Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
r3Zor4OEe5.msi

Overview

General Information

Sample name:r3Zor4OEe5.msi
renamed because original name is a hash value
Original sample name:bb193b20d415134b38b673f30b232325f9cabff21732957266d2d207e2b7e170.msi
Analysis ID:1500624
MD5:7b9e449d03cc0e3e5fd65dd019505bcb
SHA1:26eb5c00591fa4307cbf71c95d9a0b63ca6cd5d3
SHA256:bb193b20d415134b38b673f30b232325f9cabff21732957266d2d207e2b7e170
Tags:msiRobotDropper
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Msiexec Initiated Connection

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7268 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\r3Zor4OEe5.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7300 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7420 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding ACEE42F6E57521698C9A0D746A0AD34D MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Msiexec Initiated Connection
Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 188.114.96.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 7420, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49704

Suricata Signatures

Timestamp:2024-08-28T18:47:05.379095+0200
SID:2829202
Severity:1
Source Port:49704
Destination Port:443
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1B66780-D60D-433F-9DFF-34A6F436A96E}Jump to behavior
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: r3Zor4OEe5.msi, 570a0b.msi.1.dr
Source: Binary string: dt_shmem.pdb source: dt_shmem.dll.1.dr
Source: Binary string: rmid.pdb source: rmid.exe.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: j2pcsc.pdb source: j2pcsc.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: r3Zor4OEe5.msi, 570a0b.msi.1.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: r3Zor4OEe5.msi, MSI1B27.tmp.1.dr, 570a0b.msi.1.dr, MSI117F.tmp.1.dr, MSIF7A.tmp.1.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.5:49704 -> 188.114.96.3:443
Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: get-license4.com
Source: unknownHTTP traffic detected: POST /licenseUser.php HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvancedInstallerHost: get-license4.comContent-Length: 44Cache-Control: no-cache
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: vlc.mo8.1.drString found in binary or memory: http://forum.videolan.org
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: vlc.mo8.1.drString found in binary or memory: http://wiki.videolan.org
Source: vlc.mo8.1.drString found in binary or memory: http://wiki.videolan.org/Documentation:Play_HowTo
Source: vlc.mo8.1.drString found in binary or memory: http://wiki.videolan.org/Documentation:Streaming_HowTo
Source: vlc.mo8.1.drString found in binary or memory: http://wiki.videolan.org/Documentation:VLC_for_dummies
Source: vlc.mo8.1.drString found in binary or memory: http://wiki.videolan.org/Hotkeys
Source: vlc.mo8.1.drString found in binary or memory: http://wiki.videolan.org/Knowledge_Base
Source: vlc.mo7.1.drString found in binary or memory: http://www.last.fm/join/
Source: vlc.mo8.1.drString found in binary or memory: http://www.videolan.org/
Source: vlc.mo8.1.drString found in binary or memory: http://www.videolan.org/contribute/
Source: vlc.mo8.1.drString found in binary or memory: http://www.videolan.org/support/faq.html
Source: vlc.mo8.1.drString found in binary or memory: http://www.videolan.org/vlc/lists.html
Source: r3Zor4OEe5.msi, 570a0b.msi.1.drString found in binary or memory: https://get-license4.com/licenseUser.phpAI_DOWNGRADE4010AI_PREPARE_UPGRADEPrepareUpgradeAI_PRESERVE_
Source: dt_shmem.dll.1.dr, j2pcsc.dll.1.dr, rmid.exe.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: vlc.mo7.1.drString found in binary or memory: https://www.transifex.com/yaron/teams/16553/cs/)
Source: vlc.mo8.1.drString found in binary or memory: https://www.videolan.org/
Source: vlc.mo8.1.drString found in binary or memory: https://www.videolan.org/contribute/
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\570a0b.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7F.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF7A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI117F.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI120D.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1346.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B27.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B57.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{B1B66780-D60D-433F-9DFF-34A6F436A96E}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2134.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\570a0e.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\570a0e.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIE7F.tmpJump to behavior
Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: r3Zor4OEe5.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs r3Zor4OEe5.msi
Source: r3Zor4OEe5.msiBinary or memory string: OriginalFilenameDataUploader.dllF vs r3Zor4OEe5.msi
Source: classification engineClassification label: mal48.winMSI@4/110@1/1
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML21C9.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF2EFFE9EA79457652.TMPJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\PayloadJump to behavior
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\r3Zor4OEe5.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding ACEE42F6E57521698C9A0D746A0AD34D
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding ACEE42F6E57521698C9A0D746A0AD34DJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1B66780-D60D-433F-9DFF-34A6F436A96E}Jump to behavior
Source: r3Zor4OEe5.msiStatic file information: File size 35910144 > 1048576
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: r3Zor4OEe5.msi, 570a0b.msi.1.dr
Source: Binary string: dt_shmem.pdb source: dt_shmem.dll.1.dr
Source: Binary string: rmid.pdb source: rmid.exe.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: j2pcsc.pdb source: j2pcsc.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: r3Zor4OEe5.msi, 570a0b.msi.1.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: r3Zor4OEe5.msi, MSI1B27.tmp.1.dr, 570a0b.msi.1.dr, MSI117F.tmp.1.dr, MSIF7A.tmp.1.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: 0x693D1559 [Sat Dec 13 07:27:21 2025 UTC]
Source: UnRAR.exe.1.drStatic PE information: section name: _RDATA
Source: rnpkeys.exe.1.drStatic PE information: section name: .00cfg
Source: rnpkeys.exe.1.drStatic PE information: section name: .voltbl
Source: rnpkeys.exe.1.drStatic PE information: section name: _RDATA
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF7A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rmid.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\w2k_lsa_auth.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jlink.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2pcsc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jimage.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\instrument.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\attach.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\freetype.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rnpkeys.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jaas.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\dt_shmem.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B57.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI117F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2pkcs11.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\srv\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B27.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1346.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\prefs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rmi.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI120D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2gss.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\UnRAR.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\nio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF7A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1346.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI120D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B27.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B57.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI117F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF7A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rmid.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\w2k_lsa_auth.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jlink.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jimage.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2pcsc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE7F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\instrument.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\attach.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\freetype.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rnpkeys.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jaas.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\dt_shmem.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1B57.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI117F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2pkcs11.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\srv\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1B27.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1346.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\prefs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rmi.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI120D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2gss.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\UnRAR.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\nio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		Windows Management Instrumentation1
Windows Service		1
Windows Service		21
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Process Injection		1
Process Injection		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Timestomp		Security Account Manager12
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
r3Zor4OEe5.msi0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\UnRAR.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-console-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\attach.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\dt_shmem.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\fontmanager.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\freetype.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\instrument.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2gss.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2pcsc.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2pkcs11.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jaas.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jimage.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jli.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jlink.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\net.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\nio.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\prefs.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rmi.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rmid.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rnpkeys.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\srv\jvm.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\w2k_lsa_auth.dll0%ReversingLabs
C:\Windows\Installer\MSI117F.tmp0%ReversingLabs
C:\Windows\Installer\MSI120D.tmp0%ReversingLabs
C:\Windows\Installer\MSI1346.tmp0%ReversingLabs
C:\Windows\Installer\MSI1B27.tmp0%ReversingLabs
C:\Windows\Installer\MSI1B57.tmp0%ReversingLabs
C:\Windows\Installer\MSIE7F.tmp0%ReversingLabs
C:\Windows\Installer\MSIF7A.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://wiki.videolan.org/Knowledge_Base0%Avira URL Cloudsafe
http://wiki.videolan.org/Documentation:Streaming_HowTo0%Avira URL Cloudsafe
http://www.videolan.org/vlc/lists.html0%Avira URL Cloudsafe
http://www.videolan.org/support/faq.html0%Avira URL Cloudsafe
http://wiki.videolan.org/Documentation:VLC_for_dummies0%Avira URL Cloudsafe
http://wiki.videolan.org0%Avira URL Cloudsafe
http://wiki.videolan.org/Hotkeys0%Avira URL Cloudsafe
http://forum.videolan.org0%Avira URL Cloudsafe
https://www.transifex.com/yaron/teams/16553/cs/)0%Avira URL Cloudsafe
https://www.videolan.org/0%Avira URL Cloudsafe
http://www.videolan.org/0%Avira URL Cloudsafe
http://www.last.fm/join/0%Avira URL Cloudsafe
http://www.videolan.org/contribute/0%Avira URL Cloudsafe
https://get-license4.com/licenseUser.phpAI_DOWNGRADE4010AI_PREPARE_UPGRADEPrepareUpgradeAI_PRESERVE_0%Avira URL Cloudsafe
https://www.videolan.org/contribute/0%Avira URL Cloudsafe
https://get-license4.com/licenseUser.php0%Avira URL Cloudsafe
http://wiki.videolan.org/Documentation:Play_HowTo0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
get-license4.com
188.114.96.3
truetrue
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://get-license4.com/licenseUser.phptrue
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://wiki.videolan.org/Knowledge_Basevlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.videolan.org/support/faq.htmlvlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.videolan.org/vlc/lists.htmlvlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://wiki.videolan.orgvlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://wiki.videolan.org/Documentation:VLC_for_dummiesvlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.transifex.com/yaron/teams/16553/cs/)vlc.mo7.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://wiki.videolan.org/Documentation:Streaming_HowTovlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://wiki.videolan.org/Hotkeysvlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.videolan.org/vlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://forum.videolan.orgvlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.videolan.org/vlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://get-license4.com/licenseUser.phpAI_DOWNGRADE4010AI_PREPARE_UPGRADEPrepareUpgradeAI_PRESERVE_r3Zor4OEe5.msi, 570a0b.msi.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.last.fm/join/vlc.mo7.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.videolan.org/contribute/vlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://wiki.videolan.org/Documentation:Play_HowTovlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.videolan.org/contribute/vlc.mo8.1.drfalse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    188.114.96.3
    		get-license4.comEuropean Union
    		13335CLOUDFLARENETUStrue

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1500624
    Start date and time:2024-08-28 18:46:09 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 7m 21s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:7
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:r3Zor4OEe5.msi
    renamed because original name is a hash value
    Original Sample Name:bb193b20d415134b38b673f30b232325f9cabff21732957266d2d207e2b7e170.msi
    Detection:MAL
    Classification:mal48.winMSI@4/110@1/1
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found application associated with file extension: .msi

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • VT rate limit hit for: r3Zor4OEe5.msi

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    188.114.96.3PO_GM_list_28082024202003180817418280824_purchase_doc_00000(991KB).batGet hashmaliciousFormBook, GuLoader, RemcosBrowse
    • www.katasoo.com/7qad/
    709876765465.exeGet hashmaliciousDBatLoader, FormBookBrowse
    • www.coinwab.com/kqqj/
    http://allegro-8888.com/Get hashmaliciousUnknownBrowse
    • allegro-8888.com/xml/index.html
    PO_112234525626823775.jsGet hashmaliciousLokibotBrowse
    • werdotx.shop/Devil/PWS/fre.php
    nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
    • web.ad87h92j.com/4/t.bmp
    pXm5oVO3Go.exeGet hashmaliciousNitolBrowse
    • web.ad87h92j.com/4/t.bmp
    QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
    • filetransfer.io/data-package/0U9QqTZ6/download
    FedEx Shipping Document.scr.exeGet hashmaliciousAzorultBrowse
    • l0h5.shop/CM341/index.php
    Quote 1T PN40 082624.exeGet hashmaliciousFormBookBrowse
    • www.lampgm.pro/em9t/
    weave.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
    • 671893cm.n9shka.top/eternalpipeLowProcessDbDatalifewpPublicCdn.php

