Edit tour

Windows Analysis Report
20200825-Kata_Eng10.1 (for cad2007-cad2012).msi

Overview

General Information

Sample name:20200825-Kata_Eng10.1 (for cad2007-cad2012).msi
Analysis ID:1675941
MD5:b631814c04464def5dd2f67d24271a78
SHA1:3012bb799cb545fdc9d05f7039e08611426325c4
SHA256:7b7893eb3aeb2934dd6a0f032fb57a4ec4e692eefe3184290359dcdad9731d54
Infos:

Detection

Score:36
Range:0 - 100
Confidence:40%

Signatures

PE file contains section with special chars
PE file has nameless sections
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Msiexec Execute Arbitrary DLL
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • msiexec.exe (PID: 3120 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\20200825-Kata_Eng10.1 (for cad2007-cad2012).msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 5096 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5952 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 1B690C7BDCE42DE855D8925AEA24ACE1 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7708 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 55B6C0BB8444E8B140D0B9656ECAAA2E MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 5296 cmdline: "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Kata_pro\kata_pro.dll" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Kata_pro\kata_pro.dll", CommandLine: "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Kata_pro\kata_pro.dll", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\msiexec.exe, NewProcessName: C:\Windows\SysWOW64\msiexec.exe, OriginalFileName: C:\Windows\SysWOW64\msiexec.exe, ParentCommandLine: C:\Windows\system32\msiexec.exe /V, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 5096, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Kata_pro\kata_pro.dll", ProcessId: 5296, ProcessName: msiexec.exe
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\msiexec.exe, ProcessId: 5096, TargetFilename: C:\Kata_pro\Kata ENG.xlsm
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: Binary string: F:\binaries\Intermediate\vbextras\vbpowerpacks.vbproj__268534120\objr\x86\Microsoft.VisualBasic.PowerPacks.Vs.pdb source: Microsoft.VisualBasic.PowerPacks.Vs.dll.1.dr
Source: Binary string: DPCA.pdb source: 20200825-Kata_Eng10.1 (for cad2007-cad2012).msi, 4c0741.msi.1.dr, MSI8A9.tmp.1.dr, MSIF083.tmp.0.dr, MSIEFF5.tmp.0.dr, MSI927.tmp.1.dr, 4c0743.msi.1.dr
Source: Binary string: DPCA.pdbD source: 20200825-Kata_Eng10.1 (for cad2007-cad2012).msi, 4c0741.msi.1.dr, MSI8A9.tmp.1.dr, MSIF083.tmp.0.dr, MSIEFF5.tmp.0.dr, MSI927.tmp.1.dr, 4c0743.msi.1.dr
Source: Binary string: E:\Quan2\Security\Security\obj\Release\Security.pdb source: Security.DLL.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: Kata_pro64.dll.1.drString found in binary or memory: http://katapro.net

System Summary

barindex
Source: Kata_pro64.dll.1.drStatic PE information: section name: #n9|Vj2
Source: Kata_pro64.dll.1.drStatic PE information: section name:
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4c0741.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A9.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI927.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{5AFB202C-25DB-49D3-B56F-6A590865F1C8}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9C4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{5AFB202C-25DB-49D3-B56F-6A590865F1C8}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{5AFB202C-25DB-49D3-B56F-6A590865F1C8}\_70A9E9281462C8CBFEA864.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{5AFB202C-25DB-49D3-B56F-6A590865F1C8}\_553557070ECC3E0BFC86ED.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4c0743.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4c0743.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI8A9.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI927.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\4c0743.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI9C4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\4c0741.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: Kata ENG.xlsm.1.drOLE, VBA macro line: 'Sub Workbook_Open()
Source: Kata.xlsm.1.drOLE, VBA macro line: 'Sub Workbook_Open()
Source: 20200825-Kata_Eng10.1 (for cad2007-cad2012).msiBinary or memory string: OriginalFilenameDPCA.DLL^ vs 20200825-Kata_Eng10.1 (for cad2007-cad2012).msi
Source: Microsoft.VisualBasic.PowerPacks.Vs.dll.1.drBinary or memory string: F:\binaries\Intermediate\vbextras\vbpowerpacks.vbproj__268534120\objr\x86\Microsoft.VisualBasic.PowerPacks.Vs.pdb
Source: kata_pro.dll.1.drBinary or memory string: *\AE:\Dropbox\Programming\KATA_PRO\kata_pro.vbpT@
Source: classification engineClassification label: sus36.winMSI@8/215@0/0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\Public\Desktop\Kata X.1.lnkJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeMutant created: NULL
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIEFF5.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\20200825-Kata_Eng10.1 (for cad2007-cad2012).msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1B690C7BDCE42DE855D8925AEA24ACE1 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 55B6C0BB8444E8B140D0B9656ECAAA2E
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Kata_pro\kata_pro.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1B690C7BDCE42DE855D8925AEA24ACE1 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 55B6C0BB8444E8B140D0B9656ECAAA2EJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Kata_pro\kata_pro.dll"Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msvbvm60.dllJump to behavior
Source: KATA X.1.lnk.1.drLNK file: ..\..\..\..\..\..\Windows\Installer\{5AFB202C-25DB-49D3-B56F-6A590865F1C8}\_70A9E9281462C8CBFEA864.exe
Source: Kata X.1.lnk.1.drLNK file: ..\..\..\Windows\Installer\{5AFB202C-25DB-49D3-B56F-6A590865F1C8}\_553557070ECC3E0BFC86ED.exe
Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 20200825-Kata_Eng10.1 (for cad2007-cad2012).msiStatic file information: File size 4742656 > 1048576
Source: Binary string: F:\binaries\Intermediate\vbextras\vbpowerpacks.vbproj__268534120\objr\x86\Microsoft.VisualBasic.PowerPacks.Vs.pdb source: Microsoft.VisualBasic.PowerPacks.Vs.dll.1.dr
Source: Binary string: DPCA.pdb source: 20200825-Kata_Eng10.1 (for cad2007-cad2012).msi, 4c0741.msi.1.dr, MSI8A9.tmp.1.dr, MSIF083.tmp.0.dr, MSIEFF5.tmp.0.dr, MSI927.tmp.1.dr, 4c0743.msi.1.dr
Source: Binary string: DPCA.pdbD source: 20200825-Kata_Eng10.1 (for cad2007-cad2012).msi, 4c0741.msi.1.dr, MSI8A9.tmp.1.dr, MSIF083.tmp.0.dr, MSIEFF5.tmp.0.dr, MSI927.tmp.1.dr, 4c0743.msi.1.dr
Source: Binary string: E:\Quan2\Security\Security\obj\Release\Security.pdb source: Security.DLL.1.dr
Source: Kata_pro64.dll.1.drStatic PE information: section name: #n9|Vj2
Source: Kata_pro64.dll.1.drStatic PE information: section name:
Source: C:\Windows\System32\msiexec.exeFile created: C:\Kata_pro\AutoCAD.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Kata_pro\Kata_pro64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Kata_pro\Microsoft.VisualBasic.PowerPacks.Vs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIF083.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Kata_pro\kata_pro.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI927.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIEFF5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Kata_pro\Security.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI927.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KataJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kata\KATA X.1.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Kata_pro\AutoCAD.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Kata_pro\Kata_pro64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Kata_pro\Microsoft.VisualBasic.PowerPacks.Vs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF083.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Kata_pro\kata_pro.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI927.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIEFF5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8A9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Kata_pro\Security.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Kata_pro\kata_pro.dll"Jump to behavior
Source: Microsoft.VisualBasic.PowerPacks.Vs.dll.1.drBinary or memory string: Shell_TrayWnd;ExceptionStr_GetDC_UnexpectedUExceptionStr_CreateCompatibleDC_UnexpectedQExceptionStr_CreateDIBSection_Unexpected=ExceptionStr_BitBlt_Unexpected
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
1
Replication Through Removable Media
Windows Management Instrumentation1
Scripting
12
Process Injection
21
Masquerading
OS Credential Dumping2
Process Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
12
Process Injection
LSASS Memory11
Peripheral Device Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
DLL Side-Loading
Security Account Manager1
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion
NTDS11
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1675941 Sample: 20200825-Kata_Eng10.1 (for ... Startdate: 28/04/2025 Architecture: WINDOWS Score: 36 29 PE file contains section with special chars 2->29 31 PE file has nameless sections 2->31 6 msiexec.exe 269 231 2->6         started        9 msiexec.exe 11 2->9         started        process3 file4 17 C:\Windows\Installer\MSI927.tmp, PE32 6->17 dropped 19 C:\Windows\Installer\MSI8A9.tmp, PE32 6->19 dropped 21 C:\Kata_pro\kata_pro.dll, PE32 6->21 dropped 27 4 other files (none is malicious) 6->27 dropped 11 msiexec.exe 45 6->11         started        13 msiexec.exe 1 6->13         started        15 msiexec.exe 1 6->15         started        23 C:\Users\user\AppData\Local\...\MSIF083.tmp, PE32 9->23 dropped 25 C:\Users\user\AppData\Local\...\MSIEFF5.tmp, PE32 9->25 dropped process5

