Malicious:false
          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Setup, Author: QT, Keywords: Installer, Comments: rbfdgh, Template: Intel;1033, Revision Number: {7EE21D67-B320-4A35-BA36-021A13B9367B}, Create Time/Date: Tue Jan 14 15:05:48 2025, Last Saved Time/Date: Tue Jan 14 15:05:48 2025, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
          Entropy (8bit):7.998961425494256
          TrID:
          • Microsoft Windows Installer (60509/1) 88.31%
          • Generic OLE2 / Multistream Compound File (8008/1) 11.69%
          File name:setup64v.8.9.6.msi
          File size:30'605'312 bytes
          MD5:b9176cd618155f0e05a0d0569d9af26f
          SHA1:3a46c8ff4c280a09e1fd3b105882176a72232fa8
          SHA256:2c1bd6e94011565d233dfb144a39fbcf5dfe03ec87cde72e8b7d718166811424
          SHA512:c1f4a65846f3b297146330a47c282f83412f0691a211bb34a0569c3cd412371bee6c28aafd8878a212913902076f2f3d3c10de96bb91d6b93db9660270f4212e
          SSDEEP:786432:KsSOzh/I+sDl+U+6/aQhgN4YHQ50WAHc/oW252:KJc/I+WYAtYescgWV
          TLSH:5B67331A60436B75E9329230C08F3C19729A7E18A9739D2F9674BA4D4F37B72353B706
          File Content Preview:........................>......................................................................................................................................................................................................................................
          Icon Hash:2d2e3797b32b2b99
          No network behavior found
          050100s020406080100

          Click to jump to process

          050100s0.0020406080MB

          Click to jump to process

          Target ID:2
          Start time:23:04:17
          Start date:14/01/2025
          Path:C:\Windows\System32\msiexec.exe
          Wow64 process (32bit):false
          Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup64v.8.9.6.msi"
          Imagebase:0x7ff650650000
          File size:69'632 bytes
          MD5 hash:E5DA170027542E25EDE42FC54C929077
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          Target ID:4
          Start time:23:04:17
          Start date:14/01/2025
          Path:C:\Windows\System32\msiexec.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\msiexec.exe /V
          Imagebase:0x7ff650650000
          File size:69'632 bytes
          MD5 hash:E5DA170027542E25EDE42FC54C929077
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:false
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          Target ID:9
          Start time:23:04:22
          Start date:14/01/2025
          Path:C:\Windows\System32\msiexec.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\System32\MsiExec.exe -Embedding 2454DEA836F35E69FAC3DA4D5A5A3836 E Global\MSI0000
          Imagebase:0x7ff650650000
          File size:69'632 bytes
          MD5 hash:E5DA170027542E25EDE42FC54C929077
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          No disassembly