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    get-license4.comx64_x32_installer__v4.0.msiGet hashmaliciousUnknownBrowse
    • 188.114.96.3
    x64_x32_installer__v4.4.9.msiGet hashmaliciousUnknownBrowse
    • 188.114.97.3
    x64_x32_installer__v4.4.3.msiGet hashmaliciousUnknownBrowse
    • 188.114.97.3
    x64_x32_installer__v4.3.0.msiGet hashmaliciousUnknownBrowse
    • 188.114.97.3
    x64_x32_installer__v4.2.2.msiGet hashmaliciousUnknownBrowse
    • 188.114.96.3
    x64_x32_installer__v4.1.8.msiGet hashmaliciousUnknownBrowse
    • 188.114.96.3

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    CLOUDFLARENETUSx64_x32_installer__v4.0.msiGet hashmaliciousUnknownBrowse
    • 188.114.96.3
    https://cb1cd44761364cecb21c459c42a86757.svc.dynamics.com/t/t/oIX7RshqCPFFtVxUphHklxDHFg31zySxgRv75vmlL2Yx/ipf8JYDu9fTBRLVxBJ5f98zUiqcPZCqXAj98vZXuDQkxGet hashmaliciousUnknownBrowse
    • 104.16.76.142
    https://www.linkedin.com/redir/redirect?url=https://assets-usa.mkt.dynamics.com/2143bba1-f463-ef11-a66d-6045bd003910/digitalassets/standaloneforms/3d28dcfa-8464-ef11-bfe2-0022480a9151&urlhash=OzMH&trk=article-ssr-frontend-pulse_little-text-blockGet hashmaliciousHTMLPhisherBrowse
    • 188.114.96.3
    https://assets-usa.mkt.dynamics.com/c9f731e3-0864-ef11-a66d-6045bd003021/digitalassets/standaloneforms/0424cf3e-7364-ef11-bfe2-6045bd055762Get hashmaliciousHTMLPhisherBrowse
    • 104.18.3.35
    https://oh3y.ulvantiro.su/82xG/Get hashmaliciousHTMLPhisherBrowse
    • 104.21.78.226
    https://oh3y.ulvantiro.su/82xG/Get hashmaliciousHTMLPhisherBrowse
    • 104.17.25.14
    https://imgsservices.ie/Get hashmaliciousHTMLPhisherBrowse
    • 188.114.96.3
    https://shoutout.wix.com/so/1cP6H1VAL/c?w=L7pua50bZIFuawn8wEC-GMcwrkjbzspUanxhOP-akj4.eyJ1IjoiaHR0cHM6Ly93aDEzNzExNjMuaXNwb3QuY2MvNzIzMl8zY1BGdU1LYlZDL0pnb0ZWUVluQWIvalN5TGg0eElzYy5odG1sIiwiciI6IjFjMDQ2OWExLTM4MjgtNGUwNy1iY2RiLWVjZDA0ZTM0NGUyMCIsIm0iOiJtYWlsIiwiYyI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9#em=katieidlewine0383@plopmail.comGet hashmaliciousPhisherBrowse
    • 104.21.61.175
    file.exeGet hashmaliciousUnknownBrowse
    • 172.64.41.3
    file.exeGet hashmaliciousLummaC, VidarBrowse
    • 188.114.96.3

    JA3 Fingerprints

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    37f463bf4616ecd445d4a1937da06e19x64_x32_installer__v4.0.msiGet hashmaliciousUnknownBrowse
    • 188.114.96.3
    WebAdvisorInstall.exeGet hashmaliciousLockBit ransomwareBrowse
    • 188.114.96.3
    file.exeGet hashmaliciousLummaC, VidarBrowse
    • 188.114.96.3
    file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
    • 188.114.96.3
    file.exeGet hashmaliciousLummaC, VidarBrowse
    • 188.114.96.3
    46262-pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
    • 188.114.96.3
    PO_GM_list_28082024202003180817418280824_purchase_doc_00000(991KB).batGet hashmaliciousFormBook, GuLoader, RemcosBrowse
    • 188.114.96.3
    IMS64.dll.dllGet hashmaliciousBruteRatelBrowse
    • 188.114.96.3
    IMS64.dll.dllGet hashmaliciousBruteRatelBrowse
    • 188.114.96.3
    Payment_Advice.exeGet hashmaliciousFormBook, GuLoaderBrowse
    • 188.114.96.3

    Dropped Files

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\UnRAR.exex64_x32_installer__v4.0.msiGet hashmaliciousUnknownBrowse
      XmS_Project.rarGet hashmaliciousUnknownBrowse
        x64_x32_installer__v4.4.9.msiGet hashmaliciousUnknownBrowse
          x64_x32_installer__v4.4.3.msiGet hashmaliciousUnknownBrowse
            x64_x32_installer__v4.3.0.msiGet hashmaliciousUnknownBrowse
              x64_x32_installer__v4.2.2.msiGet hashmaliciousUnknownBrowse
                TT ViewBot v3.7.zipGet hashmaliciousUnknownBrowse
                  x64_x32_installer__v4.1.8.msiGet hashmaliciousUnknownBrowse
                    WsblMjPywQ.exeGet hashmaliciousUnknownBrowse
                      F4zk9ccAog.exeGet hashmaliciousUnknownBrowse
                        C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-console-l1-1-0.dllx64_x32_installer__v4.0.msiGet hashmaliciousUnknownBrowse
                          x64_x32_installer__v4.4.9.msiGet hashmaliciousUnknownBrowse
                            x64_x32_installer__v4.4.3.msiGet hashmaliciousUnknownBrowse
                              x64_x32_installer__v4.3.0.msiGet hashmaliciousUnknownBrowse
                                x64_x32_installer__v4.2.2.msiGet hashmaliciousUnknownBrowse
                                  x64_x32_installer__v4.1.8.msiGet hashmaliciousUnknownBrowse
                                    qqgv6uKJOd.exeGet hashmaliciousUnknownBrowse
                                      E5wbN5MIkS.exeGet hashmaliciousUnknownBrowse
                                        Zoom_cm_fo42mnktZ3vvrZo4_mcxLWKARIBTqAZMiXhNcPdK2XiaXQbbYgVC8@wuMpXMIo-d3UZAye.exeGet hashmaliciousClipboard HijackerBrowse
                                          zrpPKBbxN0.exeGet hashmaliciousClipboard HijackerBrowse

                                            Created / dropped Files

                                            C:\Config.Msi\570a0d.rbs

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:modified
                                            Size (bytes):26141
                                            Entropy (8bit):5.869440053426368
                                            Encrypted:false
                                            SSDEEP:768:s6vdGiAZr8dGTYeMnc3j3l+iK/kilSmpN9Mal3uG2+FdTE0qoWPoTVGP9Lt+V2vv:xvdGiAZr8dGTYeMnc3j3l+iK/kilSmp8
                                            MD5:DD2E2019D2B79C937A879E5764B5A5F9
                                            SHA1:9C06E6149615482EFCEAA004A78739852B6DA6FE
                                            SHA-256:87A4527079B57BBBD29795B7570FB52679210CBDB994C61F7ACEF51BE3E539A9
                                            SHA-512:A6F57B8089DC5A63E5CECE20D1557B160F6C60B7C2DC7BBDEB0B225B05DB28E6398C630E3A165EDE87DBC24265179BE88887CBC7C0F891A5E7ACA70506955309
                                            Malicious:false
                                            Reputation:low
                                            Preview:...@IXOS.@.....@.e.Y.@.....@.....@.....@.....@.....@......&.{B1B66780-D60D-433F-9DFF-34A6F436A96E}..IcuApp..r3Zor4OEe5.msi.@.....@.....@.....@......icon_25.exe..&.{847FACC8-465F-4938-AF1A-A70D5A9EDA57}.....@.....@.....@.....@.......@.....@.....@.......@......IcuApp......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A1891289-FBA3-4394-97C6-59BEB51FC0CD}&.{B1B66780-D60D-433F-9DFF-34A6F436A96E}.@......&.{BA9848B9-FD9A-4F66-A260-353B1A39344A}&.{B1B66780-D60D-433F-9DFF-34A6F436A96E}.@......&.{B38797AC-AC2E-421D-B180-F8E18558EE2F}&.{B1B66780-D60D-433F-9DFF-34A6F436A96E}.@......&.{F1C6C119-92FE-4258-B0E3-6BABD549DF7B}&.{B1B66780-D60D-433F-9DFF-34A6F436A96E}.@......&.{40B539D7-F501-49C5-A9AE-7A21A44D396B}&.{B1B66780-D60D-433F-9DFF-34A6F436A96E}.@......&.{7C39C0D1-2D87-4D59-9C5F-D3B533AC5BEE}&.{B1B66780-D60D-433F-9DFF-34A6F436A96E}.@......&.{5B40C5C7-0FF3-41C7-BA3F-6C6A434D5C6A}&.{B1B66780-D60D-433F-

                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\licenseUser[1].htm

                                            Download File
                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):2
                                            Entropy (8bit):1.0
                                            Encrypted:false
                                            SSDEEP:3:u:u
                                            MD5:E99BB33727D338314912E86FBDEC87AF
                                            SHA1:6779AFBC3E993C547CA0800A9754F37A6E80E0ED
                                            SHA-256:6856C5A3A26B5A3F2EAD70CA56870769D1FEE88F9C457F4360812F2203565824
                                            SHA-512:00FC5A88AB965B5A16D7CA33CFEF247ECE3185560F2C778CFBDD0353FE73505638E300B35F447713D26A5001AB29F6F969622BCEAEF1C100E80913F7430CC085
                                            Malicious:false
                                            Reputation:moderate, very likely benign file
                                            Preview:0a