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
20200825-Kata_Eng10.1 (for cad2007-cad2012).msi2%VirustotalBrowse
20200825-Kata_Eng10.1 (for cad2007-cad2012).msi3%ReversingLabs
SourceDetectionScannerLabelLink
C:\Kata_pro\AutoCAD.dll0%ReversingLabs
C:\Kata_pro\Kata_pro64.dll8%ReversingLabs
C:\Kata_pro\Microsoft.VisualBasic.PowerPacks.Vs.dll0%ReversingLabs
C:\Kata_pro\Security.DLL0%ReversingLabs
C:\Kata_pro\kata_pro.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIEFF5.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIF083.tmp0%ReversingLabs
C:\Windows\Installer\MSI8A9.tmp0%ReversingLabs
C:\Windows\Installer\MSI927.tmp0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://katapro.net0%Avira URL Cloudsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://katapro.netKata_pro64.dll.1.drfalse
  • Avira URL Cloud: safe
unknown
No contacted IP infos
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1675941
Start date and time:2025-04-28 07:17:03 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 58s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsofficecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:23
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:20200825-Kata_Eng10.1 (for cad2007-cad2012).msi
Detection:SUS
Classification:sus36.winMSI@8/215@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .msi
  • Close Viewer
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, dllhost.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 69.192.44.226, 4.245.163.56, 131.253.33.254
  • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtSetInformationFile calls found.
No simulations
No context
No context
No context
No context
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Kata_pro\Microsoft.VisualBasic.PowerPacks.Vs.dllhttps://github.com/oLDschollBozz/BF2042GalaxyGet hashmaliciousPureLog Stealer, zgRATBrowse
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:modified
    Size (bytes):36838
    Entropy (8bit):5.855559671290065
    Encrypted:false
    SSDEEP:384:Q0litQuAfK04CrC+URkFD+d7Hec2WPpPtrxt+1uyNf4KeblBJ+ERVpB:QC+ASp+UkBwn2WxM1uQAK4BJJRVj
    MD5:0E1C101D22189DDBD8F8A68FA28CF095
    SHA1:4925C1E99FE113E1936D1B5BDBC53C5C3B41131B
    SHA-256:8220D49F5799EB4FCE8EB1B78090433833214E5DF137093B96F7A40F0251FAA1
    SHA-512:7FA2BD946F0928FCC529CF1B5762C0BEAB7390905C47094D63BBCF75EFB178C2EC777F4D0FCBE7DD1B986A9F9429BEE374E239C4D81EC28D997F084D06B96DCF
    Malicious:false
    Reputation:low
    Preview:...@IXOS.@.....@f..Z.@.....@.....@.....@.....@.....@......&.{5AFB202C-25DB-49D3-B56F-6A590865F1C8}..KATA 10.1/.20200825-Kata_Eng10.1 (for cad2007-cad2012).msi.@.....@.....@.....@........&.{5CB5BFC2-E1D9-44D5-A09B-3843288EBB79}.....@.....@.....@.....@.......@.....@.....@.......@......KATA 10.1......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{56D8CA8F-1A97-8C05-54F2-E8B0CEFE1257}&.{5AFB202C-25DB-49D3-B56F-6A590865F1C8}.@......&.{0D5A9279-ACA4-6CDC-C58B-36660F0E5B64}&.{5AFB202C-25DB-49D3-B56F-6A590865F1C8}.@......&.{B4CA49C1-3683-945B-0F06-FEC22C22E456}&.{5AFB202C-25DB-49D3-B56F-6A590865F1C8}.@......&.{F4A083F2-4B1C-8503-7FFF-5E14B7E86349}&.{5AFB202C-25DB-49D3-B56F-6A590865F1C8}.@......&.{FF2ECA27-CA01-3681-FADA-F9C7EEA4FE15}&.{5AFB202C-25DB-49D3-B56F-6A590865F1C8}.@......&.{054B1D72-4C49-E89A-05C5-087171F604A9}&.{5AFB202C-25DB-49D3-B56F-6A590865F1C8}.@......&.{D8E3DA6F-433C-B3F7-13E7-3AAD
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):1159168
    Entropy (8bit):5.499447163571773
    Encrypted:false
    SSDEEP:24576:8hQDd2i+dNnovF/FL9/9bmyOCz/hRExkTe+y6H9QZwrQgIy0snP0agrgmKSvDU1v:8hQDd2i+dNnovF/FL9/9bmyOCz/hRExZ
    MD5:81C0A32D5FE030D229D668252EDF8436
    SHA1:E6862E20A5DB198AD65702F31B932B1B42225279
    SHA-256:E7D785C4A69F00DDC72576FA1918922A838E8268B614727D1583F3137FEDFD93
    SHA-512:6F9C2BC387D01BD6030EC60F861243C1653CC1F36D184551767897E77FC421A0BBA6F42F7958E5A8D66BF467EA2BED5169A181E99D7CC2B6542DFD7362C23B69
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....zS...........!......... ......~.... ........@.. ....................................@.................................$...W.......H............................................................................ ............... ..H............text....q... ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Lisp/Scheme program, ISO-8859 text, with CRLF line terminators
    Category:dropped
    Size (bytes):2647
    Entropy (8bit):5.028455496448671
    Encrypted:false
    SSDEEP:48:tg01AKQCdpY3gT58iwVkhX5XG6DHtby1h50doNpBuq+0q+xtCH+T:W0m8PWiekhXPy4doNzmOH
    MD5:48C8E155BAE49FE28DFA31DEFB9142E4
    SHA1:683B4210C12363AAA6BB2C4111450FD95CAE63EB
    SHA-256:C8099EE8D2C21520AC9A1F3E75868CB43E25CABDF4B4DAEB3A3B6BFC6E0CBF78
    SHA-512:8CE812B84F39300A9D0F0EDE1A37BF86A1D9EAEC14FD1E1E3B7F854926F220D0E394B2FA7DE92D8D1373E6B2B06B5197AC7E02B7CC6BB4E5DAC2AA56A269ADA5
    Malicious:false
    Reputation:low
    Preview:(cond.. ((>= (atof (getvar 'AcadVer)) 19.0).. (command "netload" "C:\\Kata_pro\\Kata_pro64_Cad2013.dll")... ).. (.. (command "netload" "C:\\Kata_pro\\Kata_pro64.dll").. )..)..(setq tinhtrangmenutienich (menugroup "menukata")) ...(Cond....((= tinhtrangmenutienich nil) .......(cond.. ....((>= (atof (getvar 'AcadVer)) 18.0).. ....(command "_cuiload" "C:\\kata_pro\\menukata.cuix").. ....)......(.. ....(command "_cuiload" "C:\\kata_pro\\menukata.cui").. ....).....).... .(menucmd "P13=+menukata.pop1")....)....((/= tinhtrangmenutienich nil) ....)...)..(defun c:tstt()(command "-vbarun" "tk_san.tang_stt"))..(defun c:rthep()(command "-vbarun" "rai_thep.rai_block_thep"))..(defun c:lv()(command "-vbarun" "profile.level"))..(defun c:lv1()(command "-vbarun" "profile.level1"))..(defun c:dao()(command "-vbarun" "profile.dao_so_hieu"))..(defun c:ad()(command "-vbarun" "profile.ad"))..(defun c:cht()(command "-vbarun" "profile.doi_text_blockcd"))..(defun c:setupkata()(command "setupkata1"))..;;;;;;;;
    Process:C:\Windows\System32\msiexec.exe
    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):366
    Entropy (8bit):7.046316611347767
    Encrypted:false
    SSDEEP:6:6v/lhPkR/C+zokmduHsJ90obXBv6MuNAYCgI8UaeRVCMS+IiFp:6v/78/okmLf0olizeXZain3r
    MD5:820C19ED0E8EB86D3DC3E00D40526BD9
    SHA1:49542ED32852F50F182768CF81978876007C9FB1
    SHA-256:5BCCEA15AF90CDDC9D0EFF1E7B96678D1AC6C8AF5000B6C2E1E13171024EF9A5
    SHA-512:CE83963A6B749ED9CA388EDECE4DBA3DCBEA864374EA7A44FC8E10462D3DDD5E95C977618B0E31A7A912599FD281F41273EE98D9CD8003EF3B335FD0F753C5FA
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O...m.0.F=.+..e.:.@K..H..".0.......c....9&..R..,.......<.4.Xk...82....a.&.M.yNk.....eY....7A.u..k.c..d.......yA......8..'p..0.......:'.~...x.]A..@.Y#..X.........?..-I....3..%I@x....B8>.G.aBc~7/'..7q.5CP.z. ...$.O......Oa0.0$......... .R..V>.O<_..t......IEND.B`.
    Process:C:\Windows\System32\msiexec.exe
    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):266
    Entropy (8bit):6.478788177236572
    Encrypted:false
    SSDEEP:6:6v/lhPkR/C+cgSsLMI8cxGzeZT3Jl7hgBDHp:6v/78/UI8cpf6BDJ
    MD5:E79B34E3A890EF8052F1706396EEDD28
    SHA1:2A8E3E62DE9B47D58B9F40BD8C3AA4A7796C1777
    SHA-256:1318FAF434D75B66A116C5F7A66E81FC48D9CB15259E189A29C52CB49B3BCC9D
    SHA-512:8B6C204FE5427E53F5E0E489C8362710372D495CCEF20FDC5E100C33E99A571A40AF18CCB2991735FA57AF451CA3BD7BDD630E1DEDF07ABF582004228E364581
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O..Q.. .C..g.cpI..bI..qI#c..*.t(.d.......:...B...x..A".xAk......;...7...l.h..]....B.....`T...-...1.....W-K<.f.@.8...*..l.O.}t.~.Da*.. .l..0E.2.%.W.7..2fV.......IEND.B`.
    Process:C:\Windows\System32\msiexec.exe
    File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, image size 768, cbSize 822, bits offset 54
    Category:dropped
    Size (bytes):822
    Entropy (8bit):2.9159978538028253
    Encrypted:false
    SSDEEP:12:EflYuXuonn6zt/bIU6gT/5RwjtHQ3AGan:EtVXuon6zt/VFop1n
    MD5:CDB72CCA0EFADE34305FAB12876825B8
    SHA1:5A7879D4D27E66567D389D3C25AF7C0B40F0B7DE
    SHA-256:01C713CAE1CD215059426BB4C31669BB9FC87414B279876B7083C93FA1545D25
    SHA-512:FB24531021A75C8DD4914AD42C8810DEC8CB394002D5316C897DBE89E41CB93DE5DD0A0B2393F93DE7C0EE5923DCDFF1EE9785D5BB1DF3F253D458A9B416C3D9
    Malicious:false
    Reputation:low
    Preview:BM6.......6...(................................................_______________........................_________MT_.2..2..2.____________________________________.2..S..C..3..2._________________________________.2..c..S..C..3.999______________________________.2..W..c..T.999|oe999______________________________.2..W.999.....|oe999______________________________999.........999.R.999______________________________999...999c......R.999______________________________999.p....b......R.999______________________________999.p....b......R.999______________________________999.p....a......R.999______________________________999.q....`......R._________________________________999.s....`.....____________________________________999.t...._.._______________________________________999.v....__________________________________________999.w.
    Process:C:\Windows\System32\msiexec.exe
    File Type:PC bitmap, Windows 3.x format, 32 x 32 x 24, image size 3072, resolution 1 x 1 px/m, cbSize 3126, bits offset 54
    Category:dropped
    Size (bytes):3126
    Entropy (8bit):6.113205061808775
    Encrypted:false
    SSDEEP:48:DfYovxHgWO2/y7G9SDD1Upz/khT6Xk6s:DfzAsdUDDgmyDs
    MD5:F6E1BA01C3E305127CD3059B7BFBB6A9
    SHA1:EC735BFE46969C6BAD68F0944A5ED179D2F357CD
    SHA-256:208C0E7225A6DB6672FE748676DA1AD449F24C2B96EA7BE1FF74245719F04014
    SHA-512:4FC0F45135722B4C6A133ACBE54C3DC3E4A69BD1ADD54DD85DD3BB4164707C2A9695C577CBAB84F8DA838D49ACB3FAFDC50D24E425C954B41DF5745FA1C8ECFA
    Malicious:false
    Preview:BM6.......6...(... ... ....................................................................................................................................................................................................................................................NLKLJILJIMKJECC:87=;:@>=...............DBA=;::88B@?MKJLJILJIKIH.....................SSSNNN=<<XVS.....................|zyGED998OOO998HFD}{y.....................[YW#"!.....................c`_......ywu\ZYQONVTSda_eca......VSR...][Z......fdb`^\WUTRPOa^]}{y......\ZY.....................TRQ..............xvuVTSVSRTRQUSRUSRTRPUSRUSRTRQVSRVTSyvv......LJJ......a_^.....................ZXW...{yw.........`^\................................._\Z...........~...ged.....................a_^..............}{vtrrpnpnkqolqompnlqonqompnkrpnurp.........TRP......oll.....................ywu.......ljipnmrpoqon.........}{{...}tl.......qonqnmnlknlk.........wus........................ywu.................................dy}.......................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PC bitmap, Windows 3.x format, 128 x 128 x 24, image size 49152, cbSize 49206, bits offset 54
    Category:dropped
    Size (bytes):49206
    Entropy (8bit):4.339141986564235
    Encrypted:false
    SSDEEP:768:tntmn9Ij2Wnm58CIksy8hs5daiJh8AuRnp:t0IEq
    MD5:7C270D2C25DD9FE9E912857148A84C14
    SHA1:4A081DF75D297E1B803124F2C08DF709397C1313
    SHA-256:4F842A1DE27169C8E3CE2FD9643238EA593022B1AEE073CB416E80205EF0C8C9
    SHA-512:E36D47363BD81485AD79958ED6DCB1CAB0B3C38BDCC5787D7050C69AB10E06D49F85F32C7BCB26405515E909D4DA85067A1837326DA8FD9B5956C83429E35CB1
    Malicious:false
    Preview:BM6.......6...(.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PC bitmap, Windows 3.x format, 32 x 30 x 24, resolution 3780 x 3780 px/m, cbSize 2934, bits offset 54
    Category:dropped
    Size (bytes):2934
    Entropy (8bit):5.027399659186355
    Encrypted:false
    SSDEEP:48:BPyvUMQA+VvH3AQTeduGEBUDSq6FJghKUwgtivLff+AVV9n:4UMQnv3YuboLtiTf/
    MD5:2F37304EA2BAB354BE7500F30F0345F9
    SHA1:AC389E4D0A7EFB3706AF2ECD293F020B3177A380
    SHA-256:51BB38FBB5A638CAED9234B0AAE14320A01566264F774DD75E44700E5C1B19BC
    SHA-512:B3BE400CEF1FE4F82A2A7F28520546E65575EEEAB03A9E34968DF323CCABC8A2B958FFD99AB3C4E12E03A0199F6E4FDD2D1AB73F506C8FE3B6CB6524F82E9C8E
    Malicious:false
    Preview:BMv.......6...(... ......................................%.. ....h..".......................................................................!..k"..".....#..&.."....u.....................................Za................[`..............u ..#.."........%..".......{.."............................[`.......CG....BG.......Za....."..{ ..!..#..........=...!..).......q..".....................................................$..p...$..".......>........;......".......|..+.........................DI................CG.....|!..&..........;..............0...!..$.. .......:.........................................?.r."..!..........2..........................."..".......>...................DF..............=.).&$.$..........-..........................3... ..!.. .......I.............................F...!%.".. ....}..2................................*..{...&..!.......H..........Za.......CN..L.&."%.$..!&...}..*......................................,..m#..#..#.......U..........]_......!X.#".'.."$...n..)....
    Process:C:\Windows\System32\msiexec.exe
    File Type:PC bitmap, Windows 3.x format, 32 x 32 x 24, image size 3072, resolution 3780 x 3780 px/m, cbSize 3126, bits offset 54
    Category:dropped
    Size (bytes):3126
    Entropy (8bit):3.789207406985369
    Encrypted:false
    SSDEEP:24:psvZO949EUHs5w8Ny8EbZAqHlENrrlAb4XAFf+s8Q9fj7PyiV1bUH:SvZOhSIs8EhHlsvlC4XJvQxjryirI
    MD5:D24AB68DB2122102B62E7BF6DAC8D35F
    SHA1:6A14BCD4B5216705D82475A528DBFB4108D7FEDD
    SHA-256:2F246EA3CFF523707342F10B299FEF6BA89E5851DF724509D0C71EACE8703BDF
    SHA-512:A30D7CA4476EAD8BAB22F3FA661E281315DDE140E63D88856880669A3E047AEE8322983EA2F44E9432DAB98920300E3F272A06560CDDCBA669E3ECC364A3F10B
    Malicious:false
    Preview:BM6.......6...(... ... .............................................................................................................................................................................................................................................................................................................................................tqppmllihqnm..............................................................................~|...............jgf...................................................................................~|........jgf.............................................................................................jgf...........................................................................................jgf............................................................................................jgf.............................................................................................jgf.....................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PC bitmap, Windows 3.x format, 32 x 32 x 24, image size 3072, resolution 3780 x 3780 px/m, cbSize 3126, bits offset 54
    Category:dropped
    Size (bytes):3126
    Entropy (8bit):4.812350606380558
    Encrypted:false
    SSDEEP:24:psfZOSZ1RwfP49yr4YkNBoDzZbXxP4Gi+v8Kr8fZYlmN6c6fOQH+rh2s2HPYdO8b:SfZOArwfMWZmGaKp26fOQeVTw7i
    MD5:6E82492AEF6CB74A8626CE8687CD4B92
    SHA1:6DD8691CA67EA53190566A2F4D0F1C5E2B4A9A16
    SHA-256:B7A5165F8723CED8695C06E2DB9C837D2A5B97D23395E8711DB338440B4FCA71
    SHA-512:37A59FB235C91A1B8E00BAFF85A816A3998608AB638397ABB738BE34129D79A955ABFE71A0440E85D67658D4D95F3614620362C6ABD17631040D2FB1FA3669A2
    Malicious:false
    Preview:BM6.......6...(... ... .............................................................................................................................................................................................................................................................................................................................................tqppmllihqnm..............................................................................~|...............jgf....................................................................................|........jgf.....................o...............................................................ron.....jgf..................H....................o..Q.........................................spo.....jgf...............5.................}..A..............................................tqp.....jgf............!.............../......................................................tqp.....jgf....................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PC bitmap, Windows 3.x format, 32 x 32 x 24, image size 3072, resolution 1 x 1 px/m, cbSize 3126, bits offset 54
    Category:dropped
    Size (bytes):3126
    Entropy (8bit):3.8134126443484035
    Encrypted:false
    SSDEEP:48:2WZOJJpc5c6U33jHH7tTTMMOh8poEHIAS2m40w9j:2xUe33nF9hpXPm4N
    MD5:CA946950D3CC3E39F1B445EC7F2A947A
    SHA1:1793C6EC0278E924990742C9DFB4B43EECCCA6B1
    SHA-256:D60950450727EA4F4880F1D74B0D6BFF15CE823CA67CFDBE7D505C19439B211B
    SHA-512:62CDCD6421159AEB6F8C3BB33455BE150CE00F428205F1B4C3E424E5D1E3D47DA0E49D75930D4E446B866381F05C1F00574614C962ECF9905D9267625CE19A23
    Malicious:false
    Preview:BM6.......6...(... ... .............................................................................................................................................................................................................................................................jpu6Rd..........................................................................................Gk.^RK>Vi.Hk...............................................................jgetqppmllihfcb310......Geybv.o..*n..9Y.......................................................~|...............jgfFCA...#f.u.......L..;m.................................................zwv...........|........jgeE?=...i........V.....=m.......................................................zxvb`^ljgron.....lfcA:6.Gk......^........>m...................................................B@@......lihspo.....lfb:3/)..|.....b........>m...............................................a_^.........lihtqp.....keb70,*}.~.....b........>m....................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PC bitmap, Windows 3.x format, 32 x 30 x 24, resolution 3780 x 3780 px/m, cbSize 2934, bits offset 54
    Category:dropped
    Size (bytes):2934
    Entropy (8bit):3.3734281576729037
    Encrypted:false
    SSDEEP:48:yjtWH6Dr6RkhesPkDQtqwSbwAt/d040lAPQF:yj460kwskstqwGdhdmlF
    MD5:20D5B8C210C3F6819EBE21D510D3963F
    SHA1:6A8246AC435F6E0F9D6DAD7A64F82E433B75BC86
    SHA-256:5F7C85C0B0AD1CEFB076629F2E75CBED739646045FAA2C9AC8F55E738A5F8891
    SHA-512:ECCA66EB7B6B8CCD3EA1A38DC892596CF58A136A2C49E2FABA4E80B820D08E5EE6C673825958DFAD58459C7AD1A4C67028B75DCF9CBFAEA95BDC88F256DE3B7C
    Malicious:false
    Preview:BMv.......6...(... .......................................................................................................................................................................................................................................................................................Zb................[`.........................................................................\a.......DD....BD.......Ya.........................................................................................................................................................................EE................DF..................................................................................ux........................................................................................BH.ns.......-0....BG........................................................................................12...........................................................................................CG.OS.......\a.......
    Process:C:\Windows\System32\msiexec.exe
    File Type:DWG AutoDesk AutoCAD 2007/2008/2009
    Category:dropped
    Size (bytes):107840
    Entropy (8bit):6.462281271111681
    Encrypted:false
    SSDEEP:1536:bBsVJ7OLx8RSegS1tMSujXgsZG4zkW2Vt5WFVpET5hiMmBsOJaHel+:byVJ7OLx8CS1aSujQkuWoWGro5JaHV
    MD5:F13AA0557434E2FBA091B144D721B384
    SHA1:F36B6F9C70A2D7222F7AF50999611C31A4D6D39E
    SHA-256:FB5C0D273B4E2E835819BCAFF5E1C3F2986E4D4173178F98903249A43B18E9B9
    SHA-512:7FD213840C5D6A2482FF029C426A536230D8CCC3D60848E8B4660ED608891C585C9439AD29519389B34AA326847ADE6D537A16FBBFE7B0F68A78AE04D8746C1D
    Malicious:false
    Preview:AC1021.....2. ....i....i.....................z...~..............................................................................%..[..7.o.@.~X.........P..n.../.rt..R.d......A..w Y..=..y.@$Bw.$.Z.......r.....h......`....... wI..`.....v..1px.`.~.......o.@.wX.........Pg.np..k/.et..R....Y...A..w `.......@)Bw.$.........r...h.h......`....i..hwIQ.`..9.v..1.x. .~......qo...w.........SPg.np..k..eJ..y....Yf...... `.......@).w....5.....Vr...h.h....K....;.i$.h\IQ.`.Q.9.v.-1... S~......q....w.........S.g.lp.uk..eJ.yb...Yf......O`....6..)....y.5.....V...0h.8....K..4.;.i$.h\.Q...Q.9...-..D S"..i..q...........%|S[R.7....~.J..y...Kf.+.....,.r}....d...h.._5.v.YKV=..y..$....KZ....;..$..\.c..QQ....9-.Z..SS ...Y..,.......p0.` %..[..7.3.@.~X...'..4.....X.../drt..R{d.d....A%.w.Y..=..y.z$B..$FZ....... ........@..-.`j.....K w......T......pxP`....e.....0.4.......\q...H....>..p.QX..t.\f.......lu..b...O.6..y...08.4......D"i.....|R.....K+.,}..h_vK.......cQ.9ZS.Y,..0 ..3..'4.X.d.{d.%..z.F.. ..@-
    Process:C:\Windows\System32\msiexec.exe
    File Type:DWG AutoDesk AutoCAD 2007/2008/2009
    Category:dropped
    Size (bytes):374848
    Entropy (8bit):7.4385087881090515
    Encrypted:false
    SSDEEP:6144:kL7/a7V3ACJZQxLOiqJYO8jAfQ1rKPFZb/0guWaeYl/GmGik6LdzwLNU3Rlh3Rle:I7C7dA4ZQxLYFOrKtZT0pe2/Gmrk4wWk
    MD5:8F10FDBB284A38B2980DA37437B1AFAE
    SHA1:8BACC4980A3A54E03EB4AE6BF1BA39D516AB0749
    SHA-256:0221FEF76B81C4EAFA112534939FC66DB6C05B56976F8757B6248A464707318A
    SHA-512:91540BF1FEF2F14D6A40B93BEA9AA990F7FD0B2493AFD9E6132D2C677E45C7A70A44B7722007B102BDE98A3DC005C7B194D72008E2930B6FDEA8A3587986370C
    Malicious:false
    Preview:AC1021.....2. ...!....!......................... ......................................................................................o.@..X.}..O..=.....Wph.N...b...|.t..Kc.pw.s....@G.wWf..@.....O.%...........O..o".... . w`........w...px~`.........o.@..X....g.....M..ph.N.a..>..y|....pc..w....w.@..w.f.w@......O.%.h.........O..o"...` ..w`......Q.w... x~......u..Mo.......q.g.....M...h...ah.>g.y.....p........w`@..w...w...c...O.M.h7...........T"..`....`....8.QBw... U~.C..V.u..Mo.....s.q.g...lM.......&ah.>g.y....p........w`*.....yw.}.c....M3h7...........T`..`........8|QB... U8.C..V.u..Mo.....sCq....z....=.....*h}.gO..=A....W.....`b.....t..K.cp8.s.M..7G..W7..$..$T.m.....s.."..y8..B.....U.PC .V.+..yo.x...sp@.`...}..Q...@..X3}..O..=....~Wp..Nf..b..|.t.UKc.pw.s....kG..Wf!.@X..&.%...".......OH.oG..+. . w...H.........px.`..xVGk_,...hVd/......*...6.sUV............gX.%.g..l..&.....*.y}..3...`...|..8...C.z.=.*..A......8...7$$m.s"y...P.+yx.@.}Q..3...~.f...U...k.!X.&."..H
    Process:C:\Windows\System32\msiexec.exe
    File Type:Microsoft Excel 2007+
    Category:dropped
    Size (bytes):186274
    Entropy (8bit):7.912773709025176
    Encrypted:false
    SSDEEP:3072:V4cQrVvP7JA7KcLWyaYlwvQXL5BUSVViGUZr8AyY2FMhHdwDmG2aRlnEZWnQrji5:V4cQrVvP7y7KcqJXG3USnMZr8A7ZdwDr
    MD5:4DA2B18C8B7FE2E973F2C66E7DA99D83
    SHA1:AD6BC15751AF36A6E81BD4782CA9DE40062D9367
    SHA-256:73B4C6921B496ACE392BCAD5D55E0B6CC65345C08AE782893FE6F78DFD10EFB2
    SHA-512:415F3D90C1F7270B06A707E8F9F038F7482AC40DD4FAD4B89010A541D30DDBF0D6188A1349D2A73E7F7B478E1D00CF6F8221F0345E205EA9ABC2DF77BB59D8A3
    Malicious:false
    Preview:PK..........!.,zD......$......[Content_Types].xml ...(...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZMs.0..w....cd.M.N.....i;....B..Ab$.q.}..... 3..f..[...].}u.O....q.t<w..(#<.......m~...,.1gt.R..\..w...R9..\:....I.....O)...H......l..E.bq..g.25W.....v@D!...B....A...p...J.D...W.uf....K..i.....h.........!'..te*(.scI.V.?dv.~(.+...h.r3.@.^c*GC5w{0j@..~.G/Q..b...!..Q".%x*Q...v".tOh.f..<N..*TD...:..Z.G.......WT0....V...m...N....>........Zo.A.v...m....I...n.5..P..U..)G..f...z.II...!g=..]<...T.x.$......?.jv.5...J.X.N.Y..E.r..h.M.Vl8.._q..F...$......V.W]..$c.:.Abm.
    Process:C:\Windows\System32\msiexec.exe
    File Type:Microsoft Excel 2007+
    Category:dropped
    Size (bytes):178321
    Entropy (8bit):7.9435354908070925
    Encrypted:false
    SSDEEP:3072:fQ4J1Mbj2SYCOVa7nmgqEgtHALR5IOmYXwgPf1j2M6Ng8Di4vZGjHH:fQ4TMbC1/0Jc0R5INm1jL6W8Dbv8jHH
    MD5:451844F232FF86C9D7D79CAE6223E4FE
    SHA1:CD66B8F233083C37B274EA81A703827DB90548BC
    SHA-256:8079ABD7F179DD3D61BD675377C96F1540680163362F5BDA6EF6975BD7D12788
    SHA-512:7A6936903412CD962CFF5D277C4551E5F1BE6D858A66D15E0F5D78CF5D867A0CCF933F1D9F7F94EC6959AA8E963CB5E6D119927FDAC4119B0DE998B6034C630D
    Malicious:false
    Preview:PK..........!..K.l....[.......[Content_Types].xml ...(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................X.n.0.}.....:..n...C.=M[.v.`...p..v)..nBH...-.....9..>...vS.h.J.RL.d.G .Ls.........H.*R..i.....>~.<oK....z.g.7.h.AAu"K...B...|UKRR..K ....aR..fd...lr....M....wL...]..j...9.....H{ #.X..R.^....R.Mu.`...*GD.....tLf..8h...=Re~.....W.Vu/M.......I..S...<.f.H.y.M.....f.A{Cu...@N.}..B./W.$.@...M..q..o.......~'..*...?s...~.]!;..Hv.......X..I....V.jP........._g...D._C.p..........Q..L.v.B7..u.l..*..4.kL=.../.,/..@...aC..t...d.a.'..'.eJ>.:..K...mu......F
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):3228672
    Entropy (8bit):7.489050146966744
    Encrypted:false
    SSDEEP:49152:pgotIx7hQDx6wgZoLSyxyxAl/9DK9Mz+mDDcv/snXl4+Egvh9HPB3:p7oc6wgHRMz7cv0XlLjv7vB
    MD5:0F84DC23892CB615BB68B7B0DDE440BF
    SHA1:FAE09C00354BDC941D081C043BAC67D83DAAA69D
    SHA-256:8EB39ACAD1682B5F726A972CA152F773ECFC2E364F0A9DADA4EDE90BD7E64129
    SHA-512:891D3BEB08F21B7A88CE2E97F2B944A1C096903D8357BA831451081591E9742FB51FEF16A105D25483CB68CA062275F0460E386C36D9BD55C347F6FABD866A61