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\UnRAR.exe

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):506008
                                            Entropy (8bit):6.4284173495366845
                                            Encrypted:false
                                            SSDEEP:6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
                                            MD5:98CCD44353F7BC5BAD1BC6BA9AE0CD68
                                            SHA1:76A4E5BF8D298800C886D29F85EE629E7726052D
                                            SHA-256:E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
                                            SHA-512:D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Joe Sandbox View:
                                            • Filename: x64_x32_installer__v4.0.msi, Detection: malicious, Browse
                                            • Filename: XmS_Project.rar, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.4.9.msi, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.4.3.msi, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.3.0.msi, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.2.2.msi, Detection: malicious, Browse
                                            • Filename: TT ViewBot v3.7.zip, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.1.8.msi, Detection: malicious, Browse
                                            • Filename: WsblMjPywQ.exe, Detection: malicious, Browse
                                            • Filename: F4zk9ccAog.exe, Detection: malicious, Browse
                                            Reputation:moderate, very likely benign file
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............|.&.....|.$.J...|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-console-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12224
                                            Entropy (8bit):6.596101286914553
                                            Encrypted:false
                                            SSDEEP:192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
                                            MD5:919E653868A3D9F0C9865941573025DF
                                            SHA1:EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
                                            SHA-256:2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
                                            SHA-512:6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Joe Sandbox View:
                                            • Filename: x64_x32_installer__v4.0.msi, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.4.9.msi, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.4.3.msi, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.3.0.msi, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.2.2.msi, Detection: malicious, Browse
                                            • Filename: x64_x32_installer__v4.1.8.msi, Detection: malicious, Browse
                                            • Filename: qqgv6uKJOd.exe, Detection: malicious, Browse
                                            • Filename: E5wbN5MIkS.exe, Detection: malicious, Browse
                                            • Filename: Zoom_cm_fo42mnktZ3vvrZo4_mcxLWKARIBTqAZMiXhNcPdK2XiaXQbbYgVC8@wuMpXMIo-d3UZAye.exe, Detection: malicious, Browse
                                            • Filename: zrpPKBbxN0.exe, Detection: malicious, Browse
                                            Reputation:moderate, very likely benign file
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-console-l1-2-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12224
                                            Entropy (8bit):6.640081558424349
                                            Encrypted:false
                                            SSDEEP:192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
                                            MD5:7676560D0E9BC1EE9502D2F920D2892F
                                            SHA1:4A7A7A99900E41FF8A359CA85949ACD828DDB068
                                            SHA-256:00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
                                            SHA-512:F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Reputation:moderate, very likely benign file
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-datetime-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11712
                                            Entropy (8bit):6.6023398138369505
                                            Encrypted:false
                                            SSDEEP:192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
                                            MD5:AC51E3459E8FCE2A646A6AD4A2E220B9
                                            SHA1:60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
                                            SHA-256:77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
                                            SHA-512:6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-debug-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11720
                                            Entropy (8bit):6.614262942006268
                                            Encrypted:false
                                            SSDEEP:192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
                                            MD5:B0E0678DDC403EFFC7CDC69AE6D641FB
                                            SHA1:C1A4CE4DED47740D3518CD1FF9E9CE277D959335
                                            SHA-256:45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
                                            SHA-512:2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-errorhandling-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11720
                                            Entropy (8bit):6.654155040985372
                                            Encrypted:false
                                            SSDEEP:192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
                                            MD5:94788729C9E7B9C888F4E323A27AB548
                                            SHA1:B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
                                            SHA-256:ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
                                            SHA-512:AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):15304
                                            Entropy (8bit):6.548897063441128
                                            Encrypted:false
                                            SSDEEP:192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
                                            MD5:580D9EA2308FC2D2D2054A79EA63227C
                                            SHA1:04B3F21CBBA6D59A61CD839AE3192EA111856F65
                                            SHA-256:7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
                                            SHA-512:97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l1-2-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11712
                                            Entropy (8bit):6.622041192039296
                                            Encrypted:false
                                            SSDEEP:192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
                                            MD5:35BC1F1C6FBCCEC7EB8819178EF67664
                                            SHA1:BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
                                            SHA-256:7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
                                            SHA-512:9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-file-l2-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11720
                                            Entropy (8bit):6.730719514840594
                                            Encrypted:false
                                            SSDEEP:192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
                                            MD5:3BF4406DE02AA148F460E5D709F4F67D
                                            SHA1:89B28107C39BB216DA00507FFD8ADB7838D883F6
                                            SHA-256:349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
                                            SHA-512:5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-handle-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11720
                                            Entropy (8bit):6.626458901834476
                                            Encrypted:false
                                            SSDEEP:192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
                                            MD5:BBAFA10627AF6DFAE5ED6E4AEAE57B2A
                                            SHA1:3094832B393416F212DB9107ADD80A6E93A37947
                                            SHA-256:C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
                                            SHA-512:D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-heap-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12232
                                            Entropy (8bit):6.577869728469469
                                            Encrypted:false
                                            SSDEEP:192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
                                            MD5:3A4B6B36470BAD66621542F6D0D153AB
                                            SHA1:5005454BA8E13BAC64189C7A8416ECC1E3834DC6
                                            SHA-256:2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
                                            SHA-512:84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-interlocked-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11712
                                            Entropy (8bit):6.6496318655699795
                                            Encrypted:false
                                            SSDEEP:192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
                                            MD5:A038716D7BBD490378B26642C0C18E94
                                            SHA1:29CD67219B65339B637A1716A78221915CEB4370
                                            SHA-256:B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
                                            SHA-512:43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-libraryloader-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12736
                                            Entropy (8bit):6.587452239016064
                                            Encrypted:false
                                            SSDEEP:192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
                                            MD5:D75144FCB3897425A855A270331E38C9
                                            SHA1:132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
                                            SHA-256:08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
                                            SHA-512:295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-localization-l1-2-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):14280
                                            Entropy (8bit):6.658205945107734
                                            Encrypted:false
                                            SSDEEP:384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
                                            MD5:8ACB83D102DABD9A5017A94239A2B0C6
                                            SHA1:9B43A40A7B498E02F96107E1524FE2F4112D36AE
                                            SHA-256:059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
                                            SHA-512:B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-memory-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12224
                                            Entropy (8bit):6.621310788423453
                                            Encrypted:false
                                            SSDEEP:96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
                                            MD5:808F1CB8F155E871A33D85510A360E9E
                                            SHA1:C6251ABFF887789F1F4FC6B9D85705788379D149
                                            SHA-256:DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
                                            SHA-512:441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-namedpipe-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11720
                                            Entropy (8bit):6.7263193693903345
                                            Encrypted:false
                                            SSDEEP:192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
                                            MD5:CFF476BB11CC50C41D8D3BF5183D07EC
                                            SHA1:71E0036364FD49E3E535093E665F15E05A3BDE8F
                                            SHA-256:B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
                                            SHA-512:7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processenvironment-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12744
                                            Entropy (8bit):6.601327134572443
                                            Encrypted:false
                                            SSDEEP:192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
                                            MD5:F43286B695326FC0C20704F0EEBFDEA6
                                            SHA1:3E0189D2A1968D7F54E721B1C8949487EF11B871
                                            SHA-256:AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
                                            SHA-512:6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processthreads-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):14272
                                            Entropy (8bit):6.519411559704781
                                            Encrypted:false
                                            SSDEEP:192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
                                            MD5:E173F3AB46096482C4361378F6DCB261
                                            SHA1:7922932D87D3E32CE708F071C02FB86D33562530
                                            SHA-256:C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
                                            SHA-512:3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-processthreads-l1-1-1.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12232
                                            Entropy (8bit):6.659079053710614
                                            Encrypted:false
                                            SSDEEP:192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
                                            MD5:9C9B50B204FCB84265810EF1F3C5D70A
                                            SHA1:0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
                                            SHA-256:25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
                                            SHA-512:EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-profile-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11200
                                            Entropy (8bit):6.7627840671368835
                                            Encrypted:false
                                            SSDEEP:192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
                                            MD5:0233F97324AAAA048F705D999244BC71
                                            SHA1:5427D57D0354A103D4BB8B655C31E3189192FC6A
                                            SHA-256:42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
                                            SHA-512:8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-rtlsupport-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12224
                                            Entropy (8bit):6.590253878523919
                                            Encrypted:false
                                            SSDEEP:192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
                                            MD5:E1BA66696901CF9B456559861F92786E
                                            SHA1:D28266C7EDE971DC875360EB1F5EA8571693603E
                                            SHA-256:02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
                                            SHA-512:08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-string-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11720
                                            Entropy (8bit):6.672720452347989
                                            Encrypted:false
                                            SSDEEP:192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
                                            MD5:7A15B909B6B11A3BE6458604B2FF6F5E
                                            SHA1:0FEB824D22B6BEEB97BCE58225688CB84AC809C7
                                            SHA-256:9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
                                            SHA-512:D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-synch-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):13760
                                            Entropy (8bit):6.575688560984027
                                            Encrypted:false
                                            SSDEEP:192:L1dv3V0dfpkXc2MAvVaoKKDWYhWTJWWFYg7VWQ4uWoSUtpwBqnajrmaaGWpmJ:Zdv3V0dfpkXc0vVaeWYhWj/qlQGWpmJ
                                            MD5:6C3FCD71A6A1A39EAB3E5C2FD72172CD
                                            SHA1:15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
                                            SHA-256:A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
                                            SHA-512:EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-synch-l1-2-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12232
                                            Entropy (8bit):6.70261983917014
                                            Encrypted:false
                                            SSDEEP:192:ztZ3XWYhW3WWFYg7VWQ4eWNnpit7ZqnajgnLSl:ztZ3XWYhWVg+llk2
                                            MD5:D175430EFF058838CEE2E334951F6C9C
                                            SHA1:7F17FBDCEF12042D215828C1D6675E483A4C62B1
                                            SHA-256:1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
                                            SHA-512:6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-sysinfo-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12744
                                            Entropy (8bit):6.599515320379107
                                            Encrypted:false
                                            SSDEEP:192:fKIMFFyWYhW6WWFYg7VWQ4eWoVjxceXqnajLJ4:fcyWYhWKRjmAlnJ4
                                            MD5:9D43B5E3C7C529425EDF1183511C29E4
                                            SHA1:07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
                                            SHA-256:19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
                                            SHA-512:C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-timezone-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12232
                                            Entropy (8bit):6.690164913578267
                                            Encrypted:false
                                            SSDEEP:192:4EWYhWdWWFYg7VWQ4eWvvJ6jxceXqnajLJn:4EWYhWbwYjmAlnJ
                                            MD5:43E1AE2E432EB99AA4427BB68F8826BB
                                            SHA1:EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
                                            SHA-256:3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
                                            SHA-512:40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-core-util-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11720
                                            Entropy (8bit):6.615761482304143
                                            Encrypted:false
                                            SSDEEP:192:dZ89WYhWFWWFYg7VWQ4eW5QLyFqnajziMOci:dZ89WYhWDnolniMOP
                                            MD5:735636096B86B761DA49EF26A1C7F779
                                            SHA1:E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
                                            SHA-256:5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
                                            SHA-512:3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-conio-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12744
                                            Entropy (8bit):6.627282858694643
                                            Encrypted:false
                                            SSDEEP:192:R0WYhWRWWFYg7VWQ4eWLeNxUUtpwBqnajrmaaG:R0WYhWPzjqlQG
                                            MD5:031DC390780AC08F498E82A5604EF1EB
                                            SHA1:CF23D59674286D3DC7A3B10CD8689490F583F15F
                                            SHA-256:B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
                                            SHA-512:1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-convert-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):15816
                                            Entropy (8bit):6.435326465651674
                                            Encrypted:false
                                            SSDEEP:192:JM0wd8dc9cydWYhWyWWFYg7VWQ4eW9jTXfH098uXqnajH/VCf:G0wd8xydWYhWi2bXuXlTV2
                                            MD5:285DCD72D73559678CFD3ED39F81DDAD
                                            SHA1:DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
                                            SHA-256:6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
                                            SHA-512:84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-environment-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12232
                                            Entropy (8bit):6.5874576656353145
                                            Encrypted:false
                                            SSDEEP:192:6KNMWYhW6WWFYg7VWQ4eWSA5lJSdqnajeMh3:6KNMWYhWKiKdlaW
                                            MD5:5CCE7A5ED4C2EBAF9243B324F6618C0E
                                            SHA1:FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
                                            SHA-256:AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
                                            SHA-512:FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-filesystem-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):13768
                                            Entropy (8bit):6.645869978118917
                                            Encrypted:false
                                            SSDEEP:192:CGnWlC0i5ClWYhWwWWFYg7VWQ4eWtOUtpwBqnajrmaaGN4P:9nWm5ClWYhWQ8qlQGN6
                                            MD5:41FBBB054AF69F0141E8FC7480D7F122
                                            SHA1:3613A572B462845D6478A92A94769885DA0843AF
                                            SHA-256:974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
                                            SHA-512:97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-heap-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12744
                                            Entropy (8bit):6.564006501134889
                                            Encrypted:false
                                            SSDEEP:192:8a9aY17aFBRAWYhWYWWFYg7VWQ4eWbr0tJSUtpwBqnajrmaaG:8ad9WYhW4F/qlQG
                                            MD5:212D58CEFB2347BD694B214A27828C83
                                            SHA1:F0E98E2D594054E8A836BD9C6F68C3FE5048F870
                                            SHA-256:8166321F14D5804CE76F172F290A6F39CE81373257887D9897A6CF3925D47989
                                            SHA-512:637C215ED3E781F824AE93A0E04A7B6C0A6B1694D489E9058203630DCFC0B8152F2EB452177EA9FD2872A8A1F29C539F85A2F2824CF50B1D7496FA3FEBE27DFE
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...h{............" .........................................................0......J(....`.........................................0................ ...................!..............T............................................................................rdata..F...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-locale-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12232
                                            Entropy (8bit):6.678162783983714
                                            Encrypted:false
                                            SSDEEP:192:+WYhWoWWFYg7VWQ4eWSoV7jjT6iBTqnajbQwr1:+WYhWIiVTTXZl3QC
                                            MD5:242829C7BE4190564BECEE51C7A43A7E
                                            SHA1:663154C1437ACF66480518068FBC756F5CABB72F
                                            SHA-256:EDC1699E9995F98826DF06D2C45BEB9E02AA7817BAE3E61373096AE7F6FA06E0
                                            SHA-512:3529FDE428AFFC3663C5C69BAEE60367A083841B49583080F0C4C7E72EAA63CABBF8B9DA8CCFC473B3C552A0453405A4A68FCD7888D143529D53E5EEC9A91A34
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...+P............" .........................................................0......@.....`.........................................0...e............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-math-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):20928
                                            Entropy (8bit):6.2047011292890195
                                            Encrypted:false
                                            SSDEEP:192:8JIDSM4Oe59rmkUALQe1hgmL44WYhWWWWFYg7VWQ4yWARgKZRqnajl6umA:8JI2M4Oe59Ckb1hgmLhWYhW2v2yRlwQ
                                            MD5:FB79420EC05AA715FE76D9B89111F3E2
                                            SHA1:15C6D65837C9979AF7EC143E034923884C3B0DBD
                                            SHA-256:F6A93FE6B57A54AAC46229F2ED14A0A979BF60416ADB2B2CFC672386CCB2B42E
                                            SHA-512:C40884C80F7921ADDCED37B1BF282BB5CB47608E53D4F4127EF1C6CE7E6BB9A4ADC7401389BC8504BF24751C402342693B11CEF8D06862677A63159A04DA544E
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...IV............" .........,...............................................P.......e....`.........................................0....%...........@...............0...!..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-multibyte-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):19904
                                            Entropy (8bit):6.189411151090302
                                            Encrypted:false
                                            SSDEEP:384:4SrxLPmIHJI6/CpG3t2G3t4odXLhWYhWfgy6l9ne:4iPmIHJI6vZO
                                            MD5:A5B920F24AEA5C2528FE539CD7D20105
                                            SHA1:3FAE25B81DC65923C1911649ED19F193ADC7BDDE
                                            SHA-256:5B3E29116383BA48A2F46594402246264B4CB001023237EBBF28E7E9292CDB92
                                            SHA-512:F77F83C7FAD442A9A915ABCBC2AF36198A56A1BC93D1423FC22E6016D5CC53E47DE712E07C118DD85E72D4750CA450D90FDB6F9544D097AFC170AEECC5863158
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.../..N.........." .........(...............................................P......C.....`.........................................0.... ...........@...............,...!..............T............................................................................rdata..$".......$..................@..@.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-private-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):64456
                                            Entropy (8bit):5.53593950821058
                                            Encrypted:false
                                            SSDEEP:1536:Se6De5c4bFe2JyhcvxXWpD7d3334BkZn+PI5c:Se6De5c4bFe2JyhcvxXWpD7d3334BkZU
                                            MD5:5C2004DAF398620211F0AD9781FF4EC2
                                            SHA1:E43DD814E90330880EE75259809EEE7B91B4FFA6
                                            SHA-256:55BC91A549D22B160AE4704485E19DEE955C7C2534E7447AFB84801EE629639B
                                            SHA-512:11EDBBC662584BB1DEA37D1B23C56426B970D127F290F3BE21CD1BA0A80D1F202047ABB80D8460D17A7CACF095DE90B78A54F7C7EC395043D54B49FFE688DF51
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......F.........." ......................................................................`.........................................0...T................................!..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-process-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12736
                                            Entropy (8bit):6.592404054572702
                                            Encrypted:false
                                            SSDEEP:192:+nqjd7dWYhWDWWFYg7VWQ4yWMJ5HKZRqnajl6b:+nsWYhWxp5HyRlwb
                                            MD5:DD899C6FFECCE1DCA3E1C3B9BA2C8DA2
                                            SHA1:2914B84226F5996161EB3646E62973B1E6C9E596
                                            SHA-256:191F53988C7F02DD888C4FBF7C1D3351570F3B641146FAE6D60ACDAE544771AE
                                            SHA-512:2DB47FAA025C797D8B9B82DE4254EE80E499203DE8C6738BD17DDF6A77149020857F95D0B145128681A3084B95C7D14EB678C0A607C58B76137403C80FE8F856
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...P..D.........." .........................................................0......N.....`.........................................0...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-runtime-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):16328
                                            Entropy (8bit):6.449442433945565
                                            Encrypted:false
                                            SSDEEP:192:maajPrpJhhf4AN5/KixWYhW4XWWFYg7VWQ4eWvppXjxceXqnajLJhrdCq:mlbr7nWYhW41MXjmAlnJhUq
                                            MD5:883120F9C25633B6C688577D024EFD12
                                            SHA1:E4FA6254623A2B4CDEA61712CDFA9C91AA905F18
                                            SHA-256:4390C389BBBF9EC7215D12D22723EFD77BEB4CD83311C75FFE215725ECFD55DC
                                            SHA-512:F17D3B667CC8002F4B6E6B96B630913FA1CB4083D855DB5B7269518F6FF6EEBF835544FA3B737F4FC0EB46CCB368778C4AE8B11EBCF9274CE1E5A0BA331A0E2F
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...9..b.........." .........................................................@......^%....`.........................................0...4............0...................!..............T............................................................................rdata..d...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-stdio-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):17864
                                            Entropy (8bit):6.393000322519701
                                            Encrypted:false
                                            SSDEEP:192:WpPLNPjFuWYFxEpahTWYhWHWWFYg7VWQ4eW9M3u57ZqnajgnLSuRCz:W19OFVhTWYhWlBu5llk2
                                            MD5:29680D7B1105171116A137450C8BB452
                                            SHA1:492BB8C231AAE9D5F5AF565ABB208A706FB2B130
                                            SHA-256:6F6F6E857B347F70ECC669B4DF73C32E42199B834FE009641D7B41A0B1C210AF
                                            SHA-512:87DCF131E21041B06ED84C3A510FE360048DE46F1975155B4B12E4BBF120F2DD0CB74CCD2E8691A39EEE0DA7F82AD39BC65C81F530FC0572A726F0A6661524F5
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....v..........." ......... ...............................................@............`.........................................0...a............0...............$...!..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-string-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):18368
                                            Entropy (8bit):6.28071959876622
                                            Encrypted:false
                                            SSDEEP:384:NFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl/WYhW49PBolniMcx:T5yguNvZ5VQgx3SbwA71IkFwNJT
                                            MD5:F816666E3FC087CD24828943CB15F260
                                            SHA1:EAE814C9C41E3D333F43890ED7DAFA3575E4C50E
                                            SHA-256:45E0835B1D3B446FE2C347BD87922C53CFB6DD826499E19A1D977BF4C11B0E4A
                                            SHA-512:6860ABE8AB5220EFB88F68B80E6C6E95FE35B4029F46B59BC467E3850FE671BDA1C7C1C7B035B287BDFED5DAEAC879EE481D35330B153EA7EF2532970F62C581
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......e.........." ........."...............................................@......:y....`.........................................0................0...............&...!..............T............................................................................rdata..............................@..@.rsrc........0......."..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-time-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):14280
                                            Entropy (8bit):6.540126514657828
                                            Encrypted:false
                                            SSDEEP:192:qy5NDSWYhWcQWWFYg7VWQ4eWAcSJR/BVrqnajcm2:qU0WYhWcwASJRLlA
                                            MD5:143A735134CD8C889EC7D7B85298705B
                                            SHA1:906AC1F3A933DD57798AE826BBEFA3096C20D424
                                            SHA-256:B48310B0837027F756D62C37EA91AF988BAA403CBCBD01CB26B6FDAE21EA96A2
                                            SHA-512:C9ABE209508AFAE2D1776391F73B658C9A25628876724344023E0FC8A790ECB7DBCE75FDDAE267158D08A8237F83336B1D2BD5B5CE0A8EED7DD41CBE0C031D48