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 8%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^D_...........!.........P#.......1..@#.. ....@.. ........................1...........@.................................TH#.W....@1.(,....................1.......................................................1..............@#.H............#n9|Vj2..#.. ... #.................@....text........@#......$#............. ..`.rsrc...(,...@1.......1.............@..@.reloc........1......@1.............@..B..............1......B1............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):269344
    Entropy (8bit):6.110163182049515
    Encrypted:false
    SSDEEP:3072:9TJE5gj3ZGlg/riRFyE36k48hoUeVeeIWb0BZmem73C5P9HdYbFwFmL4207HbA6D:9TZZDir3B4YW8Zmem73C51SNNW
    MD5:CD5ACC88E72E848430B8FE12B977B07D
    SHA1:7C63E7C1645081EEDE0D7E9895483CC91B9BCD22
    SHA-256:8DDB71776B12FC6011E8AF0E1DF4FB4B72414B05D4D11CB0B17FAE71A356405E
    SHA-512:6A499FC328129808538CB46665CF8773FB38098CDA599D376AE17AF5DCFBAE6DB4427C37B18BEC4A1376AC4DF05E46D5924D1E8D1BB5EE24A9F0B20F117FD72F
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Joe Sandbox View:
    • Filename: , Detection: malicious, Browse
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P...........!..................... ........... .......................`............@.................................\...O.... .................. >...@....................................................... ............... ..H............text........ ...................... ..`.sdata..8...........................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):1.5693760594743644
    Encrypted:false
    SSDEEP:48:6y7CEMjY2c6aPeOqpc6duJWKTVjNbrQg+U+qoxGNQhuB6F6lY3cmafF:/CEMjY2cJPeONpjJcg3mGSMG62u
    MD5:7AC69B123368E96429A3B9C7ADA07F6E
    SHA1:25F7980CECAC8EAE9FA09DEBC39F6D9A6970EDCC
    SHA-256:7E3823B20977BB432EE531FE25FA33ADA91FEBDFD794C60128CF4BF83E6DC657
    SHA-512:164DD8526DDB2976924E708B2424003F2D3C86DB75E54754F967EB6A3D1844D877E8C79F7890BD3D726DA09037FFB838006D96422B9A3CFD1E3BE757A1BE2E49
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.rJ...........!......... .......*... ...@....@.. ......................................................................|*..O....@..P....................`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):167424
    Entropy (8bit):5.071222173238684
    Encrypted:false
    SSDEEP:3072:d/Abish/r9+URSEXjxvtr7inRpZeNDPUyViy4NzZ+Dg9WEdzfCYyJXfq80WahcqJ:hQxvtr7S4vx7aTP
    MD5:A5B3435B18EC99D69272802B273B0C26
    SHA1:CEC85E43699F3051DB09E441A15EF3D7BCF7940D
    SHA-256:897E1F3E069798D3E33EC1538970EB87CF02140D35852DA0F75503C0042CDFD0
    SHA-512:11EAC0A381ACDFA486E215E2B3363DDEE3A6D6B56AD0D40E80422AE83030751B1F3EC6892F8E82DC9A4F614F3534129149C1E3166BCCAA021DB2354980B9BA9A
    Malicious:false
    Preview:......................>.......................................................}...............................................................................................................................................................................................................................................................................................................................................................................................................................................t.k._.s.a.n.........................................................................................................4..........X.u.l.y._.t.h.e.p..............................................................................................................._.V.B.A._.P.R.O.J.E.C.T.................................................................................................%&......d.i.r...................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):1644
    Entropy (8bit):1.6533711576464762
    Encrypted:false
    SSDEEP:12:t/Vkyp0vNT4gF3ICD4lZa9eWd8lvnLZtm/5snhbsLwk5Ljz0:t/mg0BeCD4G9yvn7+ibsLPLk
    MD5:414BC9C6FEFF70438BE06320BA04C240
    SHA1:BD53C82723AD2761446F13BA5D33E7EA65A1CA0A
    SHA-256:04E20A0E1269D862485E3D56C830E02D37DFE55DDA1DBA2A16CA3C89F0069DC3
    SHA-512:2CD0E99383C851F1A87C2A8AE71BFC6470CEA866ECC48574AB7BF8BC7CBAD51D2FE5FA4E03323CB07C8DAFA9FC12DB57170AC350080540F607419D13F1480F21
    Malicious:false
    Preview:..........&........Is......+......................................&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):1646
    Entropy (8bit):1.7101990882043936
    Encrypted:false
    SSDEEP:12:t/+Myp05fNoGVuqq5Bpi6O2POL/5snhbXJpzQZlaSQCVtPAF:t/+Mg05yuib56ZISVa
    MD5:88EE51637FC84FB073377EC1AF0FFF97
    SHA1:4756E537876DB71517681512D75E5392B3B71820
    SHA-256:FFED671E91150AE1280A54A5B585373C391491A3269216B12E5115A7476F3214
    SHA-512:BE41A453BC9C814B943792CF15570185E67FCE0D6DBE9492C974AF1B908429D5CA5CF7C298FA81D62E378342588F3ABBABCF508946A107E40BF8474713299B5C
    Malicious:false
    Preview:..........+>........|......,...................................>..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2398
    Entropy (8bit):2.72225583507113
    Encrypted:false
    SSDEEP:24:t/W5g09ulzFSF9rkHV+kSUP3Mibi3oj+X/UkvjgTKZIeKZc2:1WWaZk10UMMj+njpZBKZc2
    MD5:87C0C5A899FC0D6510DF86BF3ECDE3C7
    SHA1:EDEDB579CDC44D8F214ED2F7387D4E5B3FD604D3
    SHA-256:33D60DC384040EA77ACA3C343660EE54BD3DA7993E6AA99297FF9AC78FB7F8FB
    SHA-512:0858FB08BEF63764F140D705E7E10559DC041A122361A9AB49487D0A91A6CF23319B23261CC67F18B0F601F6567F2F5BB790CCA3A87C5B3738ADB7AF3DECE4BC
    Malicious:false
    Preview:..........+?.......E|..........................................?..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2462
    Entropy (8bit):2.893320081591018
    Encrypted:false
    SSDEEP:24:t/DCg0mYIcYGOmZTmEFuulib29Wfjlx/6QjVQPZIr5LES:1D2IcY3XE0ulojl1jVMZiQS
    MD5:C5D80693C78590750C817CDF7FB2DC81
    SHA1:0FA84DA78E6FC96D148B9020FF29E99028F7186B
    SHA-256:9606ED17A139B127E268C176C288D03FA9CCAC4DBC3447247DABA86C5D5F9BE6
    SHA-512:D6FE112BB15A90220C307DBE2C3CECA805FFACD02F3439C777074FD93391DD548BAFFDE592122A6E8607AA1732225B94A64CE1AB1313FDE4457702BA94DA2709
    Malicious:false
    Preview:..........<].......Gr..........................................]..<....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):1918
    Entropy (8bit):2.004664742018095
    Encrypted:false
    SSDEEP:12:t/+zlMyp0aNoGV+/yXK5BpUx2POL/5snhbXCiR/3nVuI97pvEk/hbfZlaWhAF:t/GlMg0966oibyiR/FjrzZI1
    MD5:39B5CFAA55E6AD32EC7428F2EFA67D96
    SHA1:D54E42ED66DCB222B68B2BDDF6336039497AFBC4
    SHA-256:E1D87F46D523AD4B441EE3FF2D6E52BB7977A67A6A085303CFCF48C36A52CC78
    SHA-512:1703CB03A2B4B98AF015FAAC63E2F85C6BB6F88129BC38D141C45DC3D2A1A360A6BF482A0D19F4D65FB43914BCE0BADAAC3B0F9B5A742FA88D0B9750DBF22065
    Malicious:false
    Preview:..........+=........|..........................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2190
    Entropy (8bit):2.216843166980464
    Encrypted:false
    SSDEEP:12:t//e5yp051kNoGV+/yd5BpC2POL/5snhbX1anVu097pvZn6k/h/nV+/DL97pvSrw:t//e5g051nkWiblaJjZt/U7LjAMsZIJ
    MD5:71A5C8BD94DBAD1F55616ED972E23096
    SHA1:16CB189051203ED516A5020F53C3FAE5026C6EF2
    SHA-256:B995285FFB680696B9C9215A8A615A3E099896E8747BBCB4785202BFE9BBADE4
    SHA-512:636F6326D81C9A2BDB881AE5A16102DB19FA4E44DF63F53D69B08FBD2F20859D4D3DC7040A4A431C7003E97348BFF03DA99410736A42D2AC2DEFCAECD9A11573
    Malicious:false
    Preview:..........+>........|......<...................................>..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2194
    Entropy (8bit):2.2242615937727854
    Encrypted:false
    SSDEEP:12:t/syp05fNoGVu95Bp4b2POL/5snhbXKnVuIJ97pviAk/h/nV+/w397pvHbk/hGCL:t/sg05G6ZibaljiX/UojHMGPttZISVa
    MD5:0098D4D163786A799F9ABAD4C54F0D7C
    SHA1:CA031BFFAA474B4009DA1073A96EECAA9E0697DE
    SHA-256:F2E3B51BAA797B88EBE7271F6D4213039CAF0BB812AF7D3640C6E16AA11F8046
    SHA-512:DF49D86D3D82482667BA204ABE07C5ED975FD5CBE5A473BA74C8DC53BA9AC149CCA0C52E6413D83CCD6569939365F1554B20EC47B95A4D649FB590AF2E73077B
    Malicious:false
    Preview:..........+>........|......>...................................>..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2288
    Entropy (8bit):2.228569830094989
    Encrypted:false
    SSDEEP:24:t/5g0TkJ+kibvWGSj8/KHnjiQwXFggIIPiDn:1BkfNjjjiBVlfPc
    MD5:394FBCB0E645E35AD5BE90AEBE6F4CDE
    SHA1:386A5E04760C4F6D1F6583A9130973B01F9A5ED7
    SHA-256:D5068D00BD9AE890ACC8004EC0AEBA79653B03BD062CDC774897C1A5958EC493
    SHA-512:443DBD1B2F073E756F4810EFCF91E3291825B1DB7114004FE3A635E0EFF2ED268FD742EBAA5524A7E34457A1CAE919BBE25D2D06DD1D5692FC461A8F3829E013
    Malicious:false
    Preview:..........#........vv......m......................................#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2198
    Entropy (8bit):2.2362741531509003
    Encrypted:false
    SSDEEP:12:t/+pXyp0aNoGVu2AAu5Bp/2POL/5snhbXJWAinVu7ZAu97pvM6k/h/nVuhGu97pz:t/Gg0jLibUuRjMt/sjBuZI1
    MD5:2710740D8F04966452A25A3F34D28116
    SHA1:F4B6F7D1C08D1FDA0CFD2A76ADD9457F3FD042AB
    SHA-256:308E909D100B02D6FDB479CC3F1F252C165D0EDD9536A8C5C2ED7FEBA3869FDF
    SHA-512:7C9920A82F147932CB1468295AC51FBBD0B359390737CCB2BD18FFD6459B0C69EBCE196F4C763588587595EE803A3C8A3381D0DE5401BAF69F29A512957B3A21
    Malicious:false
    Preview:..........+=........|......@...................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):1918
    Entropy (8bit):2.0094463011048327
    Encrypted:false
    SSDEEP:12:t/+zlMyp0aNoGVuz5Bpu2POL/5snhbXMnViG97pvEzk/h61Zla2eA2:t/GlMg0RGibczjneZI5
    MD5:EB5FBD95424131179A7C0397E2783175
    SHA1:82880B80BAD25C90FB9068E6FDC19CE94E6C01F7
    SHA-256:00EAA05A07E38A81D1B035FC804D6EEEABACC3DAA595A333E46981A52A875300
    SHA-512:216245C89B8E488ADB995544CB5988DF7298E430AEC38BD7278CC4AC1AA38FBC67F26BC0A31C7B7BA581830DF6E10465AAF86BE9DCF2F939577BC486462F5E0F
    Malicious:false
    Preview:..........+=........|..........................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):1918
    Entropy (8bit):1.9316973713272798
    Encrypted:false
    SSDEEP:12:t/J/helMyp0jNoGPw5BpYvg2POL/5snhb+nxqw997pvStb9k/hbDvZlaD0idl8xA:t/+lMg0yK+ib+YqjEebjZIB8xRy
    MD5:8CD9BA5352B31A94A128D23615B310AD
    SHA1:4C3EDAE8E7D46E9E7BD4B02ADBA4FC90D81747A5
    SHA-256:BA2C6B8A3CEFEF20A34C91997519C3FCBA7A7341F697DEBAADD3728ADF5887FE
    SHA-512:4D3B33E769F4C02CADF82EBD1F5F3DBA646A5E18001ADCA84A9F5AA5A72BFD91402BE3ADB5AD89B21BB0F2BC30E6AD390B0BCFA28C8212F50EF50CDB3F91A01A
    Malicious:false
    Preview:...........N........L..........................................N.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2190
    Entropy (8bit):2.212434794742301
    Encrypted:false
    SSDEEP:12:t/+75yp0aNoGViMp5Bp+2POL/5snhbX8nVuMt0I/397pvIlok/h/nV+/M0Q97pvX:t/O5g0GpCibs3tpfjIt/UkxjmC8ZI1
    MD5:E112CDB3B6908C002D13D1415D0F3C4C
    SHA1:71F40C5B384E776E726D74F99B418E369B958E6A
    SHA-256:7FF4156BDE42F4A13C10538A77EB930251C82C0053CAAE83BEDB431F31D6C456
    SHA-512:1833CA5FF0A9242155D52F46A60348323B463F6631CA240EB83E9BADFDA92A19674B9E03C1431EFD0237EF232F7FDAE66BFB9E8D8885ECE9AD4DE84A126E8C96
    Malicious:false
    Preview:..........+=........|......<...................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2190
    Entropy (8bit):2.2037091663238835
    Encrypted:false
    SSDEEP:24:t/KIW5g0nxcZgcibLH/iW1jmd/iwBtjVydyZIGRD+:1KIiM3EjMjjbZHRD+
    MD5:0866FC5694C2F50478B114A8B21C15DC
    SHA1:44240C5492E42086D1B8F6B4D209A5ADA0B8D878
    SHA-256:5F115781F54C1F276A98454BCB2633E12D7B39CDA46FEB6694BC8A1741AE4FA5
    SHA-512:997DDA4D8E84042A470505329860F3D18A1635A78FACFDC0AA96C4970BFCCE0AC1267C30FCAA0061CAAEAF8DAD7577F837F4CE114955CDB71A6ADAE4F2CAC337
    Malicious:false
    Preview:.......... ........zp......<...................................... ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2318
    Entropy (8bit):2.523444967831841
    Encrypted:false
    SSDEEP:24:t/Cg09ueU4hDMuiIZ0ibmNAjC/UpjfSjZIjzKmbj:1GUYDM0Z0VOj5jWZIzKmbj
    MD5:9F9FF1EA00ECBCD4B39B572785B12410
    SHA1:71B3E8240F20D65A71D5C462C8E7C75602ABEDF2
    SHA-256:D678B6FCAA7B7F81E0D35F2047F6F0105C3189B572D10FAD94503F70398145D3
    SHA-512:587E69748CC8434E89C5A645C7E10AC818B9834B78130AB85B6C5B905AE852C7E1AA76DBAC63DAA9724F26EB937A4749AF854A607ADC060CC13E66E08670B120
    Malicious:false
    Preview:..........+?.......E|......|...................................?..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2358
    Entropy (8bit):2.6833035734475796
    Encrypted:false
    SSDEEP:24:t/Wg02m+meaPosYfY/qib2//5r+jB/CYLjDkZIx:1Deos/qd+jvLjQZU
    MD5:1A93A9393CBCD855944BE173C95FDE2F
    SHA1:EA50050C8516D4F57105FC918AE66FC7F3A6BC5B
    SHA-256:2AF8C7E417C6707FE922DCB38DFFFF2A8342BBF10E9262C7AFFDFE05478B6F96
    SHA-512:1FDDBDA5067896FF91DD65562AC8EE6DDADF15C17E77F9CE507F4CD592FCBDA0EAF6F03D329CDE007F66B2A3D355ACE568EC76104FD5EB24F795DDD89FC93D81
    Malicious:false
    Preview:.........3=........0s............................................3=....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2190
    Entropy (8bit):2.21840682304071
    Encrypted:false
    SSDEEP:12:t/+75yp0aNoGVu9lTN5Bpfb2POL/5snhbXe8nViIN97pv2k/h/nVuDB397pvWBk8:t/O5g0JTNnibnbNj5/AjWW7ZI5
    MD5:922BDFCF6E6E2BA29335810B79FEC581
    SHA1:74DE51D4BE318EDA7AD341AD306AA14F412A964C
    SHA-256:E78C46FCDB37B2A434794205379530EB547C08E711E1C8711D55C6AECE48BCD6
    SHA-512:7FB880B0E1C9329E5533BEA0E81A8ADC865E720430C40FADC6A50F14718E2BF1F0B7553F349D409874E609B84A36CB7D8FF74F769B9CD5EF34133F97D8FF4D7D
    Malicious:false
    Preview:..........+=........|......<...................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2462
    Entropy (8bit):2.3770023368898934
    Encrypted:false
    SSDEEP:24:t/ag05629KZibsc3Wrjx/KjZ/U9jpG7ZISVa:1Mr9KZVJrjYjajY7Zha
    MD5:54DED5A22219637764ABEBB80D7E84E5
    SHA1:5DEDEC42651FBE3E58539E4C2D228DB1BB1D76B2
    SHA-256:275F56D845153ED7A46CC200734CEDAAB14AB96CAAC3DF050435D219B25C4662
    SHA-512:06D93653675CBB22DF247445D902E5D664E8409D004278CE9AA0DFF5478B68FCC74898DEC10335EB41A275796E9A76D7394D01AC8F6EC87620306B1622F88C7F
    Malicious:false
    Preview:..........+>........|..........................................>..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2462
    Entropy (8bit):2.3727081651227118
    Encrypted:false
    SSDEEP:24:t/6g0NwLibv6jnM/Tjl/ULnQZjcGOtpFZI5:1EwL/jnIjNZjVuFZs
    MD5:BC8D5227F3D403DBFCB86FD3BB7EA471
    SHA1:4D874EBE5DDADDC795B15A5F60566479642A6626
    SHA-256:39AD923262C4C400611BE0F663E5B2C8909E5830DB5C2C67FBD6E0C7B75740E1
    SHA-512:24C12BD8320056F17E57ED14C8CEA29D65439919CF56511E3D7F292553B8828D7CD0246D0128A98B180F7E7965B51E86C37803B0E179BF5023C5A3219B070848
    Malicious:false
    Preview:..........+=........|..........................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2462
    Entropy (8bit):2.352262142704711
    Encrypted:false
    SSDEEP:24:t/KIig0nkjhcibDi8dj2d/iKvjld/iwBvjA9ydGsZIGRD+:1KIzjS2djGvj1BjAXsZHRD+
    MD5:C433973E841331BFE6AD87ABD0519086
    SHA1:4BC3374AC92DE63A58B09A9D51A740952237E498
    SHA-256:90095F50F44426C86E21BC7B0FD0EC11FFC9D6914C6181F22CEDE6345A29ED20
    SHA-512:FE5A84FA2AFB59F98473776E2632B314665FE3A3674B1BD27E7EFD31458EEDD98861131BBA5D6BEA578ECE5CAB7E731952F096E98CA4E3933CB86FB691F29F6B
    Malicious:false
    Preview:.......... ........zp............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2738
    Entropy (8bit):2.4829552626619744
    Encrypted:false
    SSDEEP:24:t/Jg09p3Nib45XGZjT/8pjL/IZjBP/zZjifjZI5:1x91GZjApjkZjBDZj2Zs
    MD5:D8D307289488560EFF71AAFCCBAF950B
    SHA1:482C38B4E48A42DA647D69386BFD18DD5BBB9734
    SHA-256:65CA6D9170953196B54A8139CEBCF21A7660AF8264DE0962C3E4A9837576AE33
    SHA-512:0F89209AFC6F483D3EB35234A0727679EAEEC02A82AAD7A319BD6BB02ED2E5FF702ED034FD219F0A7B937C72B24F4D836730377964B146026C74944146FB9628
    Malicious:false
    Preview:..........+=........|......N...................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2738
    Entropy (8bit):2.4873372068010715
    Encrypted:false
    SSDEEP:24:t/KIBg0nwBsAuSycibADiiZhcujKd/ifAujwd/iWujJd/iZAujkdeh3D6TrZIGt6:1KI2uRSBxNj/Rj9jYRjBhz6TrZHtDO
    MD5:B9DB29B532E9AE3B8717B3809F724C48
    SHA1:6F7ADD5F3D60E8A6C0EE0653AA48A2308A13FA52
    SHA-256:7203FEAE9E816F15BCF53648E06739595C0053F72E3EF910045D109960449ACD
    SHA-512:68ECF4947FC7E49E1CEB2DF930DEDA19B6F8A6C7F3C6E34703E1798D06A6652E0C0E2718E866E8E824312CAAD36F5AFE1E87D1CDD76C87742C33704EA3A345C1
    Malicious:false
    Preview:.......... ........zp......N...................................... ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2462
    Entropy (8bit):2.398012482818085
    Encrypted:false
    SSDEEP:12:t/+IgXyp0aNoGV+/MZ5BpW2POL/5snhbXinVS5dI97pvKik/h/nVO597pvuCk/hb:t/6g09i6ibycMjKV/4ju1/UojuGGZI1
    MD5:FA696AEB2AE4E193B1359DE262879048
    SHA1:D5C8FF9BFE791159D0197D1F91907946BA152CD1
    SHA-256:DCBBF7F1CAF58578BBB8838E76CF37EC2FE2050E6A6CE38E6E2B4508E3536AD1
    SHA-512:D9697EB1BB43A620D004602460ABC3F888D06D55858F7EF75EB8FCB1E1D57B065AF2C4D688807CD390F0B57C57FBFC00CD18DF0451801769B9A16F280ACFDD9B
    Malicious:false
    Preview:..........+=........|..........................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2190
    Entropy (8bit):2.2221432547652764
    Encrypted:false
    SSDEEP:12:t/+75yp0aNoGVeO35BpUi2POL/5snhbXTnVuTL97pvek/h/nVW3lm97pvoOk/hBK:t/O5g0c3eUibDujh/hjcBXZI1
    MD5:509CAB96753697439D72AE26712BF3EE
    SHA1:FD5593BDFBD2061CA96C6231CB1C58DE03D69381
    SHA-256:10986BF9D11243833798C9D3F3F0FC64F53D6DAAF2B2ACFF6A1CC367D4FE2F80
    SHA-512:B1A12F77978662A5DADC20F58D1D44050AD0963045C5511B63908A65EB1C1D8DE844BA77B7D54267FE2B90B0BA4D95DDF7E171CD293C2AE9FE008AEBA0C61E8F
    Malicious:false
    Preview:..........+=........|......<...................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2190
    Entropy (8bit):2.14506166612833
    Encrypted:false
    SSDEEP:24:t/q5g06l1ibDNvqj8lTV1/dvsbITO0HyHU:1r1ACjsV9dv247H6U
    MD5:9F8376C00B580883A1DC199C91D85CCD
    SHA1:42AD9C73FA7C94C361703EDF517CA10DFBCFBC62
    SHA-256:60D05ED76A7BFF4DB8E6239B554D3C723F18DCB67A7D3383090DBE7BD99A5365
    SHA-512:F4B80241FB2F7301C118721EA860E2006671FF3DC73EF6027186FD89295564BD9654B4D8334F9533429F5E7A0252447D7134BA77669BB64E14BE357B8FB231DC
    Malicious:false
    Preview:.........2...`......E......<.....................................2.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4354
    Entropy (8bit):3.980058098660649
    Encrypted:false
    SSDEEP:48:1vvsEWUVAFi1z6yvkGC4fZUC+DYTA7Z3HZjm4ZjHNj4jwjCXDj6V1Pi:VE2Akz/kGC4xUmW3HPmn6y
    MD5:AA10AF6B4E42E4A27271EC3639E0406D
    SHA1:8D9A96539C0B92EE5CA36F1E63D918BCEE229C37
    SHA-256:4AF6C13EE80D7F4472B9A5E0A57F6F4E9CBF8C478EFEED9828DD75FB2731E4DB
    SHA-512:C166E1328970E11A474F12ACF0D06040C0CA2ACF92DA580F24F8B9E08DEBDDEF2806735D06E06941A1398A8A10123C31A236226E33724821158BE7B7ABD132A7
    Malicious:false
    Preview:..........+A........|......v...................................A..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3812
    Entropy (8bit):4.123408468761444
    Encrypted:false
    SSDEEP:48:1nUUuf4balpiRMV3gXa2260vheKsTjcbD8l1VnrBmva:Fz+lp8MBxvhVsTob4jVrn
    MD5:8BB52E0DD069CDFBBC4CC67F04FF667F
    SHA1:15FAE6F91DF198D43995BE95600F95B3B356FD9C
    SHA-256:B9A963313D7F0BE27B58E767EA726EF33A744514949CC1AFD386A4E7BCD7F112
    SHA-512:C04C89BDADA77CC6A4D0E031CBCFBB4B2FB67CF2E084F946E86D3F1B1C0478909021EA86E91CD33A8ABBA153F44B8AEABFDB721C32FB0C96D925F03FC7A1F92E
    Malicious:false
    Preview:..........+=........|......g...................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2190
    Entropy (8bit):2.2061923897867706
    Encrypted:false
    SSDEEP:24:t/65g05PZAib5+NWjq/UwNjA5eZIbyf2f:1gxAE+ojUjSeZh2f
    MD5:4F063B6DD456FEA861B2E5C38B5189A9
    SHA1:959E9B70DBCE309CDC68853EE33D428F86839F31
    SHA-256:EF3C47400CCFFD888F5A1ADBEC14AF6703E375D27E7D420EB3A80287F5B7F4D9
    SHA-512:5CBFCA11F7C8D9DD4C8565F5CBF40435F9DE301AFD0153BE207707C8807D3AA9541D7DC4DD24FD1C310C2ACC2B8AD5CB214C8BA1A58934CE22D3C51F0D00FBF5
    Malicious:false
    Preview:.........:+>........|......<...................................>.:+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2190
    Entropy (8bit):2.14497226774795
    Encrypted:false
    SSDEEP:24:t/YaI5g0VgkibGz7jdiup/ejUOYnZIjz6fqb:1Rkn7jUjCnZIgO
    MD5:DD67CA35A966982EAF757E5EFEB7E103
    SHA1:F1E8E138AC06C082365A2234CCF5D765A524D392
    SHA-256:05BE52DDBB30CFE24BD388B65CC72198C989FD9DE226B4B17E21D48475402F5B
    SHA-512:8174C0EE992428D1CC0E83B5C0140833A5D5437DEF309F24FE50CD7FC20E8E4E107904ACB0C47F6B790C45C8FF182661C29D24EBF7A040585E498E601B82E04F
    Malicious:false
    Preview:..........".........w......<......................................"....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2466
    Entropy (8bit):2.903363721682714
    Encrypted:false
    SSDEEP:24:t/Ng05OXFOhAyjyy6Fo5ZsXklTtncibOU9EKADKvUijQIf9xVi:1nOVOVyo5SqTqvDKsicYti
    MD5:8074C0D8E5A9544389CC23A060E559C1
    SHA1:F50CEDD4179271733ABB404BB8A10E2E6EDF56F2
    SHA-256:476ECA4EACE7B7090C6ECF023770E8EC629C9589F0508CD7D6B9D743CC0BB446
    SHA-512:FD4D3C865DC30041D9E1DF8C14371186C43FB7F6B87DF63CE24C0DF0C9A1EEC7E05A9C08AFB21CD674D2ADFC42C23A430D8E4ACD703010FFF003FF3DC02C66A0
    Malicious:false
    Preview:..........+>........|..........................................>..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2462
    Entropy (8bit):2.365298816694189
    Encrypted:false
    SSDEEP:24:t/6g0iwNXibZp4jm/Ukijq/pqRjnGFZIx:1yNXRjBjrRjGFZE
    MD5:01584214EA7EFF1C47C28D90C7B38721
    SHA1:2661923BE734DA7E1B9CE7507244DAF7835959D5
    SHA-256:6BF16D7D087C0B99A1E449DAE614534CADDD61D2BBBA3F77499C63FE9BAAD955
    SHA-512:5D36C74C44574645D42273F66874C83CFB16061441625197AC3DBD245729E6CBFD9A1FFE4BA4EDD98A1D83BF45DEA442FC320FDEA5CCB0201B591C90CD78197A
    Malicious:false
    Preview:..........+=........|..........................................=..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.487973255676793
    Encrypted:false
    SSDEEP:24:t/2Cg05dxC1/e5ibh/xb6sP/inUasP/RSasP/RFSgs7auYtt:12kC9e58xWEraEkaEbRNuYv
    MD5:3DC359BB81FA674A61DDEF7C66DD57DE
    SHA1:6732AFAA8709567311C16827DA26373C09DB43EE
    SHA-256:7F5E3FA1C2F4D1E63CE7837ADF654DFE2CA485C22ACA3931288AAFCEE8877457
    SHA-512:32C833E97E163D876128F3A0B28C759DC5F239B391DA56126080FEE8CB17AC534D6E8377FC3248A944C3FDCAD275329199044467EF5AD7B7A7AFBEB316FDD2B6
    Malicious:false
    Preview:..........+>........|......L...................................>..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2286
    Entropy (8bit):2.4744047686116994
    Encrypted:false
    SSDEEP:24:t/Sg056GiQ4wB/Zibky5Xdja/PSjDGXJojZIx7:1UUw7tYdjgSjCXJIZE
    MD5:38D638C4BF5E018629EFDC41410B59F1
    SHA1:BB72A43E8186D958908B4F46DCF868A8D7DC7493
    SHA-256:0D9AA99048EAF582E3C843FC1D6E5CDC410A539EEAB1AC471C99372BC408DC9C
    SHA-512:B6EDF97F33D4B17BA75F5F1D2ECB125E27F8F5FCE4C76B7B8CA595A997CE5015D495AD496F143BE9D7B76CF1156EEE672D6D5DB47572C29FB325430C5E713702
    Malicious:false
    Preview:..........+>........|......l...................................>..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2870
    Entropy (8bit):2.7463840631797263
    Encrypted:false
    SSDEEP:24:t/jg03uM4qG6yZibrljGM/NjeP/2zjp/UejX8ZIiIV:1WMFU8jG+jdzjxjMZsV
    MD5:835AA783F4334D95532A252F47AFC1A6
    SHA1:5547E16CC2F4559119EB21925BF9C0B82921BF3E
    SHA-256:4C0ABD24ACB1F92D3DF9D489D9FDD8355E68285966883F4CCDE5AC6AEA243326
    SHA-512:39D4ED346A7FC582968995A9FB5669CE85C7D96FAC6B8D42DA0F1866B99DE41BF5FDF8A42DB259B904D8AEEF9C5BB6BC1C5FB0477FE9D3FB65161AD21FDE4EF1
    Malicious:false
    Preview:..........,B.......[{..........................................B..,....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2938
    Entropy (8bit):2.7389925899003003
    Encrypted:false
    SSDEEP:24:t/lg0LQV4lj+ibU/bgm3A/1JJr3A/b+j3A/IQvoB3qHeWDQmv7SH1MxN1I:124lj+tsmQ5rQKjQboBUejKSHD
    MD5:A31C4870B714180DD571A9D3F79AD28A
    SHA1:E7867E24798B97C6A5D5465778136C2E450201AE
    SHA-256:08AC9AAD54D631117859DE10C26E356884BC3B588B6E447CAC3E6A7E9A24E38A
    SHA-512:4CA560A3163DDC076C619CABB56F4F0D32209CBCA383519F037B6FF9FA9E3A8A5FC8C3E0B57BC40735BA0D726BA46D765425C7F2CFDDC554E200A638758378C8
    Malicious:false
    Preview:.............`......D..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2254
    Entropy (8bit):2.3808124362545917
    Encrypted:false
    SSDEEP:24:t/yg0iC7A8uimibHiUOujt/uDuj/rzZIb6jDC:1MoZWjjj3ZhjDC
    MD5:0F9D1EBFEFC504400CD637854FAB1262
    SHA1:56514529485DF1DE63BBE39982F76E916DC2846D
    SHA-256:9199F4C6A3DF18EA1F413FA5CBEDB08DC04DEBDF0C9281A06E3B6083980EC71F
    SHA-512:B1175FDC6CD7EC006FB0275D9953553470D79F81060FE0EAB9FEBC4F31E6E52C3E71C98F4786465972D3F78866712459F5C7479807AEC35AFD9689EA48F619B8
    Malicious:false
    Preview:..........+@........|......\...................................@..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2362
    Entropy (8bit):2.3718121035303956
    Encrypted:false
    SSDEEP:24:t/NOg0uCj51O0ijXqEibm7OLj1Q/53jclJZIkTjoh:1Wj51O0iLqETQj1e3jqZn8
    MD5:A872D7478EBCD97E430CDB309C228292
    SHA1:FC4FD87BCECB9BA95555179120380E5EF1102E2C
    SHA-256:2BC9383DCFC0644A2C72E1B33BE389E966C976D78FC5582AC922830151AD3AFD
    SHA-512:1671CAACD9C1292A87684FA1DF3ACF587BD4FE093AEAA7B5C7BB557A7A28410A739A8698105BAF59ACA8D6B403C2B4FD054CD5EF6AE7DBC76919C1A56E90DD90
    Malicious:false
    Preview:.........T!R........u..........................................R.T!....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2654
    Entropy (8bit):2.785512385518148
    Encrypted:false
    SSDEEP:24:t/HelCg05omSTK/pPrdeibCmjUtjb/jcj//UIfjK8rZIuw:1+6oRoPBeXmQjncjRj9ZDw
    MD5:419F19EF67BB5AA96CECAE40B940B71B
    SHA1:BAB2DAACB1B58D0C53C34326E5451EA073068C32
    SHA-256:824764BDB67C88E1B150EB8E103254BE6D0B109A53D54126631F28775DA56E91