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0.......>....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\api-ms-win-crt-utility-l1-1-0.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):12224
                                            Entropy (8bit):6.677792963727018
                                            Encrypted:false
                                            SSDEEP:192:GI6fHQduPWYhWcWWFYg7VWQ4yWpbdsQlmqnajlDPD:2f5WYhW8Kd6l9L
                                            MD5:6F1A1DFB2761228CCC7D07B8B190054C
                                            SHA1:117D66360C84A0088626E22D8B3B4B685CB70D56
                                            SHA-256:C81C4BBA4E5F205359AD145963F6FBD074879047C66569F52B6D66711108E1ED
                                            SHA-512:480B4F9179D5DA56010FA90E1937FE3A232F2F8682596C16EEAED08F57CF8CFFEAA506060429501764F695CB6C5B3E56B0037DE948C4D0E3933F022A0B4103D2
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....t..........." .........................................................0......S.....`.........................................0...^............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\attach.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):25744
                                            Entropy (8bit):6.063798132622138
                                            Encrypted:false
                                            SSDEEP:384:VOcn86oQ6m/LOAMhrRoJi0HXk1dv47pnDG7YkcdDgf2hk8:YDmyoLpnDG7VeUf2h7
                                            MD5:D6569B0AE3F833DDFF73F178A09AA69D
                                            SHA1:F1238E8E6C1908A3B966862D16B6784F7541FBA7
                                            SHA-256:F4E59D86954BD7273A0AC1136C80AB055995D36E33A7F676FCCCC728ED6AA013
                                            SHA-512:43599873C34FAFB00D8CDAE7C4B74B67F671B51359272E3A435048B39FF6034A8E35D3D87E9B9324BBA79A5247D07342D1B652919FFD991507BECB4D798964E6
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NjP...>...>...>..s....>..d?...>..d;...>..d:...>..d=...>.Qc?...>..d?...>...?.F.>..d:...>..d>...>..d....>..d<...>.Rich..>.........PE..d.....`_.........." .........,......."..............................................h.....`..........................................<..d...$@.......p..x....`..d....H..........$....5..T...........................06..0............0..h............................text............................... ..`.rdata.......0......."..............@..@.data...H....P.......<..............@....pdata..d....`.......>..............@..@.rsrc...x....p.......B..............@..@.reloc..$............F..............@..B................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\dt_shmem.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):33936
                                            Entropy (8bit):6.184746585770217
                                            Encrypted:false
                                            SSDEEP:768:4cE3gRs+YINEJkQRYsdU5yqDG74yUf2hH:4cENhTYK5ZdUfm
                                            MD5:EDBAB7FE0A95FD6BB093C61AC290C408
                                            SHA1:7C04F7D72FE9BA9A10B08F2969F88F79837AE69C
                                            SHA-256:7C42FFD63EE5194F514257CAEE60E0F9C5E66BB841388F33FC77446B09D6620A
                                            SHA-512:CB4304D30DD8DF238DC2AFD1609D433AFB6206E8AAA83BA92D0ADAB2CFC19B202E646AAA6F4D8360CA8FC236E20D7E47FC8FB5FEE0030CC7E3C9DCEDD7015822
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{..z.`.y.a.p.`.).a.q.`.r.a.2.`.y.e.y.`.y.d.z.`.y.c.p.`...d.w.`...`.s.`.....s.`...b.s.`.Richr.`.........PE..d.....`_.........." .....:...0.......>..............................................{B....`.........................................``..X....c..................4....h..........4....X..T...........................@Y..0............P...............................text...d9.......:.................. ..`.rdata.......P.......>..............@..@.data........p.......Z..............@....pdata..4............\..............@..@.rsrc................b..............@..@.reloc..4............f..............@..B........................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\fontmanager.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):662672
                                            Entropy (8bit):6.383470769155687
                                            Encrypted:false
                                            SSDEEP:12288:dpp3tqZVUjWWQp/WTTwnjaXzfffdxqmhSTd2yW:7qZVUjfk/WTTwmLff/hyQ
                                            MD5:3D243D097A18154CC58D6DD887D9C1C3
                                            SHA1:5E0F57B1A8E32ADA70CE7F0188F1808199182F5A
                                            SHA-256:228B6C8E15939CDA7D97A8F1678614D0B244E4F2653FED9243140519A5255E5A
                                            SHA-512:2440D03A9EA928BC3F0D9019D5DD9EBB0A1DF7C2D062FFCC910E165DC47F65A32F056352D77DC98BB315782DF700EAA1C4CD1C4FA3486C3389058403661B09C7
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..h'X.h'X.h'X...X.h'X..&Y.h'X]..X.h'X.."Y.h'X..#Y.h'X..$Y.h'X..&Y.h'X..&Y.h'X.h&XSh'X.."Y.h'X..#Y.h'X..'Y.h'X...X.h'X..%Y.h'XRich.h'X........PE..d.....`_.........." .........6......T.....................................................`.............................................X.......T....p....... ...E..............0....O..T............................O..0............ ..(............................text............................... ..`.rdata..T.... ......................@..@.data....F..........................@....pdata...E... ...F..................@..@.rsrc........p......................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\freetype.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):534160
                                            Entropy (8bit):6.642624603148968
                                            Encrypted:false
                                            SSDEEP:12288:fkTaKxHiRAWW3BKeTR03HOYo+glOfEWmyD:fqaeHiAZTR+eZ6
                                            MD5:094F053A0C612E9CA2F784C14A349937
                                            SHA1:220B4D9D0DFC6B6A4D2C4F645CFB50322C56E3C9
                                            SHA-256:719FC2008A341E26ED5D072737F3C47A150964D8A802C9BC09EC8DEA699B454D
                                            SHA-512:C5CB1DF3208F0B6EF90B9E3A76CC0CDC4BED7E3FF605A8C782A22D0D507209C79CB1F053FABD700EB2D41212496EBAF32D3F103D60274F742527EB32C49D639F
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.....h...h...h.v...q.h.t.i.}.h.$.i.|.h...i.G.h..S..~.h.t.m.t.h.t.l.w.h.t.k.|.h...l...h...h.~.h.....~.h...j.~.h.Rich..h.........................PE..d.....`_.........." ................T........................................P.......e....`.........................................`................0...........U...........@......`0..T............................0..0............................................text.............................. ..`.rdata..............................@..@.data...H...........................@....pdata...U.......V..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\instrument.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):47760
                                            Entropy (8bit):6.334453485877111
                                            Encrypted:false
                                            SSDEEP:768:mUUepsAXMbtARIkzEaP7yGsYiiEhG0I44Q+D5EITkFgdIpm59DG7jpUf2hS:bx646m5EIAFSIpm5+1Ufh
                                            MD5:5567BD27F81769128DF0651CFF921EB6
                                            SHA1:33D91C3F99E31ABB5221F7F551DBC043A96001BC
                                            SHA-256:C4504039792673885C1C8B20EBE5930BB0E087C75C7FFADCF3B01C8C4DAB456E
                                            SHA-512:7C488B93E0BDFF29840621951CB3BEC44C1C81DE2F22042DBE3F937CA8CA937D31C28D26140BDCF6FE2C80DA8372EED08D4FCB2C07764AD29B741FD4E474F363
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N../}../}../}..W./}..@|../}..G|../}....../}..@x../}..@y../}..@~../}.T@|../}../|../}.T@y../}.T@}../}.T@.../}.T@.../}.Rich./}.........................PE..d.....`_.........." .....^...B.......b...................................................`.........................................`.......<...................................,...p...T..............................0............p...............................text...D].......^.................. ..`.rdata..*-...p.......b..............@..@.data...X...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2gss.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):47248
                                            Entropy (8bit):6.184743645607974
                                            Encrypted:false
                                            SSDEEP:768:vBF34h3Hv0kUfKE10nMiwBMMgug14c1u+kRq3CEgCG+FyDU1M/6UCzHU2DG7vtUX:/sK2nMVVNRq3CEgCG+YDU1MCPrUNVUff
                                            MD5:1B4F24D3432C67B825F764111ECC7E5E
                                            SHA1:6CD28CA4FE9E2A902FFE3227911F98580A719BEF
                                            SHA-256:AE1DDBAFB2253BBFE624B7699EA5A4C98688E7FC44EEC4E1CF7ABCB9EC898A80
                                            SHA-512:62091F36CF6BD5097E6890AD67B57E2145DC25DA7A878E0A780FEBFBAA93A0DD2CFACAE8FABEBF36E0DA93DEEAF54F63D9D9396DAE72599D40EF8E0B62A9A556
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5HRq[.Rq[.Rq[.[...Tq[.Y.Z.Pq[...Z.Qq[.RqZ..q[.Y.^.Yq[.Y._.Zq[.Y.X.Pq[..._.Qq[...[.Sq[.....Sq[...Y.Sq[.RichRq[.........................PE..d.....`_.........." .....T...L.......W....................................................`.....................................................x.......p.......................,.......T...............................0............p..P............................text...4R.......T.................. ..`.rdata...5...p...6...X..............@..@.data...X...........................@....pdata..............................@..@.rsrc...p...........................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2pcsc.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):22672
                                            Entropy (8bit):6.090615033755825
                                            Encrypted:false
                                            SSDEEP:384:XMcD1qEqi5vfk0+qexpcMFZDG7Y/2cmDgf2hk:ccJqEqcktqaFZDG7q2cmUf2hk
                                            MD5:731811B3A5BA6801F96DB51FB861FF19
                                            SHA1:808E071386BA070FF7D8E748B126767399ACB128
                                            SHA-256:16435097037A3992761ABB2E0C389AF8EC824B4A7E5798D17E9BC93FCA228B37
                                            SHA-512:00ADC61E4034E36E39C1E14ABEAAC9C847040419078B0D208D4CF83C10FC5E9C2D1D58F868E9FAE2CAAC5DB46E99A45197B76C2FDA4C0531061177CAE5B08A75
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.fF4x..4x..4x..=...2x..?...6x......5x..?...?x..?...<x..?...7x..o...1x..4x...x......6x......5x......5x......5x..Rich4x..........................PE..d.....`_.........." .........$.......................................................;....`..........................................8.......;.......p..x....`..d....<..........$....2..T............................2..0............0..x............................text............................... ..`.rdata..l....0......................@..@.data...8....P.......0..............@....pdata..d....`.......2..............@..@.rsrc...x....p.......6..............@..@.reloc..$............:..............@..B................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\j2pkcs11.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):73872
                                            Entropy (8bit):6.195941832883278
                                            Encrypted:false
                                            SSDEEP:1536:ySD0+a+9mOjp/5SGXfsXAJfKkNfzN9xV6FSP59XvhRFPSe3QNsqVolyHbMPUNhUC:u+EOl0+fsXAJffznTfHE
                                            MD5:DE36B3A1930B47E44EECA3CB1AE2AAE1
                                            SHA1:3E5A7269A7C6837721337D5DD9EB623F6737C8D9
                                            SHA-256:7F3B0C848C0C848520D2945228F6649D6466A5AB6AAE31A2B03F5B3EF67C23EE
                                            SHA-512:E3FCCB9303B9D20C2B0928B348751B599D2A3836A756F2F7F5C73BC07D84C405135F21AA13F47269244038E90EEF8FF54312FE7086771C5747CABC05D5A9027C
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................C........................................[.....[.....[./....[.....Rich...................PE..d.....`_.........." .........T......d........................................P...........`......................................... ...<...\........0....... ...............@..,.......T...........................`...0............................................text............................... ..`.rdata...7.......8..................@..@.data...h...........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc..,....@......................@..B................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jaas.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):24208
                                            Entropy (8bit):6.183130598428087
                                            Encrypted:false
                                            SSDEEP:384:UZ4fwONuG5nO0+sIEMew1zAgGeeDG7Y8+Dgf2hf:UyeG5RPjmGeeDG7p+Uf2hf
                                            MD5:6BEA7F62ADC026D8E29FD6616B10D368
                                            SHA1:D96DB8DB02EF0878A15A8083B0A8CA4C8BF8718F
                                            SHA-256:4F7BC19ED97E1A43DCAA7A8C912FB9438A3A1EFF16547DEF8EEF30AC5B2D5BAF
                                            SHA-512:2D33D309472E725C232F0CBE618AFE901A82A4AFB07D6D8ADEDE79AB4D398BD08A7E295D884597483182C46071DEFAA1B559771B369FD6BB582B25FB2D45D999
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,...M...M...M...5|..M..."...M..."...M..."...M..."...M..%...M...M...M..."...M..."...M..."...M..."...M..Rich.M..................PE..d.....`_.........." ......... .......#...............................................q....`..........................................>.......>.......p..p....`.......B.......... ....7..T...........................@8..0............0...............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata.......`.......:..............@..@.rsrc...p....p.......<..............@..@.reloc.. ............@..............@..B................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jimage.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):31376
                                            Entropy (8bit):5.976996450086434
                                            Encrypted:false
                                            SSDEEP:768:uYVxfYKjqNCnofFZUWoOvqD29uDG72lUf2heu:uWZ2vCDsViUfe
                                            MD5:25C476EF2DE933F6E8923344B47757B4
                                            SHA1:2B80A4C1196F82509950EDA5891E0AA0B661F90F
                                            SHA-256:160E72FCAAE1C3F44D339CFA6DAC24B630A68522FD639E64C93F1DEE182ADA70
                                            SHA-512:34C9528003C8A8B5F65D9FAB3BA749D943C7D7736C6673185C6C7E6CA24620A712AF1F901D1102857A43D351FB4C5002B259D92211838ABFBCA182E93C3F3B93
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}...}...}.......}...|...}...|...}...|...}.;P....}...x...}...y...}...~...}.a.x...}.a.}...}.a.....}.a.....}.Rich..}.................PE..d.....`_.........." .........2.......4..............................................O.....`..........................................R.. ...0S..........x....p.......^...............D..T...........................@E..0............@...............................text....,.......................... ..`.rdata.."....@.......2..............@..@.data...@....`.......N..............@....pdata.......p.......R..............@..@.rsrc...x............X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jli.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):86672
                                            Entropy (8bit):6.623028807389074
                                            Encrypted:false
                                            SSDEEP:1536:cCoxl/6n1r9v7bg2zXz9DIOpNmwT5/K5fnToIfOdBVtpx8YNfTYkuUf7:xwFG9zbRz9lrmwT5/K5vTBf2BV3x9hTZ
                                            MD5:4EC9C29BDEEA9C12E132FCB7072CE874
                                            SHA1:450D22DFFAF92BC67855004B27CB17F573666B72
                                            SHA-256:8299006BC75BB370B0E1EE220A8F40750DDB7A4E167FC4150A53B39009E3259A
                                            SHA-512:B836238D6CC0734AF6A79D29922339A5899879ABDBF5A7C47DD339ACF27BDC5DC2BB00E9D32F63B84ECBA27649A28D522FB2E64C2762D84A3A51167A2E949226
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..>n..>n..>n..F...>n..Qo..>n.?....>n..Qk..>n..Qj..>n..Qm..>n..Vo..>n..>o..>n.eQj..>n.eQn..>n.eQ...>n.eQl..>n.Rich.>n.................PE..d.....`_.........." ................P...............................................E0....`.........................................`,..D............`..h....P..P....6.......p..\....!..T............................"..0............................................text............................... ..`.rdata...j.......l..................@..@.data........@.......&..............@....pdata..P....P.......(..............@..@.rsrc...h....`.......0..............@..@.reloc..\....p.......4..............@..B........................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jlink.exe