    SHA-512:7132B734377D9AD39A17B6454DDBFF5D9563B21B17709031F9815CEB317453924643F4B8F9753A7590FF2582FE7B13B853F7138A058A8EEB368C82C947CD13A3
    Malicious:false
    Preview:.........4+>........|......$...................................>.4+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3442
    Entropy (8bit):3.2610180294022197
    Encrypted:false
    SSDEEP:24:t/+g0/XZ52BSZ52BcCIibWg5UNj9t/3jGu/Sje2/5j8/UPpjfrlZInk/y:1bDyTRrj9pjGfjXjZpjDlZAk/y
    MD5:F0AB91E0C250F0B011FAC99A3AD5BC40
    SHA1:B5FB2BCC0251612BFC8143D7CF3BEBBC7FA725FE
    SHA-256:FB9B8FC1945BDFD2C0457631891F5358A2A080CB9A718571FF19070DD1B3B255
    SHA-512:84C63B88E8846CF46BC61E1435A23811D6274F4431E9FC55D705DE18F1E88BDC4A4AD04F2EE3D616F24A11A7F796FE46B2B6331469BB4EB986889EFD1B4895A4
    Malicious:false
    Preview:........._,B........{..........................................B._,....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2926
    Entropy (8bit):2.8636552080590274
    Encrypted:false
    SSDEEP:24:t/gMGMg09cXaUA5cOB+kliby0Yqj3/6jV0/fjT/UZojBEPZIuCTn:1gMCo57BblUjyjV0jkojBsZ2Tn
    MD5:EB157C012D28EE6F604725BDE5966470
    SHA1:30E0B25AF0897E5DFB1829B2739EA79AC7E3E3CA
    SHA-256:86FB5A8D1AB0CCF0DF0F31DBFC485437DBB17EDF19E7582B1C9A71F45396C673
    SHA-512:6C899C44E75426FCAE8AFA8DCE16CB89D1D0DDF2D97598B32601E513CF63F8D66743B40CAC4C28E81000F03D948A7E60CE744D8A1FEBFE2032717F253163B5B5
    Malicious:false
    Preview:..........+?.......o|..........................................?..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2670
    Entropy (8bit):2.847701708010594
    Encrypted:false
    SSDEEP:24:t/yMg09TdriQfKKg07LvGib1tjkV/Ij4/U8jdXlZIg724y:1xnD77GijkejujRlZf64y
    MD5:EC4AC027CA2D2FA75BC1393683F90F9A
    SHA1:A71D27CEC891E4A510D44445ABA0E86D9F027AA7
    SHA-256:3B622943B7F49B200EF4D8BF97549271950056B226A199A0F24454A47D0730C6
    SHA-512:69A2A857FDD32C7AF9672DC68283237E5B3531E5C2A0D4A6D4848331A5F38EBD1D40F7A2D6F01972CFECA4A8C498A31E96FE09CBE17DB39B8A410C638755BC6E
    Malicious:false
    Preview:.........{+?........|......,...................................?.{+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2894
    Entropy (8bit):2.838813754037001
    Encrypted:false
    SSDEEP:48:1bYj3V8QjoaHwB5ojGxBjKvjbWfjsYZfeW6:Jw/joic554XWx56
    MD5:5604F8E7FD18F70F35696D1CDE047AB7
    SHA1:7ADEA2D2BBF16C777A888406E3BD43E7C4DFA4D6
    SHA-256:2EF8350A6A61B9F3D3A573328D4F8F64748FA5D1E4785C28BF8892FEEB370F29
    SHA-512:E9ED170741C321C83215AD73E7EA3C9ABB380FC4038B1427CD0429E12572D2FDACA975A4AF019A5D14E727157337138F0A62413BE9FADF96F5CAA5274A4C4A9F
    Malicious:false
    Preview:.........[4.........~............................................[4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3218
    Entropy (8bit):2.9346429354603405
    Encrypted:false
    SSDEEP:48:153o8zNBxsVeo3561Am6AE18LE1PxE1b2EE1Pkpcmy:vozeoJMl6fkSFOcz
    MD5:3CF42A998586C0BAB4B404974801BD41
    SHA1:1F111D46CC2BBE2E9BFB9518ADCE5D2454E0EAAE
    SHA-256:CAD812D9EB2C52BF0F6F02BC113111FF470C9C0EBA8F0B852750AC57F3976459
    SHA-512:7FF3B25EB4D542571F1F57B09A5D19459AC5C6DEA813532738301A44F452C2093980BE4295CEDA800A6322B430D749F78CA294C71B7051DB9C964238CD0EAD16
    Malicious:false
    Preview:.........Z4........a~......>.....................................Z4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2910
    Entropy (8bit):2.8582702399156354
    Encrypted:false
    SSDEEP:24:t/+lCg0zYpopsI29N1iboaIwjpA/at+jkZ/aIpj6/aIfZjB+nrZIUk+0:1+3X1cdjXgj1MjDcZj0nrZZh0
    MD5:7A70F5FD1D85A4963BB1A455DDF771C5
    SHA1:DA1D0CD36CD51E9D4244702DFA19B53438DCC7E3
    SHA-256:9DA0344BE3625E3D4E9539CAF7A19F982531B1A473F5A56667602F563ADA955C
    SHA-512:05194FF80C78D0BDDD45BC1934945FDF9228A22F149E90DD9AEF4A4B4E671592279B1AE7E522F2B75DB3FFEF1B0E76267FB359FAE9DE4736F0A1C086B36C8D4F
    Malicious:false
    Preview:.........Z4.........~............................................Z4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2550
    Entropy (8bit):2.528732504830894
    Encrypted:false
    SSDEEP:24:t/KI+g02zYwB/IycibaiwBqjEd/isfjtd/iwBEijWd2ZIGRcP:1KITzndY9kjifjtyijBZHRcP
    MD5:E4434665888EEEB036C644A2403215D6
    SHA1:4B8E6F4463C2518930706059A5E74AACCEBB6E86
    SHA-256:F40DA06F92AE0E6BD5C96816322D9E012080164B1A693534E86FFF3ADAEE4362
    SHA-512:DDEA57A3DEDEBAB3CB5EA48FFF381FA89AC2571C8BA547E58B7B36D38044510141D221F1360192A0963D99587431932EA6AEB10E7594FB5FBC7AA08889821D6B
    Malicious:false
    Preview:.......... ........zp............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2926
    Entropy (8bit):2.862301013145997
    Encrypted:false
    SSDEEP:24:t/KIGMg0P4MoicwBcvO6ciboniwBbfj+yd/iwBEjwyd/ivjwd/i/BjvdWZILUGP:1KIMMPzGg/l5fjlej6j9Bj0ZXGP
    MD5:20AB1C046965105950FA130BB6FE5988
    SHA1:BCE76FE60DE15090EFA19CB84511C891F418825D
    SHA-256:6FEC8AEE58D00F2BA4FED679E69633956122FF9939DC976C59CA26EB857CD7EA
    SHA-512:3479E760DA868DBE96E75FE9C7FEC2AD8B0AEA550A392EE510D42D8AA5ACF9A2ECAE6C99C93F77172F9EE26B87D306EB54E3E40822DF322D5BC0B438EB977C93
    Malicious:false
    Preview:.......... ........zp............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2968
    Entropy (8bit):2.74655838719954
    Encrypted:false
    SSDEEP:24:t/Iyg0QXFPvBmEuqEibX/L4V+S/LwB4+S/XDS/eyMIWebt:1IlVPvAnyExMmuqnIt
    MD5:E7FC1B72E77F7EF7ACB43916A8125C58
    SHA1:9C3570CADDEA9075C8EF15B888D66EC9C9F02C57
    SHA-256:2E5397880D6508E23E60095B71EAD6886322E7E358F533DDE5E2E247FAD7BDF6
    SHA-512:0C4BF1B2B0A9F7ED030F6B869CCAE61CE269A56E5B3024A0793158BA240150A592AE27A1BD5D9D596DBF851692BF65E166120F9DBC5EDB51B6A44598193DEF29
    Malicious:false
    Preview:....................F..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3550
    Entropy (8bit):2.8487365000259737
    Encrypted:false
    SSDEEP:24:t/KIpXg0nwB2Eycib6iGjgd/iwBQj36d/iKjrd/igNjCd/iwB1jmydBQojFKjKkI:1KI+osRjeOjqj7NjYPjHJ3VfozLfOc4
    MD5:F007CD5EB80EE0CE496038EFB8EC2582
    SHA1:E802FD423D2F1FDE15CBD1407B85FA75C3825FC4
    SHA-256:8022B3F1A140A1A66C98507CBA42A52A88FD880869E22E5D8E9EFF24B04BFE0D
    SHA-512:39412552E13F7FFE66B89B8B744C9F8432D825A9459895887253D48472E78869E4E725454B0DC7F7B2259C0FAE1861B7FF94E8B7DACE8FAEF3DEEFE2A192C49D
    Malicious:false
    Preview:.......... ........zp............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3790
    Entropy (8bit):3.091411011103378
    Encrypted:false
    SSDEEP:48:1KI44AcC7cSPXqgLj7SfLjnlv2LjtjjMSajQRLCYVICndveJOc4:q1j4kbGPQHmi
    MD5:29235D502CCFF0561B43858A658A524E
    SHA1:C26551A6B8095F38A451B026DAE39CB914B8DDDB
    SHA-256:5047670688A21FFF38880A08B6C00C82B05291F7C0A2CC85D7B209AB0E0AF59B
    SHA-512:DE982FF51F8A7DCDFCB64B28EEE9F9691A2748B416ECAE4585A6D8A48C464E5358D21B150C7725F80EE9E968D8E469E81FAE8FEF645303DDE50A9B48FC3146B0
    Malicious:false
    Preview:.......... ........zp......\...................................... ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.494127472412369
    Encrypted:false
    SSDEEP:24:t/K7Cg0Asrycibt7iwBpj2gd/ifNjld/iwB/jxd/iIjxEdY3uZIG6P:1K72B+B/j2jj1pjXjxnuZH4
    MD5:356CF3114171DCF1B83BC4A3F65CB839
    SHA1:007FA5C424467B0FE7DA4265DF3C3064A43C5D3D
    SHA-256:311ECEC8860A50EA0D6851E0A62A25A94B561DF5FF4803140CD22ABADE8124C0
    SHA-512:6B06A0378024180F099DA66EC24F2100CA0245ABBC701ABDA627687BCBD6ECD261C594E4B8071090A335809DE780FFAF4B0128EA615D61A1B89030FBDC0336EC
    Malicious:false
    Preview:.......... ........{p......L...................................... ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2366
    Entropy (8bit):2.6434934292702845
    Encrypted:false
    SSDEEP:24:t/Kbg0SE2qgMFOF7FwB9iycibPiLjhVd/iwBHj1yd2ZIG6P:1KTNbF3XiVjzNjTZH4
    MD5:BE1A034C3A2CC982FDA36AB573B65C55
    SHA1:30CE2EA2B35448588ABBE7E7E429C024FB277BEB
    SHA-256:F86743191FA193D4E941EFFCF568E642F0E91F43149780A7ABA5ED75D7AD930E
    SHA-512:E517FD3858D62EC7CBC8F1E8A97C41DE38215919628C3A228F1C277487A924F7891E3B845A93A0A7C8B8B2125DC7105A52C44B4280283502925ECCCE3886EEE5
    Malicious:false
    Preview:.......... ........{p............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3108
    Entropy (8bit):3.0429990117954633
    Encrypted:false
    SSDEEP:24:t/KI3g0P6BzhPb2F4BDKKXF8PWTqmSDfdy8ibk0Vvv7CVwBBv7CVhyv7CpzqV/BE:1KIWPPbIAVAMqv7t69MgBtDO
    MD5:BF7939B5E94C6A7145F9CB23C013ED78
    SHA1:FE0E9602D20AADA0F85EDBE3640256CA430D4948
    SHA-256:0288F65E72A4CD4107D5E554F9706D4641D63CFF1D40603466BA68C268F29B0E
    SHA-512:AB4EA1765B9E9770D7BF8EA4F11189C60B6C9B6AD4C2B60524950C03A4D4045ACBA224D2542478DB69AD081E0A134813EDBE50511DA6F1B31CFEF2519EE4FD87
    Malicious:false
    Preview:.......... ........zp............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3926
    Entropy (8bit):4.403276490391027
    Encrypted:false
    SSDEEP:48:1KIMhtifX8deubejVXxNJ2cakHjqHZe3rtAloDJg+95VG04nt9EGVe92Yqtcf:Sf6ZubK1TJ2ca621ihzDGSoYR
    MD5:764563E8E91DFF87275E66683ABF5A7F
    SHA1:4A2FDE4C9040BE3226AE3038CEF3E765A339A6DE
    SHA-256:37863419438D6E18A3628024ECA0B827962CE45260500B2E70488A05EF52152E
    SHA-512:2AC025251EC19FBA251A514B457F8614E4BFA941DCB2B0B0AC659C313024AC2F9BBE7698954D3C229A9495E52731E22863AB97432D5CD5FB1828ADB6630B4AD8
    Malicious:false
    Preview:.......... ........zp............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):1922
    Entropy (8bit):2.0248071924814357
    Encrypted:false
    SSDEEP:12:t/DlRPyp0wNoGqnVqhb5BpyC2POL/5snhbUM7TnxAhb97pvBk/hWXjZlaNPtt:t/Xg0zEb3ibUM7TWbjW4ZIVv
    MD5:335C4E6B81A5187FC8056E1E235A00F6
    SHA1:8EB6F8439FDC8AF1226012633C24AE541A87EF79
    SHA-256:C8F2E2B8CA2F5F8EEA748547C99DE9601981093000069DA1D585CF37E3D837ED
    SHA-512:A8082FD39C26260B374CC210648585028D0659217C7FBBBE807A733E59B81EC859FD40E2C2A6FB2F6DF5C082DEE892452524A9353610A8724C0BC477FAD9C0EF
    Malicious:false
    Preview:.............`......D..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2190
    Entropy (8bit):2.2139768039093743
    Encrypted:false
    SSDEEP:12:t/DlRW5yp0wNoGqn+scj5BpnC2POL/5snhbQbnLs/j97pvDk/h/nLsej97pvKXkm:t/+5g0zNcjKibQbI/jjU/IejjK4BZIVv
    MD5:1087EA08906688D1B9A00170AA628153
    SHA1:C9E36121EF3F6789B4A76E8EFC8FF4FE951236F2
    SHA-256:F1499D0D29CE190B029C2E87D003612C004A1CD4AF8E5B89FFF81FCDC48B14D6
    SHA-512:66BBBCA96AB51A4DED1A93A3D07E91BD6ACC8768A7F7468F04B212A43410EB5253253710B33B3E4DE674BD3E6991B41B41F58B389E3BEFE5BC46441148A40856
    Malicious:false
    Preview:.............`......D......<...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3010
    Entropy (8bit):2.5886744184224235
    Encrypted:false
    SSDEEP:24:t/KUg0AwBMp3XycibwirLj4d/iKy33jOd/irnlhjDd/irqj2d/iwBMvjG9dqZIGc:1K4etlOLj4yHjf3jCqjcevjDZHc
    MD5:8191712BBEE6A5DC26972447DCC8C64A
    SHA1:D5BEFA628DC52BB95D16B1FCEAD4D7BB4C80B88E
    SHA-256:E469E4D146AF42C97B03C4DB32756EDDF0B51E799A199840749A13AAC12F2175
    SHA-512:A13B7242215CA6AFA4F4CD10ED8B073465BB264A0ABCAF46EC5A28C98E4C2E1E90C6353394873019D99BF28ADD210412E1BBA492B45141882096861D784E37E8
    Malicious:false
    Preview:.......... ........{p............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3010
    Entropy (8bit):2.586347842273276
    Encrypted:false
    SSDEEP:24:t/KIJg0nwB4SycibK5iNjKd/i/vjGd/ivjs7d/i+jkd/iwBIjcdth3D62ZIGtDO:1KIO2SWjXjzjsrjCOjKhz62ZHtDO
    MD5:2E584B0E0637EDBFDE2999EEDE1A7A8F
    SHA1:F0AD0B0C360B426270513C0004D20F991EBD8CFD
    SHA-256:07AD3B93F7C1002FB3D1431A31728AF0DC25087D2921D262ACF0B3FF436F7CDE
    SHA-512:699B4C1C93838B089969C61B4C3E109DFFFADF2DEF6E0038656B4A531F0AE8F3A5E39ED6EDDAFB2A89CF90E16A428947B0E1D25976E73CD47411D325C1A03BE3
    Malicious:false
    Preview:.......... ........zp............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2466
    Entropy (8bit):2.358942443783336
    Encrypted:false
    SSDEEP:24:t/KRXg0AHZzScibGNiLjN2d/iMjPd/iBj7ydaWVZIGF+:1KRoZzV5ijOj8jQVZHc
    MD5:C57961327E86A3AD3F5C0DE920F6225C
    SHA1:D2EF89E8BD64CC48E43D568A72ED424CBF7A9D1D
    SHA-256:70B7C2D3D1C1D2CE9DDE688E6480220F46DA78A456A121A363FF0867685E5B77
    SHA-512:0033DA14FA827363B1E823044A773EF05BEA81F6E2E909D1D7E23636F3C2D2D508259A47AB5E540138FF23A9D83104AECF2B2B75ACF8C873882791E6BC5E82B5
    Malicious:false
    Preview:.......... ........{p............................................. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.5581645848737735
    Encrypted:false
    SSDEEP:24:t/XRICg0Fr61ib2h26K6nh/6N6n6/6B66nvHL1/VVdNsbIAGJQ0:1SWG1r1nkYnjnnz9VTN2w
    MD5:7A8BFEB1D17BF0A4035837363BE4BC84
    SHA1:1889F8A4CDB5B8C5175F9514117D1329157E8072
    SHA-256:512AAFEAEA760583E680F2053D7ADB7D099DE800771D8AF645B1B4338738F67F
    SHA-512:B6BECFFDE81CD55E952BBEC80FF0B98B0C5B25D05FA4030C02A6BAF7AE4037BD9CF074CDA7346FDC95A8914EB62594B4E9DEC026BF16972340957BDD850893E6
    Malicious:false
    Preview:....................F......L...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.3570029231007035
    Encrypted:false
    SSDEEP:24:t/eal2Cg0Hfib5kp7jNf/Ujsl/YajY/mjcBlZIz2Ju:1+If4E7jijshjtjklZYh
    MD5:A8D03FFCE714F04EED78E66C54C767BD
    SHA1:0B4339E8031954D9C3FE9CBD34D56384ABE88307
    SHA-256:9D7B7030D85AC7BA1F48CFF69BE27EB450AB1F87CA4970C45B270A1A8D2D617B
    SHA-512:4EED4939C59D506CD07347DEC855DAE4E07D4FB9573964DD4B5856AFAEC988AF8229DB097B2EEDFACCCD609E4871CEA015864D89D6872D0ED34FC0544D8B4839
    Malicious:false
    Preview:...........R.`......A......L...................................R.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.5386352919398956
    Encrypted:false
    SSDEEP:24:t/eCg054H6DibCF9j0/l0j1/Fjq/yXjBHZILuq:1eX6DzjRjfjtXjtZ5q
    MD5:8F2AEB8AD6C0A30F975F0E9681A23468
    SHA1:E76C484CBACA9CF483E8720D19E2E55EBA1208E7
    SHA-256:4ADF395C91458480DB061FE9F1EF8E7D1E50135F8927BBA101572DBEF6867D02
    SHA-512:815418258B1AF083AAB1BAB9EB7EEC796D092EFEEBAED468F3139E0B5305010BE941783DA1454F79ECE097E93A430D61EEA741EB2B01B4B4C51918E60EE34C4C
    Malicious:false
    Preview:..........%.........~......L......................................%....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.525352962726934
    Encrypted:false
    SSDEEP:24:t/72Cg0DKuzicibOFzzVd0EE1/oAyLi9sP/Y39sP/1x9sbI2ihAA:1721uOcttzViEE9Tmi9EY39E1x92VW
    MD5:DD7D498B71577EA33C96340FDFD0024A
    SHA1:B574E50F26793B46D4C11CD4767135947A786FBA
    SHA-256:F4DA27B440ED9B0471809935A3F9D072EB77AD8F22DE3115F4D4EBE142461801
    SHA-512:CCE26F453523F1D207126404FD99F1BD98C0E9D3E2C23595B935A18D4A6A3CE30C33CDD03D550D55FEE3B8225210CAE3818B95094D074417B2459ADD95CABF8A
    Malicious:false
    Preview:.........o...`......G......L.....................................o.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2476
    Entropy (8bit):2.340293585142568
    Encrypted:false
    SSDEEP:24:t/jg09rXWCkkib+qY1/QXq9AsP/nCv5sP/QiIsbIFEa:1RmCBdqY9yqKEnCREjI2YEa
    MD5:DF6500D5CECA43406B6E48D62BCB4F15
    SHA1:1CFE98AA5A4A00F4F69622CF14527C01013ACBFD
    SHA-256:0E4997E7D19E70DF166AB2E432A60D6D3EAEF2721DD14A585964927C5E912D9E
    SHA-512:8EF920CC5A2769C0E0344D6AB04852702958D6B0FABB26F32F8D83B39B9BE56B0F10B24D894E9BCCD78A4EAADBC6972E008B42A1D754D13210F6E0144DB45711
    Malicious:false
    Preview:.........^.?.`......~..........................................?.^.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.4350577398732596
    Encrypted:false
    SSDEEP:24:t/iCg09rvE/gibIG7S6kl/T7t/q77c/x7yXsZIFEa:1iYv5w7Sx7Q77i7FZYEa
    MD5:8B70F42D83F8E132A7BF24493584F7E3
    SHA1:2765BA761F9D7657070AD5E06C6DAE2B8FC28E91
    SHA-256:812A942EB8D97FA161853F965F73B8451C718940F57382B530920246D15F18C4
    SHA-512:27AAC4F023E994935532E1A42378C0210C3553465341BE526A203A4BA7C33CA9F006207D0472432B079BA7E12DBFEB59C72F2F17305EC97318BCC1B3F1897AE3
    Malicious:false
    Preview:.........^.?.`......~......L...................................?.^.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.415661252778684
    Encrypted:false
    SSDEEP:24:t/mCg0L1tC0C1/Kvr5ibh7/69v+PsP/KUG/sP/qD3NwsP/KriGs7ajY:1mmQ0C9KT5869vOEKUAEK3NwEKriGNjY
    MD5:4B0DECBFFEC4A7AF677BBED0CF912D2F
    SHA1:79256C220038ED9EF2684F00B23F6D17A4FB616D
    SHA-256:FADE2CA42891981B36D9AF2B64AF3723620CADB244250E768FF58DC6A85C4347
    SHA-512:0F67646468B3D82576248BC4DAF224F9D5EFB83C4115C93B14E23E5E8977E2AF6B21C84E180AB5D45C08AFD856DED84FFDE8B183A6DD3ACC1CF1DBD2D4F2695F
    Malicious:false
    Preview:..........-................L......................................-....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2476
    Entropy (8bit):2.3950422040139205
    Encrypted:false
    SSDEEP:24:t/W2vg08+YJibYI+Vje9/pGjIDl/fjYGInZI/ZW6:1W5Jdj1jIhjxInZI06
    MD5:8C8CEAEFC59454A0C8291C12B8B70EDB
    SHA1:3989E514F82AA86B96D99969C220B505EED83ECB
    SHA-256:BC889F8E61B045F5D02AB01D88910222ADFA9447D86087DCF0E54614FEA1E408
    SHA-512:15C2C710A66395813871517AC3C8F29E2D4B4FEDA69070220304E68575B2092C7F05F207EDB7DCB02E78208A08A3D0706A2ED57445ADC8F3318E0AA082D7C3E8
    Malicious:false
    Preview:.............`......D..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3026
    Entropy (8bit):2.5019306180298333
    Encrypted:false
    SSDEEP:24:t/dg0ECgqFlfAb6Yp9jx/G8E7ji/pbjE/p0jv/txjBW5pWwVZIGTan:1mWlfqjkl7jwjxjPjWfZtq
    MD5:913E201F88C5E3F5A1EF27066434AFDA
    SHA1:170583EEEC0A8154AC130C8FC059F7E18C95BB20
    SHA-256:C6571C7EB49529DBC184613BFBF247C8FF1DAE6BC8312580F9689CCF8F7BE9F9
    SHA-512:C6427419C8D5D2285C382383EC2A75BC48E36D5846633D7C10F1D279E774E7019FC90A5AEC78DB4D107768BE5134B207FD0BFC223C76C625A62B91D2A4D4695D
    Malicious:false
    Preview:..........;W.......;w..........................................W..;................W..;................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3006
    Entropy (8bit):2.523116421949648
    Encrypted:false
    SSDEEP:24:t/yRag011yeibzRaDjH4/Hji/aRjX2/aoj6cZM1/QFqQsbIQVo:16EyeVDjHQjXRjrojo9QFD2Y
    MD5:BBAF49C98110EA4F4F96CECA60C07FE2
    SHA1:6D12B051E222CFCF525935B8FDBD232B5845C07F
    SHA-256:5C4A716DB167CA3E7FD04EA6CDBBDD0C4733448A9B4174ACC312908A93EBB198
    SHA-512:FF75613ED9BD82E79F9FEA7EF79D61671CD8ECFC73E797E39E8AF1315EE6E9EE575BB681C278E5E5853EC41621CC1A00580427398B5C8EC38E98412E6BF8B864
    Malicious:false
    Preview:..........+.........z.............................................+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2006
    Entropy (8bit):2.218059119701601
    Encrypted:false
    SSDEEP:24:t/9Iog0gUtsB1cjhP7pibzJa9zjJbZIJ0+em:1K+tsbW17pdljVZu0Nm
    MD5:8DAAC4C5C66C82A0E252E510183B2973
    SHA1:44974D8B8BE7EC858322C485DC368A00B1D497D3
    SHA-256:0B0A3FB2B64E4BEFD29A1EA436C8108A96E2699D710567528665ADBBD077FD63
    SHA-512:169DE5679665C3C60D026B1E8A2406BE9BA09CDF40D1DBF89E8A34A9E5BAD9062BE5403303EB2730B299403484FD958A0BEA49D7163FC240B94D83A715845900
    Malicious:false
    Preview:..........+h.......zz..........................................h..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.401350170504123
    Encrypted:false
    SSDEEP:24:t/iCg006i/ib1JjQ/Kpv7jA/njzH/AjjuyTdZI9SAaL0:1ij6Iqj5jQjsjHpZCSa
    MD5:6021A2ED488D2E71514BA829FDDAE51E
    SHA1:E50E18315FED5C3FBB24876F2398011C7A55408F
    SHA-256:D22AEE09E56B2F1B8D24C85DB5049E839B22069AC9C4F5D4D4329030162B4C4B
    SHA-512:AFCB4F25E01116F7F0EE40B23507C89D56D64C0A449EEF0F63D7AE9709E50CFC08FCA43357DC9B61360F7189F0FE5609D9996778AB4795304B0E79D4644546DB
    Malicious:false
    Preview:..........*5.......'x......L...................................5..*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.3662724208139485
    Encrypted:false
    SSDEEP:24:t/eCg0akA0ib5bchjt/1GKzj8f/cpljz/c4jZqaTyrPlZICNYR:1erkA044hjKKjh/jo4jZjyxZTNYR
    MD5:5D21D3A9091EB09E7C4D919844AF1BB6
    SHA1:6FDD762E45878528251584C2B9D2805E280C39A8
    SHA-256:0D600FCB01353E64660E0F71AF8D20D5E30702623B5D5F2ECF509DCFE13139F0
    SHA-512:9B110CF5E524411D0C92D575C6DDF01247B0D93E68687321F51B2F1C133960F707BEB12D5593FE3473CECE323611CCB17622762971CA1A1B307A8DC85A67234D
    Malicious:false
    Preview:.........A...`......A......L.....................................A.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2462
    Entropy (8bit):2.2734876078208432
    Encrypted:false
    SSDEEP:24:t/6g0Es7hfibIqPjdI/qO7j8/qFjFGspZI1xlr:13Yhf8PjTO7jVFj0OZwxlr
    MD5:2B18A6C8B0AF5C9C16236BF8BBF117F6
    SHA1:E21A1CB6710A5574959DBCEC0D26B827220225D7
    SHA-256:9F8A075D2470A16353C255787488A9DB82793D6BCAB622A01307776DEDD6689C
    SHA-512:D20BD945019AFDEA05C36ABA7DEB70616C97D21EC18D91CD54D44F92A91B462D5A3986A3EE8D43D8581EB91CBCF1E47B969EDD2F006F66B54A6680C17E8C3851
    Malicious:false
    Preview:.........E.........oA............................................E.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3006
    Entropy (8bit):2.4729406176370645
    Encrypted:false
    SSDEEP:24:t/ZRg0H8+ib5xqnzjTI/qO3jqZ/qVjT/qYj7pha2ztj1/Fy9sbIact:1ZF8+7zjlO3jbVjmYjhF9Fy92b0
    MD5:AA97A5B1603C4F741F8A78D28F34F728
    SHA1:8C55A78048A1F53BC5C3C3EEE6003C15F794A3D0
    SHA-256:D1ACE6AFB47FE5B74C8ABA0AB59369FE39FDEB61364F92F121AB33A361795933
    SHA-512:039393FBB56F86D4C8EBA6004576294098634F538510AC85A8EB45B588BE974DB2104C97F1B3CB632E81F94E459E457BD0F791EDB0DAF130C4FDE0AE820F18A9
    Malicious:false
    Preview:.........F.........lA............................................F.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2530
    Entropy (8bit):2.423675788368271
    Encrypted:false
    SSDEEP:24:t/cxg0E7yXElzP+1/9BU5ibgH/9FqSsP/9znsP/9hFiYesbIIUj+Kr:1Jy0ly9I51fuSE5nEbsB21Kr
    MD5:65D8F7821030E0013E073E57D28769C0
    SHA1:34FE17CDFA0F62A83622F402AC403416CF019F2A
    SHA-256:117F569BEFA2E75103F31FF390B059B8A42D1023504A9A23226C7AFB06129F25
    SHA-512:E377614149ADCFE62726570DF009E4BAEB32DB35E314FB9BBF40877538B4B94DDB4D45666768657402626B64904ABCC86AE647DDC7B7DDFA4C8B2BED49982B56
    Malicious:false
    Preview:.........k.W.`.....MF..........................................W.k.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2246
    Entropy (8bit):2.2535394382687945
    Encrypted:false
    SSDEEP:24:t/ag0Rl98l4Fs5ibD/9tisP/9LviXsfhy:1EuSa5yjiEgXcy
    MD5:1FBFE6E1B6F76D4FC1671051A6D71038
    SHA1:5740F0443DD1B8BFD0479F897EE1FCDE151D2A61
    SHA-256:FF8B857849C98C91B5CBFF7633BDC0CC31DA2A86C099D943B3021DAC240B5637
    SHA-512:9B2534E20611ACB0FAF0B220688A3BC4C5D1E480C5B7507407D2C3479C568C64A31B2A0349191438E6A397BCD1A15D2AF3514F4826CBA56232B92CB8104FDB34
    Malicious:false
    Preview:.........k.Y.`.....CF......X...................................Y.k.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2302
    Entropy (8bit):2.2428467512803167
    Encrypted:false
    SSDEEP:24:t/6/g0pVhw8shlSnRreibHxn6jZF/jj7jmFhw8sm:1d8shcRCw6jXvjB8sm
    MD5:2CB34F71DB69BA58BA8FD1462CE6D960
    SHA1:1E59C1B10F888B484CFBE09CD17276C25E03C7E8
    SHA-256:EC7EC4179FDD932E28DD14967D58CDEE20FFC4FCBA443FC957A0D539BD41B04B
    SHA-512:B52FA369E9C5EED380D8EC0A7DE2476A54FF3F1539D3C0A9B50DC848965C74BDCB0087E854D580625BADB6A436995FCD53092C7F0BA14A8EEA31EDBD52495F62
    Malicious:false
    Preview:.........E...`......E......t.....................................E.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2574
    Entropy (8bit):2.3722951756769644
    Encrypted:false
    SSDEEP:24:t/Og0kB7M97rCzugWibMHjs7/yjLR/OYTj+rM9Y:1QtqWJjsGjLrTjLa
    MD5:ECE27E7D4369887C886F63F04B44C277
    SHA1:EFB66DFCD2972617DCB6AD639A5A315E882D5D19
    SHA-256:68A3E3171888E2C6A52FEEF7AC38892DB98ED8373C6C16F8139110A6A0635122
    SHA-512:9E52FC91D522F1EED02C74142C969AF4363C7568029567037F58FC1B2AD9C81666604164EEB4BD3FB88E6B015BDD52356B98E5E73C4355ABDA7EA4448DBEC755
    Malicious:false
    Preview:...........I.`.....;A..........................................I.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2734
    Entropy (8bit):2.3917602343001128
    Encrypted:false
    SSDEEP:24:t/QouCg0B5t9ib5C97jpbU/e3jjf/Hji/yjNdZIDKgdC0:1u4D94g7j5jjjHj3ZCKgdz
    MD5:7E569159924FBF85038CCB8919546BCB
    SHA1:CA720DE5ACDD8A69ACB467BF459AC75988B26A68
    SHA-256:D7537A6ED9D37C2B0D77D5E66CDAA00EE645AED7D5ACB09227BEBA7F0A577566
    SHA-512:4A90B029B83A6F8683C45C8120D8D7D9C9CA76DC45E75F9DF6CA3561F2761409E6E67CF4566B39CF314B0F2378E5012D92980DE539642178878175FED6D625B2
    Malicious:false
    Preview:..........%..`.....a.......L......................................%....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5588
    Entropy (8bit):3.4033352557512626
    Encrypted:false
    SSDEEP:48:1r43+WGwQxhQIEQDgQaDYNTWsCGVy0Oqc/SawX/Sf/AdALhDpx2fvLXSObWz0nz6:XCqiH1XybWzdj
    MD5:4DEA3850862BEA2587216C02D8B26704
    SHA1:27952A73F168AE0CD31E3C8616C88E0C1891490B
    SHA-256:5B21985792504ECEE651E5D4A92F394039EFF31F9A7353F41B1AF276AFCFAC24
    SHA-512:F626C4562CDCB8518DBF47E04CC8017405E5FF33AA48DFF966CA4566934E29C7E07B722F62DD72BCBDF21122A547B3AFDC54883ED9AB02E98ABBD78FE076C5A0
    Malicious:false
    Preview:.........z/..@......}............................................z/....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5316
    Entropy (8bit):3.3769690041019476
    Encrypted:false
    SSDEEP:48:1bCeJ4E+RFNisQF1clwQFKRQF76eW5SeSYA4J9giQ/q1XAQ4OzELEyXz1UJD0RGt:417ldMST4J9LrlTHowazGO7ry
    MD5:5F2CA0DF6EFA6AF85E9BA08B327B6134
    SHA1:1ED0D694501E061161A7F8C469DCB610CC9CA689
    SHA-256:DD43765F6EC1B8557E8C3417E6C4BEF5DCBEAA520E05050B647983DB662F215E
    SHA-512:20C4D3581D652DA2A499D745DC51DA06912F98D9FF24771E5820BE9C1B6E36B5158E6CF34E1C9D333521F9A181BEA1F824C2C3D7633A8FAD02B68FAF0D14FCB6
    Malicious:false
    Preview:........../..@.....O}......W....................................../....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5316
    Entropy (8bit):3.426267032807471
    Encrypted:false
    SSDEEP:48:1m4A+YdQQ0WjQic6Qy6VGlRpwXmGbCWXnNvTfLESzPuMYLLt2OqVstqz:NMyGvYrdkMyqyEz
    MD5:EDE59FD6E1053FC9148E4E65860F7BA3
    SHA1:2497C36CF9AEC9EF0647FBC0082A66B95515B8A7
    SHA-256:CF20389E6B6228848D708BDF1ECB694D5E6D92173178EC58133591D60FA67D43
    SHA-512:1DAA724DD7FF1FD6BC519A1852433CAA5E5D03AA3CFE905B954F35A93189715FAFD023A4EB5C7AAFC057EEA14FD6C7A89D06CA4C30E5688E30B18CDF72128ECD
    Malicious:false