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):20624
                                            Entropy (8bit):5.99862136137216
                                            Encrypted:false
                                            SSDEEP:384:VnsjCL2oOkNlPBKF2Ky5AFXDG7Y5kDgf2h7H:CCblKFFy5ADG7IkUf2hL
                                            MD5:9AC21506BED2C78B8D5276EA7729997E
                                            SHA1:51732CCABDF3769F6F3D902560B88FB390C4069A
                                            SHA-256:0C938265D56C7393CD84F548EEA26B2C5655A71CD04BD6FF81128BB5A7614F00
                                            SHA-512:26CAEB0BA6239012765E44FC707BF6C2DF781EAE76BC4FF10D706DC08F2693851E3F4458410009F61F47261520E82925546175CA879F6B92883AD5F83F6BA38D
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u...............l|......{.......|.......{.......{.......{......`{..............`{......`{......`{......`{......Rich....................PE..d.....`_..........".........."......$..........@.....................................B....`..........................................(..D....(.......`.......P..8....4.......p..<...@#..T............................#..0............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........@.......$..............@....pdata..8....P.......&..............@..@.rsrc........`.......(..............@..@.reloc..<....p.......2..............@..B........................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jmods\java.base.jmod

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Java jmod module version 1.0
                                            Category:dropped
                                            Size (bytes):18367853
                                            Entropy (8bit):7.968497771189572
                                            Encrypted:false
                                            SSDEEP:393216:BLz4LssSDaG2WEXljHcVPZBfJgPWFp93OKqNZNJyXgjrHKzMR:CLJSuCCVHaiPWFpkNzcXgnHKgR
                                            MD5:C6C96A3F5AC8A949A7F920D83D4C8B3F
                                            SHA1:2D6B7E5973DA5B3A469C4D6B426A02B7AA4FF9E2
                                            SHA-256:753BA6FDC8F9C1DE1627D0ABBD03E97E2E97AEF3E5823A6C8C036B68D48C301E
                                            SHA-512:EE9FFC7C6B996B9DD9421E23444F9F3D72E002E6CD50E7816325DE7392E49240D6B239139D5C2C7F7FF01EDE0F35077B95C77C60995E94405A38E1E8F5B263AB
                                            Malicious:false
                                            Preview:JM..PK.........o/Q................classes/module-info.class.9.\...o....@.(D...= ..hP....n...yw4.`.Q..5v.^.+..#.b.b.Fc..!...=.....~7.;3.y3.f..K..&.t.....3..\.F.6...R..!Oa.Y ...<.5sRR.H.m.!.@.(.:.9M.P......h2.kT.IF\.xY.fN.f.X..z.V'#....)4...)N...$.q."+.T.z...Z4......Q......-2.....}.!.....VPHF....&N-#u.x8....g..N.[4:...UZ.kI...@..O=.c...e.R.....-..6.._.e2*.i.2.*...7.j!.Lf~..V..a..@.~<E..U..Mr@)X..IL. Qa/.%.iZZ..n....Z.t/...ei...#^..p&5..P..2..FN)#..f.p.8I'.z.. B.R.j....?Qg.A...w...&......J..Ng4.X.....f.6.q..e.,.d.e.,....Jm.x/...~y...A.A....).AkP..)..JE..4.Rp.~V.)>.......2qI\...t.6.lU_@YL...5.q..(#_...).......q...W...M...L...:.....|....*.o6...$ ..!(..V..*SeD..^y.ZC....Z*.#..A'..31.mH.....%..(.*.TAu=.!f....`.h..H...e...q.$./..]{....M....x.2M...q.1@..KR.X....,.B.ed\ys..rBy$!.&.G..<.Y....M.h...S.A..0..M....s*...\.^e.kg...,j..........%$%......6..ZcF...<.5.....`0%)..)..3.D.k.`Y.....P.....@..........p....[..........0.Y.j....d...Z..U|`83f.0W..Q.8..U..i....[.

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jmods\java.datatransfer.jmod

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Java jmod module version 1.0
                                            Category:dropped
                                            Size (bytes):51389
                                            Entropy (8bit):7.916683616123071
                                            Encrypted:false
                                            SSDEEP:768:GO5DN7hkJDEnwQm0aCDOdC4Lk1eo8eNEyu/73vVjPx5S+3TYWFwSvZt6xdWDvw:GO5h7hkREnyvo8QBuDNjfvD1/3vw
                                            MD5:8F4C0388762CD566EAE3261FF8E55D14
                                            SHA1:B6C5AA0BBFDDE8058ABFD06637F7BEE055C79F4C
                                            SHA-256:AAEFACDD81ADEEC7DBF9C627663306EF6B8CDCDF8B66E0F46590CAA95CE09650
                                            SHA-512:1EF4D8A9D5457AF99171B0D70A330B702E275DCC842504579E24FC98CC0B276F8F3432782E212589FC52AA93BBBC00A236FE927BE0D832DD083E8F5EBDEB67C2
                                            Malicious:false
                                            Preview:JM..PK.........n/Q................classes/module-info.classeP.N.0..../.$...pAM.D.p..!!..X...m.d'.....P7...biw..Y.?._...pM.m..X.q..2.D8o...o.0.J.s...,...".'..>..F..r..M..G.L......!.je.BG....:v.;..a@...Y...3..?.Y....\.m.).CBwn......'.N..+G+^*#.j...R.A..qV.1o...p.....|._.-N$.!.;X....|....G......qi.W{PK...^0.........PK.........n/Q............-...classes/java/awt/datatransfer/Clipboard.class.X.w.W....c...-.Ii...#.P..........@(`.......3.....R...........<....h..W.z......=.=~....l..DN..............;y.@7..#....2.P.._.WR.b.Km..f......9w1T...A.....d..b.r.Ie.Gq,..U+.kcC.be.*.eTe......K3.usU.2...Pe.4T.aYz....>!..q..3.dL.Q..fh/#..P.t.;.f,.."..7..v.(..K7}.2nZ;.Mg..OuzU..c.....!wR.xz....7...tG..d.ED..3...fs.{n\...x...r.!.#X.6.Ke.v........1n.P......#..P...J....)^.dt....k...k...F5...e$.d...=~Do.*t.2....KX....B.#Ha..U2n.j...+fh&....&.zk,.....>...aQ......kj...:.h.Q.uTv.B ......N....*..r'..x..D.4.`k 76fZ....fG..#.....7.4.:w..6....#...x..>lfh.B'.....'l..V.....5..H..

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jmods\java.rmi.jmod

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Java jmod module version 1.0
                                            Category:dropped
                                            Size (bytes):385108
                                            Entropy (8bit):7.9135425794114935
                                            Encrypted:false
                                            SSDEEP:6144:WLo6BW4jXxBTXH4nfLyHInEmCC+Z/GTdy6ixx7KoLUTzROUBczZoUDYbwyKdlO5k:YvxhBDHauHIEDC+ZOTKL1IzCzZoUDYbK
                                            MD5:C4BF3C85D5A2B5A2482D29682F937339
                                            SHA1:2ACCDEEAD4904C6EC919771CE49943C9D6E8A9E9
                                            SHA-256:25FDC4D19B9F9BFF599212307C35ADE3C5B14D8FA326352837E2AC1919A27679
                                            SHA-512:51908DB9F980EAABB144C3BBD38563DF0DE3AD9AD286FD4D4F5C41B4F2D70CF278395E123D8C26A64742858A4B629902532C0AF097D020EDA92A7031AF586B66
                                            Malicious:false
                                            Preview:JM..PK.........n/Q................classes/module-info.classeR.N.1..*......E....ogX.n.411.../Pg..L.i....\^..>..Lwg.b'=?...z.........8eX.M6*dO.K..cX.......J.T.....'.Q...).7..E..q...+.c.!..D.^..WFs,3.4.,O9V.....\9o.pt.....K..Z..'.+8"j...09.&.....g.......q<...H{UJ......Kx../6K.......z.].....C.g.Ka........\.<.!..dWq)..e)..Ik...t...T.+.J..F;S.m.a..4..g.>...Fd..U..C.<..Q....,..4...E.Wt.#..p!l.=....v=Qf..7...k.}T..........n..p.M_.V......F.<.E.............b...U..;.;.R^..;.AL.(...({....8Tw..PK..{;\l........PK.........n/Q............R...classes/com/sun/rmi/rmid/ExecOptionPermission$ExecOptionPermissionCollection.class.V.S.W..]..aY.....hQI".UAJ.V....*..k.\..f7f7......K_./}.C....L.38..8...C..7.........#.:.>d.....;...9y......|!....n...2.^R...g3.=.>.3).4..6u..mZ1.vh.fw1...#.....kY[....5i..:.!A.j.....H.*P)a..*ld....5.dB....i..J...v...W.)O/.-..X.$.ay......K?.2O0.1.[.v........U#........$.)n..q...Qh..lG=..:.M#..g4{.V...6Amn....H .le..hF2"c+v.p............e40.

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\co\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 2587 messages, 3 sysdep messages, Project-Id-Version: vlc 3.0.13 'Cuntenutu arregistratu ver di u schedariu vlc-help.txt.'
                                            Category:dropped
                                            Size (bytes):194500
                                            Entropy (8bit):5.386934488597334
                                            Encrypted:false
                                            SSDEEP:3072:V+h0lNwvQVf1oUmeNQZ3JK5WNigYyNJihhNh3vdaRA/JWTwHlDm8:w2NuQVfaUhNn5zy7HCRWTkP
                                            MD5:C5350E0B09BC622A5A5D823AB65D78B4
                                            SHA1:67A3316E0A624ECB0508077BB668C57CEB305A99
                                            SHA-256:FCFD0817121798BB7E49C623D539B78103CBD5014EAFC0169EAA24D0F610F3E8
                                            SHA-512:5417E85AA9CA3DCE72F6D27E4ADC4FA5A646CA119FDC66842C944C6373257D67E58A962720D0C2231705E57DF39176F0E90158E54B4C0A532856F29E9326218F
                                            Malicious:false
                                            Preview:............0....Q.....................................&.......%..................._.......b.......................................................................................#.......'.......+.......4.......=.......F.......N.......a...#...k...............................................<.......C.......V.......h.......o.......}...............................................................................................................................'.......0.......4...!...:.......\.......m.......v.......................................................................................................................................).......<.......B.......Q.......].......f.......n.......u.......................................................................................................................!.......#.......+.......0.......5.......J.......P.......].......q.......s.......}...................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\cs\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 4103 messages, 5 sysdep messages, Project-Id-Version: vlc 3.0.13 'Obsah vyps\303\241n do souboru vlc-help.txt'
                                            Category:dropped
                                            Size (bytes):318715
                                            Entropy (8bit):5.606501746613347
                                            Encrypted:false
                                            SSDEEP:6144:2IPDCdtYosmcMfzHXUyRRmfirl1yWGWtaHZHbJ0j2Gw:Idtb/ruWwJ0j23
                                            MD5:A813601FF1DE9CF9D516AAF57E61C046
                                            SHA1:7B1ACE9AF788572ED0AD970645DDDE642DC6B947
                                            SHA-256:DA68B4BF254C9869714B985C1062052EEDF7B14D472749D8A2B0904EA39B6972
                                            SHA-512:A277D5C0517A0EEB60518CB4D2D4AFA59894C8698487A5467137A42948B6061437827AFECC365F61D51AD0E160EC828C018BA191C2A2CCDACCA9EAA5392506DD
                                            Malicious:false
                                            Preview:............0...h...e...........4V......TV..hV......DW..&...EW..%...lW.......W.......X......,X......3X......6X..(...eX.......X..=....X..$....X..B... Y.."...cY..#....Y..-....Y.......Y.......Y.......Z.......Z......"Z......3Z..&...DZ......kZ..*...qZ..)....Z.......Z.......Z..6....Z.......[.......[......*[.......[......2[......O[......X[..$...a[.......[.......[.......[.......[..#....[.......[.......[.......[.......[.......\.......\.......\.......\.......\.......\.......\.......\.......\.......\.......\.......\.......\.......].......]...... ]......&]......3]......E]......K]......`]......i]......q]......w].......].......].......].......].......].......]..!....].......].......].......].......^.......^.......^......$^.......^......8^......>^......G^......K^......Y^......e^......}^.......^.......^.......^.......^.......^.......^.......^.......^.......^.......^.......^......._......._......._......._......&_......,_......4_......?_......V_......a_......t_......._......._......._......._......._..

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\cy\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 3696 messages, 10 sysdep messages, Project-Id-Version: vlc 3.0.13 'Cynnwys wedi'i dympio i ffeil vlc-help.txt'
                                            Category:dropped
                                            Size (bytes):277430
                                            Entropy (8bit):5.392019854455813
                                            Encrypted:false
                                            SSDEEP:3072:nJ7gB6AuxEB/tkI90goodX6W3oM2hPGDDeFT3SGzgKVvjrAdTiWJHY63vLixRBpq:J77x8FXCodquDPsVvYoWGoGBu
                                            MD5:7AEF20CDC593C76051DBA2466958FD7C
                                            SHA1:BC86ED7AE29D58724743E431595193E00D910627
                                            SHA-256:E04BBF917256219B018C2D27CED5D848DD41E812BE3013CC569DBE51CF30C56C
                                            SHA-512:4308A5CD23F6FD829052BCE45BCA86FD46C0A2F51B87462FA94361B073EED7737FE361E63FC543AF1B101CF57D7D9FCBE73787EBDCF224F6D46515D77052C497
                                            Malicious:false
                                            Preview:........p...0....s..O...0.......l4......|4...4......\6..&...]6..%....6.......6.......6.......6.......6..(....6.......7..-...H7..=...v7..$....7..=....7..B....8.."...Z8..4...}8..=....8..#....8..$....9..-...99..*...g9..'....9.......9.......9.......:..7...G:.......:.......:.......:..*....:..0....;......2;......A;......T;......e;......v;..+....;..&....;..2....;..2....<......?<..*...E<..)...p<.......<.......<..6....<..*....<..*....=......1=..,...7=......d=.......=..3....=../....=.......=.......=..-....>......8>..6...U>..-....>.......>..2....>.......?.......?.......?......&?.......?......;?......N?..#...X?......|?.......?.......?.......?.......?.......?.......?.......?.......?.......?.......?.......?.......@.......@.......@.......@......"@......5@......?@......E@......R@......d@......j@.......@.......@.......@.......@.......@.......@.......@.......@.......@..!....@.......@.......A.......A.......A......&A......-A......7A......AA......GA......PA......TA......bA......nA.......A.......A.......A..

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\da\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 5823 messages, 12 sysdep messages, Project-Id-Version: vlc 3.0.13 'Indhold blev gemt i vlc-help.txt-filen.'
                                            Category:dropped
                                            Size (bytes):545114
                                            Entropy (8bit):5.36690159214885
                                            Encrypted:false
                                            SSDEEP:6144:vfwVXdCKBy8K2I+EoHu5rfkawim4uD8EpInm4qasCGyPdNORBQHiqrd1w2K6J/eJ:vfKbPEz5LCNas89CVSnq
                                            MD5:D50B77A236ED6837C2983F40C672EDAB
                                            SHA1:A14AAA9CAE05F0420C349147075781C3705FAA12
                                            SHA-256:3C0089931103C059F9586A83D8276E1A3BCC123FDCDEE08D099A7D884660CB86
                                            SHA-512:A304AE806B49221507019D72D22438CC530493B84313C676CE529E2241491C85CFADEA30A6255136FBBDC7B8DDB6C87C13F05A52CD581D2D2A5431E50844E5EA
                                            Malicious:false
                                            Preview:............0...(...m... l..................$.......4...&...5...%...\...............................#.......&.......3...(...b...........-.......=.......$...&...=...K...B.......".......4.......=...$...#...b...$.......-.......*.......'...........,.......[...........7................... .......2...*...H...0...s...................................................+.......&...?...2...f...2...............*.......)...........'.......,...6...1...*...h...*...............,.......................3......./...F.......v.......z...-...............6.......-....... ...G...`...h..._...........)...2...G.......z...........$...............................................#...................$.......-.......8.......A.......G.......O.......................................................".......*.......3.......:.......A.......T.......^.......d.......q...................................................................................................!...........".......3.......<.......J.......S.......[.......b...

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\de\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 6215 messages, 12 sysdep messages, Project-Id-Version: vlc 3.0.13 'Inhalt in Datei vlc-help.txt gespeichert.'
                                            Category:dropped
                                            Size (bytes):616867
                                            Entropy (8bit):5.388673617163153
                                            Encrypted:false
                                            SSDEEP:12288:KwLBniXpP5xasYa2+x9CToMvcFQ1mdgY9G5:hBiXpP5IRa2+PC0veD
                                            MD5:F95027DC90974FB7DFF2200249458C13
                                            SHA1:05B0CAC16184ED564FFE730C924B3E016E41D20C
                                            SHA-256:BB9C56041277AB090B86181C0361B03773E4A664670950A742B2EE9E47EDFAEC
                                            SHA-512:427A5F91028EC5EF988FE6897729509C8527A0B242D95DBCC46537D50FA03F30EEE9E60918DB168183DD7E111305EE1DBB30788F02D06880327836E71A3E75F0
                                            Malicious:false
                                            Preview:........G...0...h...w ..........|.......................&.......%...........*...........................................(...........3...-...b...=.......$.......=.......B...1..."...t...4.......=.......#.......$.......-...S...*.......'...........................2...7...a...........................*.......0...........L.......[.......v...........................+.......&.......2.......2...A.......t...*...z...).......................6.......*.......*...;.......f...,...l...................3......./..................."...-...?.......m...6.......-....... .......`......._...q...........2...........".......+...$...4.......Y.......b.......j.......w...........#...........................................................................................................................................................................................+.......1.......F.......O.......W.......].......f.......s...................................!...............................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\el\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 6215 messages, 12 sysdep messages, Project-Id-Version: vlc 3.0.13 '\316\221\316\275\317\204\316\271\316\263\317\201\316\261\316\274\316\274\316\255\316\275\316\277 \317\200\316\265\317\201\316\271\316\265\317\207\317\214\316\274\316\265\316\275\316\277 \317\203\317\204\316\277 \316\261\317\201\317\207\316\265\316\257\316\277 vlc-help.txt.'
                                            Category:dropped
                                            Size (bytes):844461
                                            Entropy (8bit):5.526096752123193
                                            Encrypted:false
                                            SSDEEP:24576:hrXfP5IRa2HI7AFZBPWNMCrXOUKRBXyS2fvsE5E9Xs7dPC:hDfP5+a2HI7AFZ1WNMCrXOUKRByS2fvu
                                            MD5:D124E112BE2A688B46653F914AD0BD23
                                            SHA1:1C675BDE0F5A681BD98D52549A7AC21C5C4EE206
                                            SHA-256:4B71D7D010A52AD3CFAE0397D500254BC289B6EC4658CD3995661FC44887B1BC
                                            SHA-512:FEEC29E4DAA3BFE6937277665FDA0DF2B7567BFFED90818807AB376E6E217C70CFAA69E30FC4CBF32C54E8D8D5F849F046D6484C4E9000B73AF1E02D8848AB96
                                            Malicious:false
                                            Preview:........G...0...h...w ..........|.......................&.......%...........*...........................................(...........3...-...b...=.......$.......=.......B...1..."...t...4.......=.......#.......$.......-...S...*.......'...........................2...7...a...........................*.......0...........L.......[.......v...........................+.......&.......2.......2...A.......t...*...z...).......................6.......*.......*...;.......f...,...l...................3......./..................."...-...?.......m...6.......-....... .......`......._...q...........2...........".......+...$...4.......Y.......b.......j.......w...........#...........................................................................................................................................................................................+.......1.......F.......O.......W.......].......f.......s...................................!...............................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\en_GB\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.0, 517 messages, Project-Id-Version: vlc 3.0.13 'Press the RETURN key to continue\342\200\246'
                                            Category:dropped
                                            Size (bytes):53697
                                            Entropy (8bit):5.110609455874718
                                            Encrypted:false
                                            SSDEEP:768:b+Jbqw95FjqvabbKW6UYWDW1PSzn5dQc13KKWKbi72QsW3jXXnHamcl3+x:bbCbbKWiWCIn52Y3KKWKbxQbHnHBU3+x
                                            MD5:36E07B6CDB663740F203FD95E02D6383
                                            SHA1:9A46D361CF1D3B28FC6E1E95DDCE9C92A113BE51
                                            SHA-256:1CCE4E569D15E7A3432A15FAD4080DFE966DB63FA421FE7D746B6047AFA53C38
                                            SHA-512:939A6E47C6CEE3E4DA07CE2DDC0E590FA67F54C06C1E74EEDC4DD22654FF95A6BF3B184275759FFE9030BD8577863E355F29C8A61A6EF87568BAF88683240FDD
                                            Malicious:false
                                            Preview:................D.......l ......8+..%...9+......_+.......+..`....+.._...S,.......,.......,.......,.......,.......,.......,.......-.......-.......-......*-......3-......?-..P...J-.......-.. ....-.......-.......-.......-......................................./......./......./......,/......5/......F/......Z/..#...l/......./......./......./......./......./......./......./......./.......0.......0......"0....../0......90......K0......W0......e0......t0..$....0.......0.......0..3....0.......0.......1.......1......-1......A1......T1......m1......}1.......1.......1.......1.......1.......1.......1.......1.......1.......1.......2.......2.......2.......2......(2......52......E2......S2......]2......j2......|2.......2.......2.......2.......2.......2.......2.......2.......2.......2.......2.......3.......3......!3......'3......-3......J3......W3......h3......x3.......3.......3.......4.......4.......4.......4.......5.......5.......5.......5.......6.......6......16......A6......K6.......6.......6......