    Preview:..........<..@.....2r......W......................................<....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5030
    Entropy (8bit):3.4161276770518554
    Encrypted:false
    SSDEEP:48:1hlekPAy5e6AhXjUqXNlzSLKZsnBL/klYh6TaxJa+AfRt:XNr5Lm97z/ga+e7
    MD5:2FA1BEE500835098FE5B8B716516A848
    SHA1:E475ED4DCD26E2EB80D1D2AED8DF947487057198
    SHA-256:74FF09B2C5706D18202A468968BCF12A198DB5D914EB41287C1E9A9FCC47ED90
    SHA-512:9CF7FBCFF0E05FB2B39A2CF7E9B41A50A80ED301CAD05477EF95B3FE979DC48555E476394DD9B7C5C5D29BD179424293B148986803229026E6779CD14A47B0BE
    Malicious:false
    Preview:..........<..@.....1r.............................................<....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2966
    Entropy (8bit):2.713548680413962
    Encrypted:false
    SSDEEP:24:t/Pg0KwtlkyffHETBh2CdzEfAb6M2Ccsjf/9tlsz/2CasqaQ1/yaZjsbIMlYD:1+wtlkyffkTBlEfDsj7lsgsE9DZj29K
    MD5:4328FD2FB02FA5C7B817AB871ACDAB41
    SHA1:634BA1BD876EF3108103F36D605E4A459030B277
    SHA-256:50A1A4A1162174DD797054BB71A9913E14C4400B448D89065F5C30300757AB90
    SHA-512:6F73B10D50E37F40662AC023A612E05C4A8FBD50D43E3C8278CFCDAD65FD780C691B371930146FAB6FD1E51EEC0A08FD0D63620966F51549E9A6A930B9F664F4
    Malicious:false
    Preview:..........&........{s.............................................&...................&................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3006
    Entropy (8bit):2.5262945868252342
    Encrypted:false
    SSDEEP:24:t/9Iag0Hmxibz6zaIzjP/WASjfJ/aGj4/aHjad1/vlLQsbI7rw5w:1K9x6IzjmASjgGjxHj89vl02Q
    MD5:DE7A72422C0F69F05FC624ECFD7B6045
    SHA1:89279B7BD6849D1FC0E3AF4FBF0B4BA8E536DE83
    SHA-256:E0BE02A969B80F6BA254DBCA60CE94F19D5000C814A5328110AD9F7CDDA5092A
    SHA-512:6A3F07916E9DEE4E1B76A3C455FB141C96FFFEDC574971A22ABFEF28CD88F1FB106765DFC33DF194E5790911B6B457C9E1C1524BE78D330300F00C4ABC071D67
    Malicious:false
    Preview:..........+h.......zz..........................................h..+....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3026
    Entropy (8bit):2.5102012347922242
    Encrypted:false
    SSDEEP:24:t/9g05yu5sCjKmmfAb6RzTcj4j/7FjWW/T87jD/Tfjq/DYjY+FZIV3Cy:1euRKrfTEj4tjWv7jfj1jdZkyy
    MD5:FE64E2CEBBD14304DED7B9EE51AA2BAB
    SHA1:9E921D3D95B8487E7A293A39D0F5EBBB99C8BD5C
    SHA-256:E227B027EEACCD18E8D26B127750ED6DB8B200907D141D597E6A77173C2BD13F
    SHA-512:1D1664099CF1C3E2B7CC843D1BD750CCF30720D3C3D7047A4CC7F23F6474D52712FAB6DBCC5343AD59BECBA5F33BE64A4A71B2BB9D20904522D7960CFACB4DDE
    Malicious:false
    Preview:..........<=........v..........................................=..<................=..<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3026
    Entropy (8bit):2.5098001909710304
    Encrypted:false
    SSDEEP:48:12DNGbaLIV2HTjjbMj/1j/ejDFit9Mbzi+2FJrE:gIapj3FNfoFtE
    MD5:339C422A86CE3C277A8BFE674F6D6AAB
    SHA1:48D5F08E4D80F9EB4DF4ECCBD2DC5CFC6BC47A97
    SHA-256:435DCA1844AD586FD82513A999D55CA3EB7D08C8293836ED16D39A49184DB53B
    SHA-512:396F9556E995323C164FFCA2592A3814180991C59FD88C24F105FC991CFB0B622734534B2175182CDD4985D2AFD7398543E406FF83AA032D1FD2D693E40636BD
    Malicious:false
    Preview:.........&(S........z..........................................S.&(................S.&(................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):9370
    Entropy (8bit):4.83519911106691
    Encrypted:false
    SSDEEP:96:9p3c8x6T0P4C8jkWj0E/esLPWXrGgJHWO9QjiC/LLRKA8DY5uRu/YWTPG3TjUxLi:L4eDm/8K83ymHqaaPQnt
    MD5:16044972C86FA1F3805FF3588E01AA7C
    SHA1:15E89912DB75DBA7E0AB6249ABD8F71CC3E570D9
    SHA-256:145B9E50770EFA9F3C5DAD13951486BA15F19CBFFA2F88822D1DD7F44645759D
    SHA-512:B66F1A5C36CBA38AE73D4972F750B30364377176BCDB2632A6C2FA17D8BFA1766CD0F938B4E4D8B3D24B2449EB67B7DD1A8BD9FC0E01479D2DA5670313F7FDC8
    Malicious:false
    Preview:.........26..`......v......B.....................................26....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2146
    Entropy (8bit):3.059850792264248
    Encrypted:false
    SSDEEP:24:t/Bwg0jzrxvVvZIt8Y9MVlizOYtpcsi40OvnyM5ibZqWXJ/vy3D6tBX:1srvZ6MP/e3J1vp58qW5/vgoBX
    MD5:3251B2FBD1282F3BE104BFC1968E781C
    SHA1:BA22F93519D07EB376F81C60AF1B9426BE831CA3
    SHA-256:D2BD563ED3052597E2BC08B3A1BB1B2B142B3AFF13F297F6924CA5772F6DAD1C
    SHA-512:D4E02B812130FC64CEB005C4345764366359BA7000C82347C0A8D277E4F24CA058E3B1A135ACA736E183453EAD3D5D571A4A758491963ACC8FEFA306FDE65B42
    Malicious:false
    Preview:.........m0.........s......&.....................................m0....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2500
    Entropy (8bit):3.489342841697663
    Encrypted:false
    SSDEEP:24:t/nwXg0SK+Ur1fLRiJNXBougdEpEUyibo1SfE+bPQFRA7t/lS6iZII1p2xIG9O:1RUZfLReNR5gdEi9lSfE+bPdt2CIG9O
    MD5:F3B92A83FB44EFD5B133E5F42A90E7E4
    SHA1:F372A0BDB3D88BF76733AE28328038359D4926C6
    SHA-256:B62D161F9627BBA3A2D7F0D42AA95303E416C313BB47827D78FC7B96047A8A18
    SHA-512:0CD2C02D55F84CF79D74CDEF57812FDB48A3D465D5E91E58BFC876E9A6C0F8B7FDEFE588E40BEAA4015D58E78E2CECE95001331378E9C821643B1508EEC8645D
    Malicious:false
    Preview:..........%,.`......l..........................................,..%....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):8028
    Entropy (8bit):4.847051301500653
    Encrypted:false
    SSDEEP:48:1GRxlWsD/Mn38AzT1HplSqD2iw3hHn3T9zcIAUDlFJJCuFfdq9DfnKfiwZHf7fNE:oRLWyAgqkFcL9Si8zZ4LkKh9FZfqTsd5
    MD5:FACD96ABDD8EDFC6E801B64FD820ED42
    SHA1:44EF55E3D035CE0C77CA38BAA8671A782C213FBD
    SHA-256:5EB9285C7EFD3E766E7B391C7E7251C21E9B19F2B76E61CBDA5E6560EFECABD6
    SHA-512:EEFC6B78BCDC5E96D323C5BC5C97EC66613657DEB98EEBB8FC5A21CC05819401DEB7B81974E7790646D5C3565238BC6ACCF92E03967E81A727ECB3805F1FBA9B
    Malicious:false
    Preview:.........s*..`......n............................................s*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3052
    Entropy (8bit):3.8468957735836287
    Encrypted:false
    SSDEEP:48:1G/xgunP/xvoioZFEXr3UPFoPr3DDbcFBV4:o/j/cEXg6bbK0
    MD5:E4BE84B3B38386531ECA2B82AEC7290E
    SHA1:F632DEC40E571541D4ED1486EA742FE45104B51D
    SHA-256:A5DD9E108DC3A7C5088C3CCDE4E09730ECCA38CAE8C1E13E91E71092ACD5F547
    SHA-512:521A17BDF5752247D2BD7B675A4979D10BAE67768270A17530BFEE30A298BCD845C7AE9F91740678E069ECF6AE52A338C917E3CF7455727D0DFA4CD141BD3C7D
    Malicious:false
    Preview:.........s*..`......n............................................s*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3528
    Entropy (8bit):3.9334044587651413
    Encrypted:false
    SSDEEP:48:1GIxgunP/xvoioZqpLBAPUH0oqQDb/NLFzX:oIj/pBIUe+btFj
    MD5:D4EE264132AED5F68F539E7A0DC50EAF
    SHA1:C78596527FB2C32F14910C4B9634E247291BBB61
    SHA-256:333ACDA949D36374AE94F7EC8F3BE8CFAEE5B144E3DB2FC76E92C4CC6B27852B
    SHA-512:F6629EF7A869388AC9C197774C3C7732B0D90A982409114C52E49B08FCD1D689D61ED59AF87A1086E163992943160EED3AD8EA04EA717A8DAFDBE18071775031
    Malicious:false
    Preview:.........s*..`......n............................................s*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3808
    Entropy (8bit):4.135597638972625
    Encrypted:false
    SSDEEP:48:1G/xWnzn1ON6s5sRANz7SpNmpm4fGO4ZCnSPJRpomDbcu4g2K:o/Bree798EGTJHb12K
    MD5:0F479E258D77BA34B0402CCB79AE7F59
    SHA1:566CAEF317960EF907C41A1EE0EABF90303A931D
    SHA-256:77D31E3425474431137149DE16D7F97F8FAD263DF55DD1BF00B1DF1662F26B24
    SHA-512:B0F7767202188B44E81250A7781BAD6B14C2CE3AF2B5322EE29A8A34B19BF124B065D4EF0DF13EC81E13A8260D96635802C54994A15CA8700BC0882224F6486D
    Malicious:false
    Preview:.........s*..`......n......e.....................................s*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3848
    Entropy (8bit):4.140759915069651
    Encrypted:false
    SSDEEP:48:1G2gYUYMhELZlqZK9dOX97ZhZ9apFxMLfPcuLY08oi2uegJOFmTEwHw:orYUYooqagZhZspIDcSO1egahwHw
    MD5:BCD4A03FB1C817BDA02073285B44277B
    SHA1:18F73183A384EE37640324ABC762DF20E4EDD4C2
    SHA-256:AA827936E8AA0416CE33754F9999C7F0E7DE45FC4A9517C05B42D5B78A4B7F0D
    SHA-512:C881729C4FD2F7868A5D4C9155F0E8F57FA820398B0F0C3D0EDC3472D0DB6232354517BBA7FD9D11B4677FD358A10017FF0593B9CF9E28BD504FCE85A9E536E5
    Malicious:false
    Preview:.........s*..`......n......y.....................................s*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):2944
    Entropy (8bit):3.7074470093896017
    Encrypted:false
    SSDEEP:24:t/GnTg0IK+a3i+c4XzuuLil5yuKJjUfyyibojBFr4PyV7CKaJSDQinc4WAvoziGA:1GEa384DzL0XKaP+oaADvFWgGg
    MD5:548B0F9C0522791A0DBC5FA3ABED2DC9
    SHA1:A7F679D4CD445D01A877CEE66E3ADE1B93F27541
    SHA-256:65DBE59DFD95C2DC986451BA72759ADB6689C5EC7BC78B52CFD0DF74633C4CDA
    SHA-512:766D845BDE638E19C323DCE4DD742DD98909E78B36441CFD0EF75977FFEC00489D1A183AA1539CCED9472AE58C2A84937FB77B1F424500608C2D551A8BDF503E
    Malicious:false
    Preview:.........s*..`......n............................................s*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3544
    Entropy (8bit):4.0308220045746035
    Encrypted:false
    SSDEEP:48:1G1i3wLFEYWCWNOlpZhDbFfgpPf4vCMSlHO:oewZVbFCfySxO
    MD5:36A80D5CEC82F88A740F757B62CDD1B3
    SHA1:E1171A5B8C8BBEE2BFC29DA612F569A74826F6CB
    SHA-256:7B73E8963639FD4D32F6F128C920F8C7BCE0253163FB155BFD90649F227D8D02
    SHA-512:C478D63F6B634A1283470738B975E1FCC175EC5C93F80FB65944CF7B32FD9698A7044C4262A830A1D6CC63884EFA1545F0871A920E8D13B72B2D322E2D4638E8
    Malicious:false
    Preview:.........s*..`......n............................................s*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3624
    Entropy (8bit):4.130921564286397
    Encrypted:false
    SSDEEP:48:1bLYJEYJE0BbOblHqnAWAE1JMXRbxZSKhuZvNhhl:5OEN0Q5Wp1JFvzhl
    MD5:5287E928395A20F53C6444A08A4F3A3B
    SHA1:0E267590C2B332D7DE04DE00045A2BA17B6AF7F9
    SHA-256:75313CED759F9790A4CA8EC443E25486B5678BD893F18B5C27806047B8B51EA6
    SHA-512:EBA4AF771094C23654B28B7F7BB1A1079F241B0C7739A739C808E4A781549EEA6BE7038A92B465AACDE5C81A041760ADDC5AB19FF89D7F60FA1AAD3F7AD137E8
    Malicious:false
    Preview:.........H,(.`......i..........................................(.H,....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):9374
    Entropy (8bit):5.184941895064098
    Encrypted:false
    SSDEEP:96:KzfWpYP3ASk+mDpbx71GrqQA6xeLxJuVFrS8XnmXHScIGYTkADCQXupI01KyU6KI:KK6b3mXSMhNhrqDcnvp
    MD5:ADEA237BF222C2F6B866D19D08EAC6B3
    SHA1:AA5B236E84A959042974B341422C454DCE8993A9
    SHA-256:933C6573EA2E8E9D898A443A659A27E554FB1C0AF12E5A561B0216228FC76421
    SHA-512:69C7D66FD8295FB6A4D0B1256F06D825B500DF00A1C437AD27EB2731D42AEB9BCB462BD182B110AD2EB085325B29C6AF34B9634297B937758204E398B0DC5C83
    Malicious:false
    Preview:..........AZ(`......7......D...................................Z(.A....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3420
    Entropy (8bit):3.9289005297902917
    Encrypted:false
    SSDEEP:48:1FeYL1JBuqD8RJ7JWpNF9tn+Q02Szm3M3fC3H:PbL1Q9mhBSz5fEH
    MD5:DB223BBF8108E022998086819D3539A3
    SHA1:4AB907A8CB56C2677B265ED24B9729892F05DF4F
    SHA-256:F73B0937BD68863D57A0F0F9CB8D63710941C6606A526439189E9F66CCB27C88
    SHA-512:97A03B1082DB33D167A8057D52FBA09833ED7A7DB3D377216A4CEAA7A547F540FB33CD7BC564CF69A25CE178F1A993E8FCAEE6008C2832073E1FE2EB6EFC71EC
    Malicious:false
    Preview:..........5. `.....EK........................................... .5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3962
    Entropy (8bit):4.079662854986825
    Encrypted:false
    SSDEEP:48:1YM4AA7+4qKgQQ5glQ8gf76eDFzXzjs/DjVg:DASKeDFzXzjs/Dy
    MD5:5F9196698CBC75E5F6948A34C20C2152
    SHA1:BE0F7523853573F0941DBD899A879E9BF4BA6F85
    SHA-256:1381CD457DE09FFB2B1F93BCDEB6DD7ECC491E9B4CC102424D7E46618B23268B
    SHA-512:D3A3F299355575742A9F06EE3A0761FE18C23A86DA8CC3269CF8339E01CE223DDFF23970D3035B8F873FDD2774B6165C6DD2FF2A2591966DEAD631E8B14B3C23
    Malicious:false
    Preview:..........5. `.....+K........................................... .5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3916
    Entropy (8bit):4.092507583881985
    Encrypted:false
    SSDEEP:48:1ozp8dxZ8dPJqzfTzaFtGKD/E48MZD4LnGiDdV8tTjG4ySC:Rd8dhsfn2E48Z73OTjJ9C
    MD5:4D583A718373DC4A3DE7270BA92F8A19
    SHA1:2190C338BEC935A35319D8D4E061D11072C0AEEF
    SHA-256:755D3481294FD16D97C929FEFC390B15E6D0DA435F34BF5F3C215038BF4552B1
    SHA-512:C5DDE91491AE9D5E7046FA736F41AE07717D166ED1C583B36FBD61E2A12662B8244E9CA082F61B1BDBD49B42C6D63A5FE0D51BC580B6C6092D79DF6274783551
    Malicious:false
    Preview:........../..`......m............................................./....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3996
    Entropy (8bit):4.182775777378532
    Encrypted:false
    SSDEEP:48:1mvAPlMYwwgKgQ5GNrD1d1UW8WJ622xuIoAfc1PMmylfgmq:+APGY17Gt1zbjQ22xuIoA01PXvD
    MD5:FFEAA1DE6960D0C6EC7524A812A4522D
    SHA1:4591C478B6EE768693DDE95C1DF85542D261A256
    SHA-256:0DEE84986C124638B72631223D735FB9C80CC7B2283787AF117100B41EDADC45
    SHA-512:8B4DE00BF0E1A46D7438EF861F5579D5485B7931BB3B18378EA7C14716D14B0D9E17A6049C56531014AD0FDA281DBD7F19105DF3C92F5CEBE0F3FA8400E62B56
    Malicious:false
    Preview:.........=6B!`......I..........................................B!=6....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4572
    Entropy (8bit):4.2301829402548305
    Encrypted:false
    SSDEEP:48:1Jd0cY8H5FsIyNzdGd3sGwp3CIAncecuzXpGVHy5suz4OWlA9:B0BG584y3DPIpymHFgA9
    MD5:E8A15A54EBBBFE3A17294C31FCD7742C
    SHA1:7F38B461DC3208A3840082FE9E23DF108D51052F
    SHA-256:7D373F7E72DEEB55C9A82350725FFA480BA66BED3722948211C568039B1E73F4
    SHA-512:D3B91840EB25258ACF5D72D0A3F441A1F77B5F6FFFF8BBDA3DC68380A023AB0166CA7945802B2BD697ACABB0BE9090E9A2DC90F5EBC91ACBD3A2BF8DBC7366D1
    Malicious:false
    Preview:..........*..`......m.............................................*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4652
    Entropy (8bit):4.266018414186397
    Encrypted:false
    SSDEEP:48:1i9/ZqsTYQ6LiiLiradoWw8O72GFCWuUvMmr+J5niDMgAxrVX+6okZ/:K+LEahEkZ/
    MD5:727FD0645AF00F00A12246DAC80E5B34
    SHA1:D310386AADA3F2380185C2D4781F263935C8855E
    SHA-256:2A1AA73CAF0AAAF76C4284AB333E56E8CEA2080EDA47B2E3D6C390CB01D43781
    SHA-512:24C2AD4FB8E4DC37086D6422F620E267164B835A3826C09E1FB22D951406B5647F863E38393C58DC82AB17049F265BEA2D51B83B959460270BC33FD0FD4CBE30
    Malicious:false
    Preview:..........1..`.....Lq.............................................1....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3928
    Entropy (8bit):4.057616280494157
    Encrypted:false
    SSDEEP:48:1bcdKv+UbKv+xNmebD44pSdt7mFmZo8Pkfl9zPNN/uffSkMgMVF1UULm60/:eEv+bv+bnSdRmFmyLDs+VhS6U
    MD5:E4A7F4D42009CB5B1AC4AB555DAA96EA
    SHA1:1983A8E8749691FF7749E7634DF784509DE7016A
    SHA-256:9E3637B12ABF6794EC1CD18F9788B73FC81D700F6B1A463F9D77C12983A27FB0
    SHA-512:13FD3E6DAA366CB7A85E0DADFC134CF5A86A3160FD454664C9B5EE9AFFEAF9D5F57E176402826B42F6B60E1E21FFBA24B98BF725A2A5A9A34AF7485A1E8830BA
    Malicious:false
    Preview:.........I7.!`......H...........................................!I7....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3420
    Entropy (8bit):3.9165546979906494
    Encrypted:false
    SSDEEP:48:1B4Gu2IFOP4uWtyLOXRgOdz4QPgmPDGNzMMuZnmNYFL:D/u0jogOztP1CNz3EaYFL
    MD5:F1BEE53ADBAD64A417CA6E90169A42BF
    SHA1:CA6560340BDDBA7FB9B567E8A60363DB758B00C9
    SHA-256:120DB2232F82AC1F553D462B67A250A3A6107C63F85864D82DBAFC0E8646E153
    SHA-512:4DCDC48D7E9F6565FAF42809F7421A7DD3E8E2395297F213994F63F7BC1BA8D1C34222020BE9C6807E72336EC5808D2B61FF9B057CAC0FC660767B88F7C93FFA
    Malicious:false
    Preview:..........-..`....."h.............................................-....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):15534
    Entropy (8bit):5.277831425386529
    Encrypted:false
    SSDEEP:192:oeXhXhgDscsA0JDvY6Nl60ZJCTQ0YcsqskN+sAnDTnYe3K1:JgFSnNl60ZgwnYe3K1
    MD5:E65A392D9A90E079D151314AC0A63CCA
    SHA1:72CD170DCD4FCE8609C3116E219FA9070B50E8B8
    SHA-256:4948F0B6F5204F53E4568548F9B9C5342DD511E2AFE95CA1E849D23AB09A1E9A
    SHA-512:06953E191920231A4934FB3FA27FA9992C7DAC71548487AAEABEDB10091F5568B66202C9A7D72D613EC7040C4F4F7EB80D81098C362456975EF4F78E64051E09
    Malicious:false
    Preview:.........s*..`......n......L.....................................s*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):8432
    Entropy (8bit):4.851632363865374
    Encrypted:false
    SSDEEP:96:oYW9so+h2X3CZ4sgWsgOMdk2MkfzCVJSGqEOh0BTf2sl5VDBxgy7yN3s0:ohkpZ4shsCokrCbSGqoBT9l7BxfON3h
    MD5:1A582F16D72A36C8704E3D2EBB15E76F
    SHA1:50AA5E6E789510469530C97269CB2F98C16962A0
    SHA-256:298B0AE9AF14678D25740D36275D13C89F3500B12D9CE00C8977E1FF4EEB7F24
    SHA-512:334CA623470D65B8CEA3C57A98A938CA9EA113387EA3E5722E442333937546C2D6ADB0C7A0B4C57DD4793ECD8E61D3A73E17519A7AC4A748FD0B8EB72D8C5D79
    Malicious:false
    Preview:.........s*..`......n......m.....................................s*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3628
    Entropy (8bit):4.159977967627816
    Encrypted:false
    SSDEEP:48:1gBAtye3glNua+ay52sBdDEx6vjxOxNDr938gddhxEjX87:aA69hddhxx7
    MD5:9DF6A291272B9F4B3B5A96DC5491E4C0
    SHA1:88C359AB4F5D1DAA9598E7C6DE581A71ADC159E8
    SHA-256:8B4996A1761CCA1B395A1E464875A120F0188D61DF65C983CED8870B31EF33B6
    SHA-512:A36C6944669A8CC44E778F16040FF2895AB55DC66D503462876A7849DC4612D73A61FBA5ECF4F9CE8E875B922D102FB9E84B6F70A056DF14FFB4BCDD00194D3B
    Malicious:false
    Preview:..........20.`......s..........................................0..2....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):19354
    Entropy (8bit):5.294346688804587
    Encrypted:false
    SSDEEP:192:WK4WhFY5fXxMwb5UzaQfyDoMMu1UBU7eXJlwpv2e2SF54sKahopvK:dw5fXxMYUJM7eXJl2vGSMsThopvK
    MD5:98B8A3A8412B5FD5667D85A362E42456
    SHA1:5E1BF5EE2B40CBF00E49B0B834C5FDE5D7682F7F
    SHA-256:357F725926324A4D2E47B89768509BDBF2728AAF2DCE54B0791B9CEA607B2406
    SHA-512:6DD25A738212014AB421B4896FC72E100591545A8F716C0978CF62C951F21F4C6AB8C2C9ADC941BC069AE72D008D90BABF3710CC84E1147C8952A75256291158
    Malicious:false
    Preview:..........%#.`......l.......%..................................#..%....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4144
    Entropy (8bit):4.225532541201211
    Encrypted:false
    SSDEEP:48:1Ybg3OhNZwwOWg3cehhoJSVSfGJloM1R/1/uGjO7:YNZvgbhtx1RdLI
    MD5:1FF6983E4023A474C77970E1D8062633
    SHA1:CEA41E76CC39AA55372FF2B90BF8F84E0C53D8D3
    SHA-256:058F49848E15D06B34309DE71D3C1AF9C1D9BF346E2C0A25E06EF11D6EEBA7FA
    SHA-512:A73224D1185785E096E4E1A2B84251D6815EDF89FCFBCBDA1C82DC8E8A1069FE094592BF30F5E57060A29D9DF084535588304E484CC6417DCB8B6E61F095E9F8
    Malicious:false
    Preview:.........O/..`.....<l............................................O/....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4376
    Entropy (8bit):4.154522575110976
    Encrypted:false
    SSDEEP:48:1SxmqCqVam3vB4M03M0BeNY+Ts+hbX6TbX63xS2gQXvDtbQTntHsl:bqVQ9gNDhbX6TbX6lgQLGntHM
    MD5:78C5C8ED2ECF31C71D075893B5B233BA
    SHA1:05EFF113A3E07251E54769B7CD1B7B467914A2D1
    SHA-256:A52C53063C4A92A7668B40654850FA76FAED8EF2C5DA1251E8BDFED19BE14968
    SHA-512:8C8DCB95994F1C749EE60E67D0C1040572C7E94743F286B2AA32BD4C8C309F606CE7FEE88DEDD37257A03E224F9D0C14D9175FE3EF908A36EA8650BA78F5DB9F
    Malicious:false
    Preview:..........#.........f.............................................#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5444
    Entropy (8bit):4.902238094173077
    Encrypted:false
    SSDEEP:96:OE9eaE9eCQykynKWFtnUjeL7YzL7Yi1A+ebci1Nfyai02+2Jd:OCUjnKWFtxLEzLEiq+eQGNfyaS
    MD5:33273954649750B729B09CFD800739D4
    SHA1:E3EA8CB17C37928EAFE6D52ABADF9119830296C1
    SHA-256:0F3B1E05756562DD2DF44179CCA075C4B713096ADC09094D1C12EB10964F75E9
    SHA-512:A4CA6CF12AADA4441CB87C393385BF8DC54B7667923B0395641D55B8F4AA99157A999C7BAE264E0EC8C3D871642F9D6D5699900A5423C673E6A89196F6168B98
    Malicious:false
    Preview:.........'D.)_......5...........................................)'D....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):7456
    Entropy (8bit):5.284379747110642
    Encrypted:false
    SSDEEP:96:BbA5BdIzl3v7bSjabFbhM9Z676ykdddULhEHN34Qg6bWq:ODwDqa5Sgi/3H
    MD5:107167231F57549FE0638A3281811898
    SHA1:1193216A504C7428AB1684DCCC2A97576AD48390
    SHA-256:35FE3D13F4C9A66AA753D3B1FAF9409F888A192B4C9AF5AF9E583E84CC9EDA1C
    SHA-512:72C5C5A55145E243F0E94A5AE3115790AF91781247C318B3D62D330A4ABA0E8D2D5EFBEFDD962CE2BC39F668ACD441A9464503EE6C1D7E86CD6353DC3A517C2B
    Malicious:false
    Preview:.........ZN.0_......&...........................................0ZN....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):10214
    Entropy (8bit):4.940446987149973
    Encrypted:false
    SSDEEP:96:IS4kN2Jxng61zLgKYtOomoTQBYEiNVuiOgcljHw9Bpja4kZ2t2kQXkbM:IzksJEKYf1TQBYEimiOh4E4kZ2SXl
    MD5:A21A90943589555AAD44B8C049F93886
    SHA1:0B09B30116BBD2FA342D56E5B623A5E8EA6C8153
    SHA-256:0198B3368CE0285062AC8CFEE438782AB9CE0096A4E5C5045D3B7BEFC39241E4
    SHA-512:0070DB74620AFA3E99CA73C3F6BCC22A291927A1EE0AECF662D26144E2080696548DAAEA312D84DAB45F327148B4AB6CEFECC7C2400495CCBE17A37D01519BF7
    Malicious:false
    Preview:.............`......]..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):7260
    Entropy (8bit):4.775188613956697
    Encrypted:false
    SSDEEP:96:0Chei+LLPn9WrfoQG2A6KdIKrYYZYWgbXuw:n0L6foH2A6KzYYZm
    MD5:21E8BA724E05987399016A9A80FA63BE
    SHA1:86BCFC1305E7E3F57248DD8BC5BB5AD90FB9ECAD
    SHA-256:4DE1F17601B1767B6FDFDBB993E8631B1761B1945BE6EAC784DDDB1909D79E7E
    SHA-512:1C825D92278F89B0DECC0CEC7DF0E8E4A950D4D38892CE59E492155E4F24C26CF105CB1BFC42E2A21D8F66D5AC206E7D110B17ED9227F93A207AA02B45C4E4D6
    Malicious:false
    Preview:.........''........I`......#.....................................''....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):7292
    Entropy (8bit):4.743706516673299
    Encrypted:false
    SSDEEP:96:+lpCQDpCflKQol89XPWp6Q5ubNNkGxmtVeVURollyTy4F73knK:6bGlKlgkQbQGYtwiZmeMK
    MD5:0CBE9EC314444D4815B83E5B13B1C989
    SHA1:BC392A9E251BF146A689CA625225890FFD7E592A
    SHA-256:91C61454F9611B14FBF03CA51401BA62B6D40E2CECC435048B42258606C9C338
    SHA-512:70EBECDC91862C89F6B0BCE6A217860D1D540DAAC25D73B5D4240F3C59900F4F84486FF10ABA9C410C5EEE842CC589C31B11AA272D0E620E10B306C3873AC914
    Malicious:false
    Preview:.........;)E.......on......3...................................E.;)....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):7488
    Entropy (8bit):5.346737799892445
    Encrypted:false
    SSDEEP:96:AjLZ6wCnKR0WMxEv8C5AFkqZlll8Y/E58oa0siq:06wCnKR0WMIOFkN78oaD
    MD5:8ECD1113736A59BB1C1E0F1A1130BD8B
    SHA1:12DD0C11DBD9985DB41A78585DB61CB8642BCDAE
    SHA-256:E2351614071DE4B3D6AC7FE1E65713757261647F2DDE04D1E9E173613020DDAA
    SHA-512:0AC8075A543631D7E1A5A4F12861A7D677CAC5F2BA70C3B84E38021DAB970AC6C24E787910E5EEA4AA6F1F209CCB4DCDFC331A14F0133E22A57FA6196E385DCA
    Malicious:false
    Preview:..........M./_.....D:.........................................../.M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):12708
    Entropy (8bit):5.576623789253876
    Encrypted:false
    SSDEEP:384:AQNNtVQaINIF5XIryUDGDXrVt3Afz9iIVZIzq6:FNXQLCF5XIWogXBt3AZzVezq6
    MD5:C0EE8EB500EAF39C86549F40CBB3371C
    SHA1:FC989BE64B97C201719D9CD1DA7EED844C891343
    SHA-256:75F00CD2B655AF9B327E46A69FAA06EEF3B313835951EC806017CD929041B644
    SHA-512:4AA1D1188B046694F22DFE2ED68D315162E8EB362002C0EA059DF6D8FBEB95618B70141546F5D89A36787CB4813CACB9FEA6F23890FA25D62DC67BC1E58D6674
    Malicious:false
    Preview:.........tE.*_......7...........................................*tE....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):7792
    Entropy (8bit):5.248768655949306
    Encrypted:false
    SSDEEP:96:XLbcWdwdAHByrf93cDaWar9h9mCbe8/VvXNe20hya8c2dR39NrWhyQ1u01:X/cWerrSDFpCbeqdg20hsV39NrWhF91
    MD5:B628E69E24DF4C1EA0BCB6714EBA78A0
    SHA1:3E5C7C1E590E5D68CBE34EBA8407069599FAC98B
    SHA-256:F1AB07DEEAB07CD48A0F2D796A97FAAC5460B5926D57480D9A4E1B09291B271C
    SHA-512:B34C4EC33E722A4F3DB1E8E8B219EF2A0CD202BAADC35DAA95F414DA3F91424E72E09D04A5D096A7B82EFDACEAD567B11E039F3D454D4AD49F5651180139FBC5
    Malicious:false
    Preview:..........C.)_......2......-....................................).C....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):6848
    Entropy (8bit):5.28926696608387
    Encrypted:false
    SSDEEP:96:g83Bt+r+Oi+XlPgy06IaIKUE666FZEZsD0M7o7L6bqIWKKllWerqrx/:g0+r+ODlPgy06b9fOASKllWhx/
    MD5:0E7AFDFBB64974BBF389E1DDE60FB17B
    SHA1:E147D306F75C717B97770F81DE86F51B2A9FA8DE
    SHA-256:7FA64C1257CA55F42F3C6E0E64B37C9D7FD3960055C36F6D1D7FA2A77E689E70
    SHA-512:2D29247CE1778CB11645FD517510940F5CCB2C6264CF81A89FCC315D2A5265F5F312AC0A0D82CAE2216DC8DA8F23D3B78F65F39F66F82A844B13E1C55DBA535E
    Malicious:false
    Preview:.........rD.)_......5......U....................................)rD....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):8036
    Entropy (8bit):5.344102500166815
    Encrypted:false
    SSDEEP:96:VxpmfxiTi0OoOqiAr+eZi4th2rCTETAUHUTXO/wG+w1orlIZzOJukyV:oiTi0OoOqiAr+SJcImSUzz
    MD5:595733C9882189E7FC10B4E3AC864EBB
    SHA1:6AD2B16F6CA2115F9DAE4B7A6899E7C26C59547D
    SHA-256:371A9890DA4B2E1CDA36428BF3F0F1C49EAD4EF69A84F8054E1BAD7F5A044B38
    SHA-512:49449250BFE1529E5E5E2BEBB09646A93298883F72A39329BDC2995F541F482641E9AD3D6FA0D69EDD53BC5B330C3906D385CF389CA2290880EE3617C37747D2
    Malicious:false
    Preview:..........D:*_......6..........................................:*.D....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):7988
    Entropy (8bit):4.91273574006348
    Encrypted:false
    SSDEEP:96:JnwwnsNcCeyvUQu7lvhJCeaC1Cme40yxoBJzslJQAm0JKoxbVHx7bZL1JTOi9beN:JnHRQcCeh17p6VslJHx1M9
    MD5:060B466B198A2BE39FB15952D870130D
    SHA1:7CD1B01949A3E13939A6B03617654E52B68ECECA
    SHA-256:7E0D5FC7A36386A368DE8C13597CC6D9037818328F8DE7E0430BFDFBF3BED6F2
    SHA-512:A2993493023D91A3213AEC09748D737B3D6F9E1981CEBFAF54CF7F5378F21BCAA3D85A8697D41438F6B673A1864A7EE762F65BBBAA76F02DFF76B1B88572A386
    Malicious:false
    Preview:.........P/..`.....#l............................................P/....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):8042
    Entropy (8bit):5.206772400518436
    Encrypted:false
    SSDEEP:96:XSua13yldtD4vYvuD7XBv7vqSauIu7ihuIHIKap3jmU3dewebgmO:XjahyftDuD7Xnig+7at3olbg9
    MD5:C1BB5D96765C00FDF5357C39612F6C93
    SHA1:128A763F4A609E1852DA85A3AAF22454D85168D5
    SHA-256:0F03E0264E80E358C0C6EE6BE2D8A7F6BD1086A09D737FDD7C9AF46AEE40B44B
    SHA-512:3F8A6611D5B1F135CF1850DCD619D9BC2ED865E7BF4F37538F90460C03E8E0D63C64A9447BDCAAA9F5D84B553A6CF1B749A3860E331E3E75A2ECBA2E791B54D4
    Malicious:false
    Preview:..........?2'_......@..........................................2'.?....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5926
    Entropy (8bit):4.918726610822996
    Encrypted:false
    SSDEEP:96:OSuYwDDGjLe2mEWVgJgtC6vf9jCu6wbZHf5l1IM1:OdJILe2aC6vf96oHf5lb1
    MD5:93033F41A07F390026807F548D15E5FE
    SHA1:8606AC343935EF024156B675AD2E749E5BCF81CE
    SHA-256:6536B48EA3AE04718BED1F4E801FF25EE4D1EE87E81A68C21B2F63421821A445
    SHA-512:B2025B710CC3579CB33B06FC5332551C5E202D9C7CF33A8E794B17C255C95E25AF86F45AE91ADFA31F1761EDAB58813D27898AD7DF902AB00BD66DFC8729A79C
    Malicious:false
    Preview:.........r?.&_......A...........................................&r?....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):8024
    Entropy (8bit):5.368131415110273
    Encrypted:false
    SSDEEP:96:t5B2qbVgJ7Q8QExlxzNqkLcncCPu9uWyO9yOkyIXjz/8weD3mEuMqAoPDPpsZbB/:cqeJ7h/zocCWsWyO9yO2X//ju6r4Wi
    MD5:EA3757EDB4404585DDAACD0EC8365084
    SHA1:374A887177D56701C176C06D59FBB814E9C421E4
    SHA-256:09402F1AA2B81CAED5929EC7C6032B7EB3EF4AE40CAD55FCF9B1C092CF3FED4B
    SHA-512:D78AD9D64F52410C883AFBD66C2709AC57A3BEE9E5E6EAC86C135CBD885C1E297F129FCD661F31FF6EC9CBFB192AA82A0325291F02A10C52079040E65D7BC822
    Malicious:false
    Preview:.........EG.+_......4...........................................+EG....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):7702
    Entropy (8bit):5.25985136516095
    Encrypted:false
    SSDEEP:96:/Ux/w2CkMF15ISNKQG+IctpDYAo9CNO6RManvo4P+FCFqZJuLYhVYn4RXIyVM3ka:/UxMXIcK9+3D0CNO6manMM/0lRYy38
    MD5:9A00A4DFAA4DF6873E3B428313324511
    SHA1:360DC95DC369069917FA40974B1DA506E40B9FDD
    SHA-256:330FB51127975337299226CE3B250E8D065DA93EB1FC210E5D6521D640D020EC
    SHA-512:63D3EFB03799499612E813A99A079E5F448A16BB207D30ED7114F6B4272BBD163E2DDB7C3FCFB969640955E62328ED584866CD80C33C9532936DBF0D774C0ADF
    Malicious:false
    Preview:..........Kn._......=..........................................n..K....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):6154
    Entropy (8bit):4.7429572131100555
    Encrypted:false
    SSDEEP:96:2WcKLxuhvaYkcqokcqiYjpYCaoBw2Qxsuuxo9owYRj++/dCvTFbroGI:2Wldv/TjpipK1o9ow0MPU
    MD5:C9E76D2D37DA7874166DD0FE007B778F
    SHA1:3FFF8C28BC8DB23E8FD0D3B68242DA42AEAA6219
    SHA-256:7F01E61CFF6DCF81E2E966A91B6785CA6DBEC8A2501FF7A426C74ED78FEB02DF
    SHA-512:7B48CCE11EB33BEC732C634ED9C2CEDC39EEEC959A63C636159BAB8E46F43DD212B48CCA12E4F497CD592321380C860586415534B70591A7FD5CD8ABC4BDB73E
    Malicious:false
    Preview:..........G.+_......4...........................................+.G....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):8882
    Entropy (8bit):5.280205647289946
    Encrypted:false
    SSDEEP:96:ew+CVnSJZnO8vkggInJnkARTNxfgVqq9q0ZnjXMbudrn4H/YY:l8JZLvkQZkARTEVhE0ZjX14Hj
    MD5:6B639AC1FD8C07722EE1540A7F507237
    SHA1:5A829F1F4D7061CD8FBCDC0FF9AAB999A77CDD25
    SHA-256:ED2C4A3F2769C522799E98FEA715C0A5E849B742ACEFE4777D57040CFC0A1747
    SHA-512:7EEE38E1829C488179E8362BD5E3AF73F3857BF57089DEFE9E758F619A8C203334701FD1D51A5778434EA0E426EE90F7CF224D519B61EF12D702E4078DEDB23D
    Malicious:false
    Preview:..........8."_.....AB......N....................................".8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4788
    Entropy (8bit):4.547294603660996
    Encrypted:false
    SSDEEP:96:MsTeKkvZVGutS95Gn5GwyfaFKqXfH56f5x:rlkvXAo8wM85vZ6xx
    MD5:F5C3AC3BF07CB0C05C2F9863395FEACA
    SHA1:EB9CDC1255F34E6E6E0E7000FD30897A35AF9C0F
    SHA-256:8F4D56F467C740F65CDCF9FE98403AF5CA359997E06B66E6C0166F3B805EB0B0
    SHA-512:DD2190055F0B29C4F9D97BE000E3D3E3837C0779237F842DF2B1A47E2EFE24CAB0DB099B8A19E6B747F32F77BF25C64EBEE4A518F81AA1A3FB27B6566D3DC6FA
    Malicious:false
    Preview:.........f5. _......M......O.................................... f5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):6392
    Entropy (8bit):5.224650560964725
    Encrypted:false
    SSDEEP:48:1vP4Ubu8TbNNDBaJCmi0Xzpo3IetBtIUs+Gs+b7hrbuZCmNENgxtKo5F8mk1bz1v:5+LjehLEsEvoY9N844ddglKad
    MD5:342F3908D7F4CD3FFB0574F1930B05BE
    SHA1:9FE9B7CC40E23ECCF8DC0C09B41DEF348A223876
    SHA-256:7A957134586F2231430F289B4425CF5AA5073FDF6461A9A5C689AD625CCA2FA1
    SHA-512:EE191FF5DC4C8A411FD0BD81B835AE2F971D632606BF61DB2E9AA6B845CCDB11B0C25BB6808E771267DA1903D4D7F0EE605EAEB958DBF56F531EDFC9CA37776A
    Malicious:false
    Preview:..........>.&_.....6@......q....................................&.>....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):10890
    Entropy (8bit):5.580001559360216
    Encrypted:false
    SSDEEP:96:rdK4Kxdkom/bPCLAaAHENoK4P4mwiQmwRq2dGeafInIFiRiuyXFMHtuMHyVCNDI+:kVa/sAaxHiQmwRNINMNuMSxk
    MD5:F80864F0C45B68AB2394F879990CA326
    SHA1:EED54E8DA5BB990F762928B7C4965290988C2029
    SHA-256:54AE5955C4F8E5E96669804394072C9D1313BC81D77984D4F9C4BB7B7AE4B232
    SHA-512:0BA308301E1DB59F0DB887B4161B78E37F5F5F83A2827026C3428C6B801475A456020CAD56EB8C9EC495648454C72D9FA580863FE18BCCA6B3698A84F61AFDCC
    Malicious:false
    Preview:.........O@m'_.....l?......:...................................m'O@....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):43776
    Entropy (8bit):5.783339822079765
    Encrypted:false
    SSDEEP:384:LK+T5ilmAVqKLglAlwbURP1dJk+uWDMv7x3yqQr1P5uBniqXc9G3:XRAVfglOwNCt8Bnzc9G3
    MD5:0BA347F3D55D1ECE95B0E5F63FF2E5AB
    SHA1:EA761BBE49B86DA4790B4536299A6417A6D12DF4
    SHA-256:67C62DF6E28B03BF08E989550E6FDAD0A3808B99EBB3615FC873CE89BABCDFE6
    SHA-512:AEFA95AF8D78525E5D93175D92314BE5F3B15D94C3E0D57C23A059E262515C735827DCA757404EB4A2F26FD048D006919754B1234E8AA1F00948BFE975F4746D
    Malicious:false
    Preview:.........,MP/_.....2:......uU..................................P/,M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5108
    Entropy (8bit):4.295511486450947
    Encrypted:false
    SSDEEP:48:183yuyZ4N/S+4DIhSnth3dd9JfQlgig/1SQWVIqwiQnTUOyk8v/aN2pYH6:0N/SZBd3+9NHeTByk8K2pYa
    MD5:5DAD8DE9A72F86F358BCE7EDD59DD83A
    SHA1:74F32B6CEB663211FB90CA9E34601F0ED751F2A6
    SHA-256:B2B7B186610A20DB93430F0C9F9564F617C438828F59A61C26E2EDCE9CB4ECFB
    SHA-512:300D7FFF687FD0B950120E49166E7BBE99DC3F58A50D79B9CE10CAD7C0C1B9B5691E58D9ADC5C18B3910E3D03DE82F1887C105D73FB0ED0104A00B1942599F99
    Malicious:false
    Preview:..........2..`......s.............................................2....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5188
    Entropy (8bit):4.361079629993025
    Encrypted:false
    SSDEEP:48:1bE7oXJqIdt78vKi06LiiLiradoWw8O72GFCWuUr8W9UfJhgBjJ0T8xUPDP+1AYA:67GJqIdVKLm8JBTTgmC93Q
    MD5:A4E48EF85D7EF21CC0273347F3F021FB
    SHA1:1167BF6D3EC2AA3E8D68641F3823689B5D083C51
    SHA-256:801761AEC1384EA9043C80F57CE63B4CC5201A873198FBE1BE43C3538D036311
    SHA-512:CFC0DD176B7DB781A627440A95B321E92203D157532A4E4D70B00D70B306CA1F1989940525A5921029D799ADA06C99D2F12D82506D141CA4DFE8C678F7E43F92
    Malicious:false
    Preview:..........1..`.....Lq.............................................1....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3996
    Entropy (8bit):4.000680686062669
    Encrypted:false
    SSDEEP:48:1d7RzvzR/LI2XEMNQ42XcWFWAJalaRwBer9WPBcoeZBkiU9Z/uQj/X:Z7lLNiKKW4u/9Z/x
    MD5:FD07E7A2E4970364D49F422DFF1BDEB7
    SHA1:CD20D41C84A803D3FC5C923D0A3F5D38A294EFC5
    SHA-256:098F279ECF5D4F914846841BC0A220A6BFF71D2C29340AC2CFD59C502E34534B
    SHA-512:677A0D8519D4437BE422CE5E683DE2EA5899917F8F982446122193D43373B5CEA103ED4D8601E37A83D995499A9E6FC6DCF3DDD8283071EA26A5705F1D54071E
    Malicious:false
    Preview:..........0..`.....Os.............................................0....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4400
    Entropy (8bit):4.0832816898944975
    Encrypted:false
    SSDEEP:48:1eEaAod9VZe5bhZorHEbsSi1HhqduNkkQMiWxlElY:wAq3Ze5SY1uIMzxlElY
    MD5:579C1FEC119D3B06BC7B8B0820FF44B4
    SHA1:EBDD8971873ABB1E0F3EDBA027037BE644AB2DF9
    SHA-256:1F056F096BC5BF84723C67600343C67A0218A7DC36E6D449A918D6F5AD9EEE72
    SHA-512:7EE45FE5DC5A5B6311E2BA889D88EA8BB3F219AFF877EE92110EAA59018470C2D81AFA3C5B96729B714C983E878035DF23A1EF4EA044A67246344046A732C724
    Malicious:false
    Preview:.........a$K........b..........................................K.a$....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4472
    Entropy (8bit):4.189104256640661
    Encrypted:false
    SSDEEP:48:1lzjNG/6vBiYUnadROBRFU8TtmZ4Si26oDKctHMpaS51ln66Y:Dq9c8Ts4Si26oDKGHMJR6f
    MD5:F598A0E75A23704F59886710937A28BA
    SHA1:6B20ABBE7CAD266876DB4B112815F991E19A246C
    SHA-256:F31A52FBD88F254D81225C7D72F34A20C207955D5E0CBDC5B2A2659C092046AD
    SHA-512:6888EFAB7BCC8F358393EBD6594FB3143F3C843A6EBB64F2D15A56642CF7A02FA01B8C204B20AAC09FC590CFCBC1CF287A7F49E614C8599AD15C14FDB8F9E886
    Malicious:false
    Preview:..........).........`.............................................)....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4388
    Entropy (8bit):4.167330148148058
    Encrypted:false
    SSDEEP:48:1HDcabQqeVeW8ClYlNOOOXCiI5M2CAM3hVCGCMCRICj/mlW:VDNBeVe0lYlvXMxVF39Um0
    MD5:A5B484E99AE193744AE5CC99026C5D2E
    SHA1:D5D76916BAF358DBD3E6B1D9BB0E581D029BD4F8
    SHA-256:B27393883C5FC59FC23D014D9635E0D79BF23F442BAD957C5BE2C3A59042DC28
    SHA-512:9A60C15AF5B8E3EBE87CE92494C0A66E5CBE650399D663E2A1EC2FE269A6CE99AAD33B94449AD181AE58C902DC8C0F1200A515E1E8AD6CF801EDEB75CF9FFCCA
    Malicious:false
    Preview:............._.....C]..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4464
    Entropy (8bit):4.263834313290114
    Encrypted:false
    SSDEEP:48:12gJM0Zj8MrE4rENf7d9UfJeDvRJ1Q1OW1nW1N0QL6H2zeuYRXSrlBeTk8totzgD:kcMk5rdru7kJejpKj8hmWzjlMR4zC
    MD5:5751EC2B443232336E0D58837F80637C
    SHA1:D6E1A7846D7915211FFB4B68DD463AD4F34EF9E8
    SHA-256:2E762B23780A8FC75A5C44ACA94AD787A658E76395CC7A74DB5D02D02C5C71A9
    SHA-512:CD9B19F6DF9D9AD4A411F20300909C3B0DA87EB2ED153F5F5A798AEC56A95B1E3C0697C903C1EE8D64FE907168ADDCB70337BBC65EEF427757F5A64B2A2AA5C4
    Malicious:false
    Preview:..........-..`......o.............................................-....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4376
    Entropy (8bit):4.093201802133503
    Encrypted:false
    SSDEEP:48:1ygapwLM3W3G19kKsZXRcSidpycZeKaLtd0OQtuptz0hNGLmq:a9aOu5dPwcqNAp
    MD5:9F30D34B5F0D6D10F43EA8E917536B3B
    SHA1:5B7A4415EF02E2A1BCF4CA1333FCEDC203314356
    SHA-256:C886578FE9AD7C8A7FD23C405E5716908DBEEBB5435DBBB7F1893493ED4137B4
    SHA-512:C0A2CA8E2C5F4C9C1D9FF54FB5BF70AEEF59E45763376F5866D08F9CC3C8BA730EC1F322963616314AA1D1E24375D9CE2C529BB6BB137AA7000A4D736679FA6D
    Malicious:false
    Preview:..........-..`......o.............................................-....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4488
    Entropy (8bit):4.236994837461816
    Encrypted:false
    SSDEEP:48:1v1a318XftX5cJBDqIBSPlSEGeKuEa3gh5xcfgkClPSNOeUN6e/F0ezKo:oOXfZ5EiA1uzGcYkCl6NZUf90emo
    MD5:BC008215E1E57645FBE85541AE3EC898
    SHA1:1E0177D5F8F2247F77A979454B6229B0AB65302B
    SHA-256:EE785848018A470F6DE4B3D1249F502117D0B26F035362E2CA85C09C38BECC8A
    SHA-512:294F25F41D6093084516C618E9DC154AAAA75F767F11A81197454B5128BCBC68B2C8D85C7EABC90433A46434AC000506C8EF3358D3AD1E1FC9BD6387C81ECE4E
    Malicious:false
    Preview:.........]8."......}F..........................................."]8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4344
    Entropy (8bit):4.2080123508027105
    Encrypted:false
    SSDEEP:48:1pS+Sn44wp85FrOlUqQTF1STLJTrpBXG1DdIP:QLwCqFZHpNP
    MD5:BC2F2DCB464AC0D7D76CDF75A5A6BC7E
    SHA1:039262226DBCF4E2B86235B4E23DBB0C66AEE634
    SHA-256:2B54340691C5FE8A8CB26AFFBF636C2735641807DCDBE2E4C6A8142EB0C3D570
    SHA-512:3AB0C89C65B8E0C79E8FC7A75C0F9518E52E7DD0B7939F135FE010D50577C066F4C132785D216C41975A284A66090906D5625F977D17D868F6CE3E875B31672E
    Malicious:false
    Preview:.........I$=.`......c......q...................................=.I$....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4708
    Entropy (8bit):3.9982789484540735
    Encrypted:false
    SSDEEP:48:1CYCtizmZG53fpNVumybiYIfzLfIbeo022+l:zzVG6/fIyHq
    MD5:393AB7044236489FA491F62F61F20B06
    SHA1:11D4103820B57EDF3F0C36F3018583D7F43F77A1
    SHA-256:478DB8065D88611FAABCCD80ADB6477B054AECFFAB8BC7018C6A4DC40B6B504C
    SHA-512:5C4117E9BFAB419DA67BBACD011A4EACCCDA6DA56CCED95196FEADA3FE8811FF4A6FF461270ECF611D1A040603ACC36BF456EF6494A60C98016A29CAECB5609C
    Malicious:false
    Preview:.........D/........bm......'.....................................D/..................D/................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4952
    Entropy (8bit):4.282471660378012
    Encrypted:false
    SSDEEP:96:ebyxyq1cKGNGOAe/QPvI0BKKROinogGc1W:eNAdI0NNM
    MD5:F96D2E484433BE4834BA9AD7F5F4AFDF
    SHA1:128C50993B80AB99F8EDE4965C948E6485B2718A
    SHA-256:1645A7F5AC686CA58B8EF263F90580FD9CC477A3BFBC6D3717D06B391CA41B9B
    SHA-512:509EA976EA710BA50E51CE1AAA616BBC898654B2141223B138B10FAD6E18E1964F102AE123D63C91CDFC00E3F90BB08ED84150FC0865AC23A1CEBDA2F6BD1C68
    Malicious:false
    Preview:..........6s!......OK..........................................s!.6....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5928
    Entropy (8bit):4.716507559695857
    Encrypted:false
    SSDEEP:48:1LwGerecptAIAtjERJlMOvMOeMJbUGLmab5+C/ZrencSq+WlClZIZ/wdv63kSE3L:tqDRcEpc2mkEefhf2j5W8Guuu
    MD5:228655482A0BEA26FD6CC4A31073ACEE
    SHA1:E0CE0F15C936D14AB5B780C51E3D7A14F4D949D0
    SHA-256:5A654CC139E45B60C7D4762183624A83FDD423C0A1BF0CB215300AA02D184245
    SHA-512:5340BDFDB76FD780329111F495D6A064CC45DCAFF5E142966C4842D6930D21255DECE6F5C1C2B8E403BBC28980CE4EA3F47CC9C5139489BBA34A4930F1008BF2
    Malicious:false
    Preview:..........6s!......NK..........................................s!.6....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4416
    Entropy (8bit):4.204873546594322
    Encrypted:false
    SSDEEP:48:1j6TIn0AHahXhf1HlJ0fSHIz6AnA1wd6d6uBkJdJV1SQDoqFCmhTiqheQ:NoI0AKx9HlJJH2AsMJ+Vs6dhr
    MD5:24ED76D03D1140EE36B5F9F75CF72A98
    SHA1:59A740A231A4EB074CEB85793E1C2CBB1A1871BF
    SHA-256:2E447FA74FE7097A7EACA777F82BC146875E99960DB239E36C080166B9A66B66
    SHA-512:509034F0705EADF6CC11EE9CA167279A3649B839CC03B55D1C8DDF1F4845FF9D84F9E80DE0963FA5D5AFE8FED9156A25565455F2935861C7147E95045A6DB7FD
    Malicious:false
    Preview:..........1z.......&p..........................................z..1....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4432
    Entropy (8bit):4.109755322528468
    Encrypted:false
    SSDEEP:48:1iV242SyegXegv2SUTxhjLH/3Ub/14eiGM2vB+N3lejvULClV:i1Flxa14jV3N3EoLGV
    MD5:A222C8266E00D28F37F6245EC33423E1
    SHA1:3F094294B974181D11343D89B9C75259EDF4F576
    SHA-256:E977C657F121A26CCB2EB7A8656018B8BA5C76781ECA90B445803F829F9B15F5
    SHA-512:D1C7FFD462A7A41100363BA36E0B3C61BAA42AAA5DE8614D185A155B8F0C2841B6F353474E0B54F7030DBFE22D2CF6417FD330BA272D7EB23D05C7A06660114B
    Malicious:false
    Preview:.............`......[..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3972
    Entropy (8bit):4.213386692146919
    Encrypted:false
    SSDEEP:48:1xtzYy8XLATJCyvEGcMXq4gGXYPqN3Eh6bxvadd7wItjwDVxHr:tiLAT5vnme3Zi01YSr
    MD5:7B2FE10AA01A43DE31A83DA9D3ED560B
    SHA1:2AE5559C61B382638B530C28BD3144E0D305A9BC
    SHA-256:6033F4043E14B13AD760CBE873DC3C0DDDB4F8555993147BD45D9246453B5691
    SHA-512:D31681FA74290E0891FFAC42C08B4B79A8AFE91F001D1EBC5E710D9B982B45B51F87BDF660FFFDEE7D1AA46A133FF840C8811D18AE778A05F31FD876B8AE35D7
    Malicious:false
    Preview:..........1x.......9p..........................................x..1....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4908
    Entropy (8bit):4.3335244025461
    Encrypted:false
    SSDEEP:48:1v7+6sqIgTLI0WEXl+UwEhxZsJMLgKTUOv/kcFRUR7I9E0NIZB:B6JqzHvXDfvNIZB
    MD5:F1ADC1F7AAE26C99DD938DD868A0B808
    SHA1:E2F22225B28AE97585DEA28056B36B9C746AED84
    SHA-256:00E740EDDDA6615E38311DAB88BE6EAD5B57838CB10152F6EBA642F603C4BE53
    SHA-512:3B013031CC8C1ACBC275E8305D6B1E3FB9359942DA08DE0E0BA81519CAA8143AB4FDA81E5E0B65CF6BA1206987C0E39A8951BB4458A92CC1094A746FF36FE2B0
    Malicious:false
    Preview:..........1x.......&p..........................................x..1....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):5816
    Entropy (8bit):4.753204871007974
    Encrypted:false
    SSDEEP:48:1jaXzllZ4Ppj/lKI/sFtREFpuffiVx42GEduqu0747r07rJiiRqVMvG5Dhbf+6Pz:91PpjBGknG1Vjkubm6wrcr6IJZnqsqo
    MD5:6062C71A34071AC102DADA16CB07C54D
    SHA1:2771A2B62295A2917C556A2D0C40DA8759682EFF
    SHA-256:B104E1AE565D29956B7D69D83B4D5A762E23A210A0789DBD762D83CA967E1AAC
    SHA-512:387222DB018BE83F455111D43EF0745445E803148A136FB87225B9B05311256A32807B31C68554D34EB1F81B6DD0A8C5AF13A26A65F593220E70063A6CB9349D
    Malicious:false
    Preview:..........&N.`.....:`......Q...................................N..&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4656
    Entropy (8bit):4.583247192621847
    Encrypted:false
    SSDEEP:48:1Sbz8/FJv5vYekAG4gSwlOzQiMT1VKy6ZRvvJCMIiu+QuJQVuv6uvfpZIQzAN3/m:IEvCg6Sp8iVXJBFFQGQ+UQhR8s1
    MD5:AF5BBF385E477D492889993A3FA4BE2E
    SHA1:EBE75A219B8FF41779E425E7A767050BA1A30660
    SHA-256:35A88FA90D1F568892AE2E57FB9835D07CFB23C4169D686D1512D7F322E4BD82
    SHA-512:074966F56AA224576A55C20F27CC6EC87B9E2DFFAF59DB4FA4A5689FF8BB89D0C732BFA779A240D3DE69EC663B2C910BEA9EAD1B5A13779D379480379EEB3B36
    Malicious:false
    Preview:..........&N.`.....9`..........................................N..&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):3622
    Entropy (8bit):3.994594231753867
    Encrypted:false
    SSDEEP:24:t/Zgg0wFMwBTtfER0YWxCMnwFXzeSJ76R3AmmYmCQTNupd3enUOnUQEyIgyDfr6A:1ZDBiYxFcje27SUDFe3eUOUtn7nj8IH
    MD5:EC6C6ED85E84931DB1231E3E262F61FC
    SHA1:D30A71B07447CF9503C0E4679AAF0BF85B8944DC
    SHA-256:C5A1FA2377B396F13851DD8B46D7BDA9F58E29B2426C1436F7905152F0E12362
    SHA-512:5BDAEE1DB8B3B23153A49A882F501AEEA722B4C711E4A14C5A68490C0CEA1D2E0091048D1BA05C38F8A2B537F78AF6620CC0416EA28252B3691B8FBCAABDAAA7
    Malicious:false
    Preview:.........W#..`......g............................................W#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4036
    Entropy (8bit):4.160528621142569
    Encrypted:false
    SSDEEP:48:1vZNhl3d32EqgTQ8WmAthypXNm424gdkaq4abD35sMvschHqTvh1Wh4ge+l9wAiY:Rl/32E3sUaJY3CPtKskt
    MD5:24FFC6B94EE2216CFA9F0EA60B581B65
    SHA1:6612C50C2DF020915ABD715004BCBD7C8503DDA0
    SHA-256:B4AA45476A73D2A03C1F82BC8C32EF94951A0A8FCB96D30110F5C7CA97D34E16
    SHA-512:F9808A947CF8DB0B707B607D835E2F53B283CE668F29AD126B3EE649DAEEA7D09DB3CF69AEC71534D062D2681473001C0F6CA83B7A594E5D5AEE72D5BE714281
    Malicious:false
    Preview:.............`......\..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4512
    Entropy (8bit):4.219834316532868
    Encrypted:false
    SSDEEP:48:1+yKNuJq5Qkdm5VdVfKAf21Rx/cdlkNZ/sY948RjUND6tMA8Fg8sv:+p5drAKReM4ywdi
    MD5:FE05DEED12FAFEF7ADAD8EE723D1FE3F
    SHA1:05B5190FC57DC64750C4F9422F25459A04D43BAA
    SHA-256:65C199D8E9E79D297F75F1F14523C97482EA349CCF6C3AF28FCBB0D50572CF4D
    SHA-512:ED02432B6F1D2DDABD56E762A242755AB504570AC1E6FAF638B81B8BC4C6C4BED233F7420F0CD8C82C2BB33D23F8C33A64B597A3E9BD0AC086AB55EB1F04BFE9
    Malicious:false
    Preview:........./...`......]............................................/.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):8232
    Entropy (8bit):4.505944791768242
    Encrypted:false
    SSDEEP:96:jSc11yDOWIQlOYXH6jfKwQzFt2pvWZ83m3N:jXzXgOYXH6UQ3E
    MD5:658CC732E238B033566812852019E7CA
    SHA1:C95CF7BF0DF0188171E43618642CBE9D6F9589E1
    SHA-256:751D5737BD6F07BCB13E31886A390DA1100754ED9EAF392B0908D7E129B6B1E2
    SHA-512:E3286BB385EFFF1501D529DCD4A2A2337CCB935E7B309C993C69E97D3FB37DD91D091ED2BE870B56EAA18D84F6F51BD4B988863F2DDEEF97B40E4452766A3F3F
    Malicious:false
    Preview:..........5. @......I........................................... .5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):7764
    Entropy (8bit):4.466916792575914
    Encrypted:false
    SSDEEP:96:ZSJ1wXkqvkqf7fC4ABNx/p+2aqh3hwLrQC1g:ZmUt97fC4qlDpF4g
    MD5:A3E6EDAF11AA138407753D7C03435587
    SHA1:CCBA4D8F886A5A0C9ED15CC4EFDB9D5485212BCE
    SHA-256:8DD3417D3B9B590CD940C4CFE12B337F14C4BCE8B20D4BC29034B33F8355EC5F
    SHA-512:AAD22A66E2A6CBE3911CEF04908030FED64DA2B8FF0EE24633E6BDC15EBC374E61F44B224E65F621800ED64DF9DB34467510FFF68309749A4827F4DEAF3009C0
    Malicious:false
    Preview:..........5.!@......H...........................................!.5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):7244
    Entropy (8bit):4.401231224493402
    Encrypted:false
    SSDEEP:96:klaCWIoGvCTdVZbu3o7vu0LMMoSt9Kyem9IOvPQBug:U7oYCjJTrXQx
    MD5:B20AEE4272112071A12A1CFB21104EEE
    SHA1:91E05F4F09774FDC7E6FF9E5A9227C07B2BDD321
    SHA-256:9CD61B34DFDAE6B97AFB89727D17628D161E3564FE4F97C5674C2989855CD86C
    SHA-512:50DE670E9BCCF629B5A9971C6D62E5810C253B5BD287D2E38D5FE645F67E539516088388E98FD78007C20B244BED58C0AD5E12A15C252BB2F2DB380ED347DFE8
    Malicious:false
    Preview:..........5.!@......H...........................................!.5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):9556
    Entropy (8bit):4.802048142707197
    Encrypted:false
    SSDEEP:96:MR/Sn+n0QWl63PmnLdTLqmI2gCB3MRMNH7s9sR7f2ft76vOB:Bn+n0QWgmnL4xCxMyH7kE7fat76vQ
    MD5:BB79EADBCF031FACFD52BB4EE12516E5
    SHA1:2665E87E2BE6D9EA456B490B0EC985F3ABE888DD
    SHA-256:90D20CAC636F742B22A56ED239D594FD844030AE2959698931FEA23575B723C8
    SHA-512:C6EFCA3407A7153057DCE4A57EC705897BD2395CCFB17F8C36EFA7F3DB5FC4A15979355738CE12430752BEF5E6496B79BA8D7B37377F3C88BE37A6C61C56D5A2
    Malicious:false
    Preview:..........//.......^l........................................../../................/../................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4784
    Entropy (8bit):4.0823481534683745
    Encrypted:false
    SSDEEP:48:119AnSHuhyd0Y9M97ah0DZxInT1ZyPEVfvBEOW1MGy:X9ikCLWfv3W10
    MD5:3E8C512F944009E24DEC1F6F41C0B2DD
    SHA1:D84DAD4261AE806454218968ED8A63281BDC1BCC
    SHA-256:72CADA1A0E90AC57B6A8A78CC3CA322558BC29676631C7635B790CE09F6D9D9B
    SHA-512:746CBAA5E7EF3379499157D6C8494875B2543CD12ED434AACCEDE688BFDA93240ACE705505745D05ED074276A562E5C12A872C25203E06561D1D881A5F819394
    Malicious:false
    Preview:..........-.........h......M......................................-...................-................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4864
    Entropy (8bit):4.13053737468598
    Encrypted:false
    SSDEEP:48:1EN2o/ie7nLGxDZz5xPmTmNbYknof03nOw4OElyBMe:G26KfPWcof03nOHOEwB5
    MD5:8B3EB90628EAF5D2C7A53E545703A5D4
    SHA1:355008E72D5920F9D98606B83262EC1BDE4146D3
    SHA-256:17A2D63BFE0EB9632DE301C0A33909AD91F5E6E4050D54881C1DC7D880640BA6
    SHA-512:7F530C79459FA887CCFB61BDEE673B0F3183B86609BE819DFE5D87C5CF043EA4A1564D49814ADA8D9355E19F72696C2952120AD6B9718ACDD0D68EB6E4B7B5EB
    Malicious:false
    Preview:........../.........m......u....................................../.................../................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):4936
    Entropy (8bit):4.146602548827902
    Encrypted:false
    SSDEEP:48:1b2boRkouQNHkqSOIKvi6N2yNif+a6jbBnIiSbFlvXndAbD0mbWMojIxzV1:xuQwKn1no+X0NWzv
    MD5:08C966EA1268A6DEEE4AD9317384AB15
    SHA1:8107F635D26668094C7E78A279AC790FE17DF337
    SHA-256:FF5E1132C31C4C482C1F11B781A8329B58E005D901D250E418EB2F4AF610CF90
    SHA-512:A344BE3F795BFC7967E7326DABCFF21CEF598E3CE7D62C4E05E2BEB04782EB16C5F1FEFED2E2A8B515EDC5396781484B50A400E29AACAB7C9A3B73C3D4B408D4
    Malicious:false
    Preview:.........02........#r............................................02..................02................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Windows metafile
    Category:dropped
    Size (bytes):9846
    Entropy (8bit):5.080065508936349
    Encrypted:false
    SSDEEP:96:0+zw0XMvYm58+GBa/pOpjbrBpC2Z57MUWDcFuZEq69jydLtV5UL4AY7IJtfmjt:C2Mvw+GBa/AbFwZcjyd6L6kJRSt
    MD5:174928EFAE802F0C74FBF4C5055D16FC
    SHA1:18BA34CBED082262BD6AC1F939885C74816E082A
    SHA-256:14F7E96DB1E2EC8840F52FEF9BD62549E973EFFDE75D573FADAAF5D7CFC7D10C
    SHA-512:273CE9A608EABC2A6E5E9BFF72C368E8D0F4027A22FD322D7FA9BB23A5E4C0144B2E53E2ADB710A5D12A098C8A3C6CD78C8B26C5BDF3DC718FFB1C13CABAD514
    Malicious:false
    Preview:.........q<.%`......H......0....................................%q<....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
    Category:dropped
    Size (bytes):16958
    Entropy (8bit):1.479479717449424
    Encrypted:false
    SSDEEP:96:JvnwzVVBwacmrHSGmz2rFvD01wtmztgK7J5R:JvnwzXBwadSG0i7ZtwtgyF
    MD5:439E85403650DC1C8EFCEF9930CF24DD
    SHA1:46829CF0C72A148852C2C6EE7127C19614F99C62
    SHA-256:3B8B5159217EAC0065493B72BBB79AD686D52EEB1C040101831728F4079B7FA1
    SHA-512:84B70CA1F2FC11703B553F23D307C93266F20E31143A653A44AC04A3CE3A2FBED61A6093507A9F00541F5FF475E47E28FFBE3202F3970360452A8C838A784DF8
    Malicious:false
    Preview:......@@.... .(B......(...@......... ......@............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):1011712
    Entropy (8bit):5.968674505356901
    Encrypted:false
    SSDEEP:24576:sI/Cqi/maHOUxesr8QZMXcowi+CWmJgco75:B/9i/maHOUxJ8QZMXcowi+CW6gco7
    MD5:2E69139BB82ADB534F13F776DF79282F
    SHA1:7C81E88E623231AF2E3762B8944F56AFBB833864
    SHA-256:2C6AB3AF0338C7A33345D3A1A156D0AA13265CD81101F4D574A0AC1F50FB6C88
    SHA-512:2B7B92596E6493F9D6D69586882FC62D0253373A66D31D3A433827992FFE66AE3E9EBAC36BE43A21769473B2794E4908B8ADFC2ECAC633A9743A58A48867A801
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U..................x.................Rich...................PE..L......U...........!.........@......,<....... ...............................`.......9......................................$...(.... .......................@..............................................`... ....................................text...%........................... ..`.data...T.... ....... ..............@....rsrc........ ... ...0..............@..@.reloc.......@... ...P..............@..Bl.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
    Category:dropped
    Size (bytes):36718
    Entropy (8bit):4.817427400119319
    Encrypted:false
    SSDEEP:192:HF2JiZT37BBS1F6FYU3v269HhIVy+ESNBKgds0J9K9wed4quGP56D9EeIpQ/h+/x:HF2JiZT37NfDHhIb8xSCpaL4
    MD5:44E6E9530666479FAD8434466AE1A86E
    SHA1:B2A4C4B34681E8CF598CAF737EC2F3EE745A76AF
    SHA-256:B030507BAD8DA98D955AD0325F2A08EA70D1B1B88E8A600AC0D76EA07990090B
    SHA-512:480F6E105E7F691FE596D7245A7E0A22DAA0AB338E2C19C23510FD5C2145ED8CF2FB76E034DD57CBB653799EEDCABDB2A8B3201AEA3C6C1A14C026E5E4A45287
    Malicious:false
    Preview:<?xml version="1.0"?>.. ..Warning! Do not edit the contents of this file...If you attempt to edit this file using an XML editor, you could lose customization and migration functionality...If you need to change information in the customization file, use the Customize User Interface dialog box in the product...To access the Customize User Interface dialog box, click the Tools menu > Customize > Interface, or enter CUI on the command line. ..-->..<CustSection xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">.. <FileVersion MajorVersion="0" MinorVersion="3" IncrementalVersion="2" UserVersion="1" />.. <Header>.. <CommonConfiguration>.. <CommonItems>.. <ModifiedRev MajorVersion="17" MinorVersion="0" UserVersion="1" />.. </CommonItems>.. </CommonConfiguration>.. <WorkspaceRoot>.. <WorkspaceConfigRoot />.. </WorkspaceRoot>.. </Header>.. <MenuGroup Name="MENUKATA">.. <MacroGroup Name="NEWGROUP">..
    Process:C:\Windows\System32\msiexec.exe
    File Type:Zip archive data, at least v1.0 to extract, compression method=store
    Category:dropped
    Size (bytes):224049
    Entropy (8bit):5.0313481325046565
    Encrypted:false
    SSDEEP:3072:4JNNNVPrHprf7NdWexu8+UBSngkOlEMsMJyeTzV:ONNNZrVhd5xt
    MD5:0D4B30B965AB11E3C2C38ABE4F9839AA
    SHA1:420A1A174E6F591A7978633EB4EA7FAE3F5F4467
    SHA-256:63115BC3F9EA98945CD21CFCC1EFEE40F032E1A4053604DDC64C331BF661ED5E
    SHA-512:D8DD8E259F0290C8DF89BC30DB502E72A2FE34CB2434C7B07AEC2357DA95C9C7F2E320D291F6A88F45F856E247D42127CE1AE2A37214DB91DE08FA3AC85020A8
    Malicious:false
    Preview:PK........].sO.VRUG...G.......AcceleratorRoot.cui ...(.......................<?xml version="1.0"?>.. ..Warning! Do not edit the contents of this file...If you attempt to edit this file using an XML editor, you could lose..customization and migration functionality. If you need to change..information in the customization file, use the Customize User Interface..dialog in the product...To access the Customize User Interface dialog, click the Tools menu,..Customization panel, User Interface button, or enter CUI on the command line...-->..<AcceleratorRoot xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />PK........,.sO.G._G...G......._rels/.rels ...(........................<?xml version="1.0" encoding="utf-8"?><Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Type="CUI" Target="/AcceleratorRoot.cui" Id="R55d9e1d1f03b421c" /><Relationship Type="Image" Target="/Cad.bmp" Id="R87ed2a2d7d3d460c
    Process:C:\Windows\System32\msiexec.exe
    File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
    Category:dropped
    Size (bytes):2591
    Entropy (8bit):2.621770094773094
    Encrypted:false
    SSDEEP:48:8VJ7KKIV0PKIVJtS5PKIV5VdSGU6WPKIV:8V1HjyD5ywVRWy
    MD5:225CFCD6996BD09225C2D925B601F517
    SHA1:E8C2185D4E3697CADD433F5891C6557B7DD1ACD1
    SHA-256:3BEA2109AAF035DEF275273076EDAD8FEFFCE526A8F648FA6DF2F554175F9297
    SHA-512:C43E41BB72DE345AD4116E2565D434AE3558BE5116B9B48BE304ED4C26AE3C2F5356BE7429EDB32B59F7A1B3D4B31100C84A0E7D35971993C2DD0DF3FCA0199A
    Malicious:false
    Preview:L..................F.P...........................................................P.O. .:i.....+00.../C:\...................V.1.....gZ:T..Windows.@......OwH.Z<*....3.....................):..W.i.n.d.o.w.s.....\.1......Zg*..Installer.D......O.I.Zg*.............................I.n.s.t.a.l.l.e.r.......1......Zg*..{5AFB2~1..~......Zg*.Zg*.....:.......................{.5.A.F.B.2.0.2.C.-.2.5.D.B.-.4.9.D.3.-.B.5.6.F.-.6.A.5.9.0.8.6.5.F.1.C.8.}.......2.>B...Zg*!._70A9E~1.EXE..h......Zg*.Zg*.....:......................._.7.0.A.9.E.9.2.8.1.4.6.2.C.8.C.B.F.E.A.8.6.4...e.x.e.........K.a.t.a. .X...1.f.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.5.A.F.B.2.0.2.C.-.2.5.D.B.-.4.9.D.3.-.B.5.6.F.-.6.A.5.9.0.8.6.5.F.1.C.8.}.\._.7.0.A.9.E.9.2.8.1.4.6.2.C.8.C.B.F.E.A.8.6.4...e.x.e...C.:.\.K.a.t.a._.p.r.o.\.W.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.5.A.F.B.2.0.2.C.-.2.5.D.B.-.4.9.D.3.-.B.5.6.F.-.6.A.5.9.0.8.6.5.F.1.C.8.}.\._.7.0.A.9.E.9.2.8.1.4.6.2.C.8.C.B.F.E.A.8.6
    Process:C:\Windows\System32\msiexec.exe
    File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
    Category:dropped
    Size (bytes):2573
    Entropy (8bit):2.6100270305143245
    Encrypted:false
    SSDEEP:48:8VJ7uKIV1BjPKIVztS5PKIVDVdSGUXaWPKIV:8V1LQjyZ5ySVdWy
    MD5:E5DA001B05497CD78DFACB525390E453
    SHA1:63982DE348FF2EFAF9B9EBA23D7127A40AFE906A
    SHA-256:EC512C6C16455AD084E8D5FCB20CA52DD651EC0C7EF9CF77B8F3320782AE9AB1
    SHA-512:2E08EAD78276E778168EC2E77C603735F671523115F364453BF47832E960F56E6276DEA186DEAB540A6E617A242E4B83ADE3AC77F175011C4F245A1EA8C6B9B8
    Malicious:false
    Preview:L..................F.P...........................................................P.O. .:i.....+00.../C:\...................V.1.....gZ:T..Windows.@......OwH.Z<*....3.....................):..W.i.n.d.o.w.s.....\.1......Zg*..Installer.D......O.I.Zg*.............................I.n.s.t.a.l.l.e.r.......1......Zg*..{5AFB2~1..~......Zg*.Zg*.....:.....................z..{.5.A.F.B.2.0.2.C.-.2.5.D.B.-.4.9.D.3.-.B.5.6.F.-.6.A.5.9.0.8.6.5.F.1.C.8.}.......2.>B...Zg*!._55355~1.EXE..h......Zg*.Zg*.....:.....................z.._.5.5.3.5.5.7.0.7.0.E.C.C.3.E.0.B.F.C.8.6.E.D...e.x.e.........K.A.T.A. .X...1.].....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.5.A.F.B.2.0.2.C.-.2.5.D.B.-.4.9.D.3.-.B.5.6.F.-.6.A.5.9.0.8.6.5.F.1.C.8.}.\._.5.5.3.5.5.7.0.7.0.E.C.C.3.E.0.B.F.C.8.6.E.D...e.x.e...C.:.\.K.a.t.a._.p.r.o.\.W.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.5.A.F.B.2.0.2.C.-.2.5.D.B.-.4.9.D.3.-.B.5.6.F.-.6.A.5.9.0.8.6.5.F.1.C.8.}.\._.5.5.3.5.5.7.0.7.0.E.C.C.3.E.0.B.F.C.8.6.E.D...e.x.e........
    Process:C:\Windows\SysWOW64\msiexec.exe
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):123
    Entropy (8bit):4.869476015399742
    Encrypted:false
    SSDEEP:3:vFWWMNHUz/cIMOoT02V7VKXRAmIRMNHNQAoe+RAW4QIMOov:TMV0kI002V7VQ7VNQAoeuAW4QIm
    MD5:17AF548F88A3199AA8A63A72201F470F
    SHA1:4E64BB20A2F54D778ED684AA21ABEBAD63A5C2C0
    SHA-256:A558DBE555749CD3BDD62060FDBBA72720C4F4A186D5870B977ED2ACF9721D9E
    SHA-512:08BDBC75F5FD4D9EC85C53253E4030CE7245B20ECC95E032835609C7C43A07D6C9E7776F48C5494A788A543240C0649A9F1A34A0E514EBC4DDA5730953647338
    Malicious:false
    Preview:<?xml version="1.0"?>..<configuration>...<startup><supportedRuntime version="v2.0.50727"/>...</startup>..</configuration>..
    Process:C:\Windows\SysWOW64\msiexec.exe
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):123
    Entropy (8bit):4.869476015399742
    Encrypted:false
    SSDEEP:3:vFWWMNHUz/cIMOoT02V7VKXRAmIRMNHNQAoe+RAW4QIMOov:TMV0kI002V7VQ7VNQAoeuAW4QIm
    MD5:17AF548F88A3199AA8A63A72201F470F
    SHA1:4E64BB20A2F54D778ED684AA21ABEBAD63A5C2C0
    SHA-256:A558DBE555749CD3BDD62060FDBBA72720C4F4A186D5870B977ED2ACF9721D9E
    SHA-512:08BDBC75F5FD4D9EC85C53253E4030CE7245B20ECC95E032835609C7C43A07D6C9E7776F48C5494A788A543240C0649A9F1A34A0E514EBC4DDA5730953647338
    Malicious:false
    Preview:<?xml version="1.0"?>..<configuration>...<startup><supportedRuntime version="v2.0.50727"/>...</startup>..</configuration>..
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):227320
    Entropy (8bit):6.457948650706797
    Encrypted:false
    SSDEEP:3072:oCwtulBs61sjBGyhrhirKFalevt64totKL7BCSj086gbTv075x2K1kv398G8Haf1:3o9hEcaGt5PBCSnR/c/LSP9tRzSQ
    MD5:911AA8D08B7CCAB654E897B0E4439354
    SHA1:4F4F16048DEAE47A2FF5B9849042F62EC51794BC
    SHA-256:BA56A2FA13E5DAE48B6D74A8FA40F2F44473B386E71BA1E7EC2DED90AD56BB8B
    SHA-512:8AA11F26093E54A62C5390C64E218A8A57CD3374BBCE8ECC243042DD8A2214EDE1F3BEFA699837698C0BD42B9B4E011F95C62588B8BDD4DA9AAE12DABE4B46E4
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.[...5...5...5..\,...5.$.X...5..-....5..-...5.$.N...5...4.U~5..-..`.5..-....5..-....5..-....5.Rich..5.................PE..L...0l1G...........!................9..............F......................................@.............................#............P..0............T...#...`..........................................@............................................text............................... ..`.data....H..........................@....rsrc...0....P......................@..@.reloc...@...`...B..................@..B........................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):227320
    Entropy (8bit):6.457948650706797
    Encrypted:false
    SSDEEP:3072:oCwtulBs61sjBGyhrhirKFalevt64totKL7BCSj086gbTv075x2K1kv398G8Haf1:3o9hEcaGt5PBCSnR/c/LSP9tRzSQ
    MD5:911AA8D08B7CCAB654E897B0E4439354
    SHA1:4F4F16048DEAE47A2FF5B9849042F62EC51794BC
    SHA-256:BA56A2FA13E5DAE48B6D74A8FA40F2F44473B386E71BA1E7EC2DED90AD56BB8B
    SHA-512:8AA11F26093E54A62C5390C64E218A8A57CD3374BBCE8ECC243042DD8A2214EDE1F3BEFA699837698C0BD42B9B4E011F95C62588B8BDD4DA9AAE12DABE4B46E4
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.[...5...5...5..\,...5.$.X...5..-....5..-...5.$.N...5...4.U~5..-..`.5..-....5..-....5..-....5.Rich..5.................PE..L...0l1G...........!................9..............F......................................@.............................#............P..0............T...#...`..........................................@............................................text............................... ..`.data....H..........................@....rsrc...0....P......................@..@.reloc...@...`...B..................@..B........................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {5CB5BFC2-E1D9-44D5-A09B-3843288EBB79}, Title: Vui lng remove bn cu truc khi ci, Author: KS. Nguyn Kh Tam, Keywords: 123456, Comments: Phn mm trin khai bn v kt cu Kata X.1, Number of Words: 2, Last Saved Time/Date: Tue Aug 25 02:09:04 2020, Last Printed: Tue Aug 25 02:09:04 2020
    Category:dropped
    Size (bytes):4742656
    Entropy (8bit):7.954641432970208
    Encrypted:false
    SSDEEP:98304:Hg24aT4aQq2yqjjdompwvPplX+laxSirbzgrjAciajua:Hg2LTsb7PdZwXbxXbEiaKa
    MD5:B631814C04464DEF5DD2F67D24271A78
    SHA1:3012BB799CB545FDC9D05F7039E08611426325C4
    SHA-256:7B7893EB3AEB2934DD6A0F032FB57A4EC4E692EEFE3184290359DCDAD9731D54
    SHA-512:0A4E952C6D7DD9F1B1911CC76482D6F4D6F0C70FED6D4128335E1260118A36EBB7480C0252AC1937A2E40F65168424A56835E6A72AFAC7D1DEB7628B2260784D
    Malicious:false
    Preview:......................>...................I...............8............................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...........................................................................................................................................................Z................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...F.......:...;...<...=...>...?...@...A...B...C...D...Y.......G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...\.......[.......]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {5CB5BFC2-E1D9-44D5-A09B-3843288EBB79}, Title: Vui lng remove bn cu truc khi ci, Author: KS. Nguyn Kh Tam, Keywords: 123456, Comments: Phn mm trin khai bn v kt cu Kata X.1, Number of Words: 2, Last Saved Time/Date: Tue Aug 25 02:09:04 2020, Last Printed: Tue Aug 25 02:09:04 2020
    Category:dropped
    Size (bytes):4742656
    Entropy (8bit):7.954641432970208
    Encrypted:false
    SSDEEP:98304:Hg24aT4aQq2yqjjdompwvPplX+laxSirbzgrjAciajua:Hg2LTsb7PdZwXbxXbEiaKa
    MD5:B631814C04464DEF5DD2F67D24271A78
    SHA1:3012BB799CB545FDC9D05F7039E08611426325C4
    SHA-256:7B7893EB3AEB2934DD6A0F032FB57A4EC4E692EEFE3184290359DCDAD9731D54
    SHA-512:0A4E952C6D7DD9F1B1911CC76482D6F4D6F0C70FED6D4128335E1260118A36EBB7480C0252AC1937A2E40F65168424A56835E6A72AFAC7D1DEB7628B2260784D
    Malicious:false
    Preview:......................>...................I...............8............................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...........................................................................................................................................................Z................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...F.......:...;...<...=...>...?...@...A...B...C...D...Y.......G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...\.......[.......]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):227320
    Entropy (8bit):6.457948650706797
    Encrypted:false
    SSDEEP:3072:oCwtulBs61sjBGyhrhirKFalevt64totKL7BCSj086gbTv075x2K1kv398G8Haf1:3o9hEcaGt5PBCSnR/c/LSP9tRzSQ
    MD5:911AA8D08B7CCAB654E897B0E4439354
    SHA1:4F4F16048DEAE47A2FF5B9849042F62EC51794BC
    SHA-256:BA56A2FA13E5DAE48B6D74A8FA40F2F44473B386E71BA1E7EC2DED90AD56BB8B
    SHA-512:8AA11F26093E54A62C5390C64E218A8A57CD3374BBCE8ECC243042DD8A2214EDE1F3BEFA699837698C0BD42B9B4E011F95C62588B8BDD4DA9AAE12DABE4B46E4
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.[...5...5...5..\,...5.$.X...5..-....5..-...5.$.N...5...4.U~5..-..`.5..-....5..-....5..-....5.Rich..5.................PE..L...0l1G...........!................9..............F......................................@.............................#............P..0............T...#...`..........................................@............................................text............................... ..`.data....H..........................@....rsrc...0....P......................@..@.reloc...@...`...B..................@..B........................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):227320
    Entropy (8bit):6.457948650706797
    Encrypted:false
    SSDEEP:3072:oCwtulBs61sjBGyhrhirKFalevt64totKL7BCSj086gbTv075x2K1kv398G8Haf1:3o9hEcaGt5PBCSnR/c/LSP9tRzSQ
    MD5:911AA8D08B7CCAB654E897B0E4439354
    SHA1:4F4F16048DEAE47A2FF5B9849042F62EC51794BC
    SHA-256:BA56A2FA13E5DAE48B6D74A8FA40F2F44473B386E71BA1E7EC2DED90AD56BB8B
    SHA-512:8AA11F26093E54A62C5390C64E218A8A57CD3374BBCE8ECC243042DD8A2214EDE1F3BEFA699837698C0BD42B9B4E011F95C62588B8BDD4DA9AAE12DABE4B46E4
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.[...5...5...5..\,...5.$.X...5..-....5..-...5.$.N...5...4.U~5..-..`.5..-....5..-....5..-....5.Rich..5.................PE..L...0l1G...........!................9..............F......................................@.............................#............P..0............T...#...`..........................................@............................................text............................... ..`.data....H..........................@....rsrc...0....P......................@..@.reloc...@...`...B..................@..B........................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):83027
    Entropy (8bit):4.546705235126721
    Encrypted:false
    SSDEEP:1536:P4fhrBHYea50mKZCiRwQabonwdwaMG0iJnwdwaMG0iiXmBv:urb1CSVnwdwaJ0iJnwdwaJ0ii2F
    MD5:D8167F329456DB5563360DBE2E59A0D5
    SHA1:172B5EB86A1869C40E318F8E562F8DCC959C42E4
    SHA-256:D6CDEB2B1E3C06DF5D66D972BD59C0F6908AB1E856C6DB647A91F7184F2AF454
    SHA-512:776E644419030FD137C1629FA0738435DC9E142429E8F3D5C0869C2AA163D046FB47B752CA7B7ADE5AE45D8C5F883FBAFE71358FD3A015C70F1BC03A0E8E9DF1
    Malicious:false
    Preview:...@IXOS.@.....@f..Z.@.....@.....@.....@.....@.....@......&.{5AFB202C-25DB-49D3-B56F-6A590865F1C8}..KATA 10.1/.20200825-Kata_Eng10.1 (for cad2007-cad2012).msi.@.....@.....@.....@........&.{5CB5BFC2-E1D9-44D5-A09B-3843288EBB79}.....@.....@.....@.....@.......@.....@.....@.......@......KATA 10.1......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{56D8CA8F-1A97-8C05-54F2-E8B0CEFE1257}..C:\Kata_pro\Goi lenh.lsp.@.......@.....@.....@......&.{0D5A9279-ACA4-6CDC-C58B-36660F0E5B64}..C:\Kata_pro\dangthep\dang65.wmf.@.......@.....@.....@......&.{B4CA49C1-3683-945B-0F06-FEC22C22E456}..C:\Kata_pro\dangthep\dang37.wmf.@.......@.....@.....@......&.{F4A083F2-4B1C-8503-7FFF-5E14B7E86349}..C:\Kata_pro\dangthep\dang31.wmf.@.......@.....@.....@......&.{FF2ECA27-CA01-3681-FADA-F9C7EEA4FE15}..C:\Kata_pro\dangthep\dang54.wmf.@.......@.....@.....@......&.{054B1D72-4C49-E89A-0
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):1.1908416415492795
    Encrypted:false
    SSDEEP:12:JSbX72FjqCXAlfLIlHmRpc5h+7777777777777777777777777ZDHFFlB1i8jRlN:JzUIY+C3L1F8F
    MD5:7BD12B6486D1D0EFE507C375076B4D53
    SHA1:1B9D054BD69B13E43280D6987F7DFFAFBEBB1318
    SHA-256:F39513135D359D5AA7B6B1FAA56ECFF84E58FFB536C0135B9068F5960144AA92
    SHA-512:CC5E875F9D41CA6AE519EEB9FD7C797BDEA4001697D7E49E6DB5CEBC76EB6AEA11884E1AF3981600FD679D6C3A50574591679D7A4805BF13EC26765FAD7DDF22
    Malicious:false
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):1.804409340320688
    Encrypted:false
    SSDEEP:48:J8Ph+uRc06WX4WnT5nyNcVMSnt7S3Gtblqugt8IrCyp5lC4pW5lC4gooLrTSntKw:Eh+1mnTRVMRuyCsz+uyCB
    MD5:B028A344EBD5E1A15EE23BD3610E5CDE
    SHA1:068E045BD5F219CD4CE67416CD24482181FB685C
    SHA-256:FFEA9EAF553DF63A299883ABB332D6D1E8ED11C30A9B1B22AA18D7F2194408B3
    SHA-512:AE67928ED31CFB578CEC294643C1C32051FEDE064A0066783E129105CF84B0A7AD5D84DECC6647CF8318831C492692F7BF7D300C94867B989846ED1403F28537
    Malicious:false
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
    Category:dropped
    Size (bytes):16958
    Entropy (8bit):1.4788684737264972
    Encrypted:false
    SSDEEP:96:JvnwzVVBwacmrHSGmz2rFvD01wtmztgK7J5R:JvnwzXBwadSG0i7ZtwtgyF
    MD5:D527268FFD3122A6C5A455495841AB2F
    SHA1:061009BF6F5A24170A726736636A8B0D3DF343F2
    SHA-256:343FFBCE1FBE692842900D281CFFFE64BB090E711692EE545AB702DCEC7DD526
    SHA-512:610194AA91AE9E80D7300A1F5DDEB8E985010D817068252F7190814950EE8DFDBFDDF2AF28D753A6055D03A223215F90B5E7CF70A3E29DDC87B97EA2F77C1302
    Malicious:false
    Preview:......@@.... .(B......(...@......... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
    Category:dropped
    Size (bytes):16958
    Entropy (8bit):1.4788684737264972
    Encrypted:false
    SSDEEP:96:JvnwzVVBwacmrHSGmz2rFvD01wtmztgK7J5R:JvnwzXBwadSG0i7ZtwtgyF
    MD5:D527268FFD3122A6C5A455495841AB2F
    SHA1:061009BF6F5A24170A726736636A8B0D3DF343F2
    SHA-256:343FFBCE1FBE692842900D281CFFFE64BB090E711692EE545AB702DCEC7DD526
    SHA-512:610194AA91AE9E80D7300A1F5DDEB8E985010D817068252F7190814950EE8DFDBFDDF2AF28D753A6055D03A223215F90B5E7CF70A3E29DDC87B97EA2F77C1302
    Malicious:false
    Preview:......@@.... .(B......(...@......... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
    Category:dropped
    Size (bytes):432221
    Entropy (8bit):5.375170134799285
    Encrypted:false
    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaus:zTtbmkExhMJCIpErh
    MD5:0384800B2DC4E83D758125ED4C40A37A
    SHA1:7151EF17B29ADE6500ED56D1F976AA7347967ABA
    SHA-256:5F6A209E8468AB91495041BC2C7F009D55120A2BAE63BDFEF67351A1E6FBAD05
    SHA-512:2C0868BAE5A6204073D63859A0F393AF9E0CA851FCDB8E9780671CBC0A5D26F107B98F83D59A1C1D71B241E7686485FB163F19B6DBAF9611320764809FE18589
    Malicious:false
    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):0.08508853326315119
    Encrypted:false
    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO0yLDhgFKL0TXaVky6lb1:2F0i8n0itFzDHFFlB+R
    MD5:AFED5B25979F37386DE97502EBCD58A7
    SHA1:910BB9705371BD445ED7B322377BACB4170E916E
    SHA-256:025FAE4D99344EDFB6A59142037F13466B037F76466C1BC84FBBA08883E0882B
    SHA-512:B76CD3CE9F869368C7A113EC0E1A8290CB0F0E2EC916EAAD53F3404B620DE267EE718A57CBB4B78A162D9E2E536F522A13364DD5EC4747E1CAED00594CC53F7B
    Malicious:false
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):512
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:3::
    MD5:BF619EAC0CDF3F68D496EA9344137E8B
    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
    Malicious:false
    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):1.804409340320688
    Encrypted:false
    SSDEEP:48:J8Ph+uRc06WX4WnT5nyNcVMSnt7S3Gtblqugt8IrCyp5lC4pW5lC4gooLrTSntKw:Eh+1mnTRVMRuyCsz+uyCB
    MD5:B028A344EBD5E1A15EE23BD3610E5CDE
    SHA1:068E045BD5F219CD4CE67416CD24482181FB685C
    SHA-256:FFEA9EAF553DF63A299883ABB332D6D1E8ED11C30A9B1B22AA18D7F2194408B3
    SHA-512:AE67928ED31CFB578CEC294643C1C32051FEDE064A0066783E129105CF84B0A7AD5D84DECC6647CF8318831C492692F7BF7D300C94867B989846ED1403F28537
    Malicious:false
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):1.4266671964871724
    Encrypted:false
    SSDEEP:48:VHWuQM+xFX41T5hUSyNcVMSnt7S3Gtblqugt8IrCyp5lC4pW5lC4gooLrTSntKSL:pWzWTXjVMRuyCsz+uyCB
    MD5:ABCB9FB75AE08DCFCC2698C90597169A
    SHA1:42FD3598414FF2841F1BF866E885A735E0BCEF6F
    SHA-256:58A4DFD5DF26BAF145AA9D15FE9C69635B8722C945C137AF9C1F608BE7C214FC
    SHA-512:155D68C63625ACE8BA2974BD8FCA42E49835C2283C8120D95DA52403BE30CA4163A68DD0A19B9B34730ED4067D026A342290A3EAAF206A3E3642AEAF92B47E56
    Malicious:false
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):1.4266671964871724
    Encrypted:false
    SSDEEP:48:VHWuQM+xFX41T5hUSyNcVMSnt7S3Gtblqugt8IrCyp5lC4pW5lC4gooLrTSntKSL:pWzWTXjVMRuyCsz+uyCB
    MD5:ABCB9FB75AE08DCFCC2698C90597169A
    SHA1:42FD3598414FF2841F1BF866E885A735E0BCEF6F
    SHA-256:58A4DFD5DF26BAF145AA9D15FE9C69635B8722C945C137AF9C1F608BE7C214FC
    SHA-512:155D68C63625ACE8BA2974BD8FCA42E49835C2283C8120D95DA52403BE30CA4163A68DD0A19B9B34730ED4067D026A342290A3EAAF206A3E3642AEAF92B47E56
    Malicious:false
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):1.804409340320688
    Encrypted:false
    SSDEEP:48:J8Ph+uRc06WX4WnT5nyNcVMSnt7S3Gtblqugt8IrCyp5lC4pW5lC4gooLrTSntKw:Eh+1mnTRVMRuyCsz+uyCB
    MD5:B028A344EBD5E1A15EE23BD3610E5CDE
    SHA1:068E045BD5F219CD4CE67416CD24482181FB685C
    SHA-256:FFEA9EAF553DF63A299883ABB332D6D1E8ED11C30A9B1B22AA18D7F2194408B3
    SHA-512:AE67928ED31CFB578CEC294643C1C32051FEDE064A0066783E129105CF84B0A7AD5D84DECC6647CF8318831C492692F7BF7D300C94867B989846ED1403F28537
    Malicious:false
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):1.4266671964871724
    Encrypted:false
    SSDEEP:48:VHWuQM+xFX41T5hUSyNcVMSnt7S3Gtblqugt8IrCyp5lC4pW5lC4gooLrTSntKSL:pWzWTXjVMRuyCsz+uyCB
    MD5:ABCB9FB75AE08DCFCC2698C90597169A
    SHA1:42FD3598414FF2841F1BF866E885A735E0BCEF6F
    SHA-256:58A4DFD5DF26BAF145AA9D15FE9C69635B8722C945C137AF9C1F608BE7C214FC
    SHA-512:155D68C63625ACE8BA2974BD8FCA42E49835C2283C8120D95DA52403BE30CA4163A68DD0A19B9B34730ED4067D026A342290A3EAAF206A3E3642AEAF92B47E56
    Malicious:false
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):512
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:3::
    MD5:BF619EAC0CDF3F68D496EA9344137E8B
    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
    Malicious:false
    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):512
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:3::
    MD5:BF619EAC0CDF3F68D496EA9344137E8B
    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
    Malicious:false
    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):512
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:3::
    MD5:BF619EAC0CDF3F68D496EA9344137E8B
    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
    Malicious:false
    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):69632
    Entropy (8bit):0.2387576569658127
    Encrypted:false
    SSDEEP:48:SKIVBT+SntKS3Gtblqugt8IrCypSnt7S3Gtblqugt8IrCyp5lC4pW5lC4gooLr6p:Pf+uyCSRuyCsaT
    MD5:A2F061703A9253457D9E27B55D264F42
    SHA1:C738FE18547435AA96763B1238FEB0C5CEA533F1
    SHA-256:2D51183DED87544411AC20E6942A36422FC5F07630E63DFE6773B0FB109B0E07
    SHA-512:E748E0012E4605FBFE2FE66E82DDAC79A3693E22E0C2A7C4C55A328B1E7BB9093FBEBBDCAF2F2A9A6885D58A5E452078BB206E58CC1513EFF68BB3F8FC35E58B
    Malicious:false
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):512
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:3::
    MD5:BF619EAC0CDF3F68D496EA9344137E8B
    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
    Malicious:false
    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {5CB5BFC2-E1D9-44D5-A09B-3843288EBB79}, Title: Vui lng remove bn cu truc khi ci, Author: KS. Nguyn Kh Tam, Keywords: 123456, Comments: Phn mm trin khai bn v kt cu Kata X.1, Number of Words: 2, Last Saved Time/Date: Tue Aug 25 02:09:04 2020, Last Printed: Tue Aug 25 02:09:04 2020
    Entropy (8bit):7.954641432970208
    TrID:
    • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
    File name:20200825-Kata_Eng10.1 (for cad2007-cad2012).msi
    File size:4'742'656 bytes
    MD5:b631814c04464def5dd2f67d24271a78
    SHA1:3012bb799cb545fdc9d05f7039e08611426325c4
    SHA256:7b7893eb3aeb2934dd6a0f032fb57a4ec4e692eefe3184290359dcdad9731d54
    SHA512:0a4e952c6d7dd9f1b1911cc76482d6f4d6f0c70fed6d4128335e1260118a36ebb7480c0252ac1937a2e40f65168424a56835e6a72afac7d1deb7628b2260784d
    SSDEEP:98304:Hg24aT4aQq2yqjjdompwvPplX+laxSirbzgrjAciajua:Hg2LTsb7PdZwXbxXbEiaKa
    TLSH:A02623227981E731C1E10271C56EA7F8577A6C60CFA90683B3643F9E7DB25D1233978A
    File Content Preview:........................>...................I...............8............................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0..
    Icon Hash:2d2e3797b32b2b99
    No network behavior found

    Click to jump to process

    Click to jump to process

    • File
    • Registry

    Click to dive into process behavior distribution

    Target ID:0
    Start time:01:17:58
    Start date:28/04/2025
    Path:C:\Windows\System32\msiexec.exe
    Wow64 process (32bit):false
    Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\20200825-Kata_Eng10.1 (for cad2007-cad2012).msi"
    Imagebase:0x7ff606990000
    File size:69'632 bytes
    MD5 hash:E5DA170027542E25EDE42FC54C929077
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Target ID:1
    Start time:01:17:58
    Start date:28/04/2025
    Path:C:\Windows\System32\msiexec.exe
    Wow64 process (32bit):false
    Commandline:C:\Windows\system32\msiexec.exe /V
    Imagebase:0x7ff606990000
    File size:69'632 bytes
    MD5 hash:E5DA170027542E25EDE42FC54C929077
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Target ID:2
    Start time:01:17:59
    Start date:28/04/2025
    Path:C:\Windows\SysWOW64\msiexec.exe
    Wow64 process (32bit):true
    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 1B690C7BDCE42DE855D8925AEA24ACE1 C
    Imagebase:0x810000
    File size:59'904 bytes
    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Target ID:20
    Start time:01:19:10
    Start date:28/04/2025
    Path:C:\Windows\SysWOW64\msiexec.exe
    Wow64 process (32bit):true
    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 55B6C0BB8444E8B140D0B9656ECAAA2E
    Imagebase:0x810000
    File size:59'904 bytes
    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Target ID:21
    Start time:01:19:13
    Start date:28/04/2025
    Path:C:\Windows\SysWOW64\msiexec.exe
    Wow64 process (32bit):true
    Commandline:"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Kata_pro\kata_pro.dll"
    Imagebase:0x810000
    File size:59'904 bytes
    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    No disassembly