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\es\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 6215 messages, 12 sysdep messages, Project-Id-Version: vlc 3.0.13 'Contenido guardado a archivo vlc-help.txt.'
                                            Category:dropped
                                            Size (bytes):619317
                                            Entropy (8bit):5.304890146220005
                                            Encrypted:false
                                            SSDEEP:6144:KwLBOaYdTYFViXtxo3xgHe5b2SgRoimsl8es0EpZYmIvba26Rtfkeeo3zGlwicP/:KwLBQTYuXmP5xasYa2IJegu2
                                            MD5:A2AFB79B4CC07943ECD4838622218FD7
                                            SHA1:46A00E4D4039116A27451D004309C8A5322A30A6
                                            SHA-256:CE1B4628C9466781B08926D3E3C7807B239D9901C49FEACEDB8514319FC13195
                                            SHA-512:A1280C0DFC408F69A38D880EEDA5D8A2751A297E0F2E0A6D297C207F025E7A6300AEE812E2885FC56EB98A159E84954CC1EF255593D8A6FF204556896B22F08C
                                            Malicious:false
                                            Preview:........G...0...h...w ..........|.......................&.......%...........*...........................................(...........3...-...b...=.......$.......=.......B...1..."...t...4.......=.......#.......$.......-...S...*.......'...........................2...7...a...........................*.......0...........L.......[.......v...........................+.......&.......2.......2...A.......t...*...z...).......................6.......*.......*...;.......f...,...l...................3......./..................."...-...?.......m...6.......-....... .......`......._...q...........2...........".......+...$...4.......Y.......b.......j.......w...........#...........................................................................................................................................................................................+.......1.......F.......O.......W.......].......f.......s...................................!...............................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\es_MX\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 6205 messages, 12 sysdep messages, Project-Id-Version: vlc 3.0.13 'Contenido guardado a archivo vlc-help.txt.'
                                            Category:dropped
                                            Size (bytes):616740
                                            Entropy (8bit):5.304943713719534
                                            Encrypted:false
                                            SSDEEP:6144:AEUM/jkQt5fnH6YnJ0ig/e5b2S+RoimbyJMs0EpZYmIvba2NRtO9UP/xOu3obUmy:AditJnR5xVsYa24CP8SP
                                            MD5:1B51E058CB2ED6AAE350D5A4DAE014C0
                                            SHA1:9BC21E8AE93B2BCBE2DFF14AC6718877803546A4
                                            SHA-256:F9E358FC1A3867F364D0CFECA94FB7497B0EDE88437EB16E25B692C8CFB83A41
                                            SHA-512:5BBB832B831597DC2AEEB658E7F7E306501BACCBE78FF02D6E4F4D5A8AE569134C5CEA02CF0CE12E1220503C0515AC198F34BC593D2C0B719E2D36C5837FDA89
                                            Malicious:false
                                            Preview:........=...0.......c ..................................&.......%...........:...........................................(...........C...-...r...=.......$.......=.......B...A...".......4.......=.......#.......$...>...-...c...*.......'...........................B...7...q...........................*.......0...+.......\.......k...................................+.......&.......2.......2...Q...........*.......).......................6.......*... ...*...K.......v...,...|...................3......./...................2...-...O.......}...6.......-....... .......`... ..._...............2...........2.......;...$...D.......i.......r.......z...................#...................................................................................................................................................................................).......;.......A.......V......._.......g.......m.......v...........................................!...............................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\et\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 4865 messages, 10 sysdep messages, Project-Id-Version: vlc 3.0.13 'Sisu kirjutati vlc-help.txt faili'
                                            Category:dropped
                                            Size (bytes):408712
                                            Entropy (8bit):5.389142238682703
                                            Encrypted:false
                                            SSDEEP:6144:uN1gUGAHGfoUk0n9/6J8trg5cEpVh9WHaE1G/hSaVfo2RkY:SBYkO+8Y7WHJkfeY
                                            MD5:8781F9BE0C6DEFAD6AE09E3380819542
                                            SHA1:1F4BD0695B7C4B5880CCF81AF396BEF4DB55A5EA
                                            SHA-256:B5574C9DE5217D5738C53325CD40969400D56EA28DC6EFAD1495F1AA04AFBAFA
                                            SHA-512:16279B2E78E685E42AD48D0A35FB3421069021F821DD50E1F9CAED38A0FBB4D4F0B1DC3FCA97042BECD35A4E24A1C1B3A84682D8D90401A4E23C9735A8A98F21
                                            Malicious:false
                                            Preview:............0...8...y...@0......$.......4...\...........&.......%...<.......b..................................(...5...-...^...=.......$......=......B...-..."...p...4.......=......#.......$...*...-...O...*...}...'......................7...........f...................*.......0..................(.......9...+...I...&...u...........*.......)......................6.......*...8...*...c...........,......................3....../...........F.......J...-...g...........-....... ...............2...........R.......[.......d.......m.......u...#.......................................................d.......k.......~..................................................................................................................'......./.......5.......>.......K.......W.......m.......v.......z.......................................................................................................................... .......-.......6.......<.......M.......`.......f.......u...........

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\eu\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 6215 messages, 12 sysdep messages, Project-Id-Version: vlc 3.0.13 'Edukia vlc-help.txt fitxategira iraulita.'
                                            Category:dropped
                                            Size (bytes):624569
                                            Entropy (8bit):5.270124449015679
                                            Encrypted:false
                                            SSDEEP:6144:KwLBOa1G362XiXtxo38gHe5b2SgRoimsl8es0EpZYmIvba26Rt+xLA9KrjZeZkaN:KwLBWkXDP5xasYa2ZA9xEtVintH
                                            MD5:F067B74E24B673334F7F62CC33718D4C
                                            SHA1:2F54AADC45120EABDAF638973E868998F35DF479
                                            SHA-256:46251C4071868E19A023438229EFFC002C72836B46A1C602A70151D859A44562
                                            SHA-512:6D8E4B2851084062AF5672699C7D161EB9A7C36D5ABB55CD3B5C4F626A28A29A9D6CEA72451981673BE00C4397E3FC92A4C4D4AB5CED751092C85720FE3022AE
                                            Malicious:false
                                            Preview:........G...0...h...w ..........|.......................&.......%...........*...........................................(...........3...-...b...=.......$.......=.......B...1..."...t...4.......=.......#.......$.......-...S...*.......'...........................2...7...a...........................*.......0...........L.......[.......v...........................+.......&.......2.......2...A.......t...*...z...).......................6.......*.......*...;.......f...,...l...................3......./..................."...-...?.......m...6.......-....... .......`......._...q...........2...........".......+...$...4.......Y.......b.......j.......w...........#...........................................................................................................................................................................................+.......1.......F.......O.......W.......].......f.......s...................................!...............................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\locale\fa\LC_MESSAGES\vlc.mo

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:GNU message catalog (little endian), revision 0.1, 1791 messages, 2 sysdep messages, Project-Id-Version: vlc 3.0.13 'Press the RETURN key to continue...'
                                            Category:dropped
                                            Size (bytes):165291
                                            Entropy (8bit):5.605787872060407
                                            Encrypted:false
                                            SSDEEP:3072:jFmOTVeCq18UTBfxGDeKHa3vCLDJa3jay5ZuBKTkw5zr4:j8OTrMt4Jdc3jay5eKQw5A
                                            MD5:BFF04D6466D21BE4F88DE3AECDC26A12
                                            SHA1:1316207A494FA7A991580B14B47DF9AE6CADE5B3
                                            SHA-256:468F31B0AE469BC3B80AB2BE907F857A0DCCA551D810BDDD5EB933CDBFE08666
                                            SHA-512:E5A6EEA1580F06D7F28362CAADE932C63003491A9724CABEDF07407B8F8839EF867B5E6DB4B871E265FA4DE4A38F7CFCF565E01BEED7F4AE614EDA5C4F3ACAB4
                                            Malicious:false
                                            Preview:............0...(8..Y... p.............................%.............."........................................................................&...........................................................................................+.......1.......7.......=.......I......._.......e.......n.......u...........................................................................................................................&.......1.......<.......O.......V.......\.......l.......q.......w................................................................................................................................................................).......0.......6.......?.......G.......P.......W.......b.......h.......n.......u.......}.........................................................................................................................................................../...........<..."...C.......f.......t...........................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\net.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):92304
                                            Entropy (8bit):6.287754277940114
                                            Encrypted:false
                                            SSDEEP:1536:/RPowekGocs9utiN97pUHqZcLNCvZQ9dkTSvah1PYR5iARmprtFizAKDUfM:/fZGoXctiD7pUKZcLNd9ESCMPErzizAC
                                            MD5:97F36F156FD847EE7568A26160AC0FC5
                                            SHA1:3EC956D96BA91A828B69CD0B1E88ECC144EE165F
                                            SHA-256:7E5106E9C6B31D308AB7B250FAF21C73805319B72849235D45BEFAF6E1DFEADE
                                            SHA-512:89D5F1B73935834C08BEFD46135A5A9BBDCC88DE25F56380E22024A0D66C4C756AA90B138604D9CEACB91F06928949402F0DC6B436BE477F364C7C83ED692661
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........JqE.$"E.$"E.$"L.."M.$"N.%#G.$"N. #M.$"N.'#G.$"N.!#H.$"..%#A.$".."#D.$"..%#L.$"E.%".$".. #S.$"..$#D.$"..."D.$"..&#D.$"RichE.$"........................PE..d.....`_.........." .........z...........................................................`..........................................&.......A.......p..h....`.......L..................T...........................@...0...................$#..`....................text............................... ..`.rdata...].......^..................@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc...h....p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\nijboq.rar

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:RAR archive data, v5
                                            Category:dropped
                                            Size (bytes):306286
                                            Entropy (8bit):7.999383626016156
                                            Encrypted:true
                                            SSDEEP:6144:GB/CKAdy3bNdOTu6ibYWBLIt7gg7/QQsSdwhbYMfNn+ZmreNI1FN:GBeGXgu6ibY6OIeChjVn+ZiNN
                                            MD5:A33E236314B49AB1B86C02C5F345A3C9
                                            SHA1:1ACE1DECAF57BA1C9B1F6B33A9F1E704B7D588D8
                                            SHA-256:F4A806C1886526DD801C49AA4F2AB116714B5CB5878CAE8895FCFC06D246C44D
                                            SHA-512:B282DC3DEA0B97B05B22083DF621A160161FB389E61D95EEE680B00978C609DA015D7BBC8FD29D7FB93A0DDA2F6CFFA09B25C0C13022C7F7ED787FF80AE20820
                                            Malicious:false
                                            Preview:Rar!.......|!.....;>/...T...);6.-.2f.(#p.`P..P..iv..%.[....P..v..M.wX.mb....+....-...NmV...=..I:.Rl..B..#..h...T..mX...!.(.<......6.;.... ..d...bbQ...+N.{p.m..m......!...gA..;XB....nY\w..E..9..8.^<a...{..y... .S.>.I,.9..|..3.9.T..,A-.......j. ..m..].ie|Q@!k,.)O..x.Iu...D..=,.....C.N....i3...I....=n~.........dZ(..9N..].W..q.&.@L.$.5.....Y..?\...|......A. .`{..^........f....k.....|..u...9Vu.-T....O.d8.j1*......y..u....ECU......pH.w...~...P>[..)a.........:..q..I>.$U.t.+XR..~..,..O..'.w,.E....P..!p........G.....J..:..*.y|LF......e....P{..LRR..#[...P........N=......o.t.......1..9.w"..../...1.k.XU.j.....s.O..Sf/..\nz..PH.P..NT.G.2...V.|.V...6.eS;j.#.d........+..a.3...|`t5..F:0.\...........E....#.4..$.m....*..2....T.:g.B...;.....P!.=.S!....x.s6........X.8.... O.1X.!.........S.".x....!pi.\$V..S...BL..o......{".FR...Q..`y...7.j..g.*rk...qJE1Dk.....eB.!iXC>.].....Q.....9w.]`..8o.7.+A.w\..L@.B".w. >*_._..&.....ci'o.@F.C.}.:.T.Y...t.P....(./

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\nio.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):63632
                                            Entropy (8bit):6.224404987670163
                                            Encrypted:false
                                            SSDEEP:768:46aTvyrCL83Wbq4tAg73UoYbGxWICN83dcbScAwkSyHpFG3jSCs4hNjfXK/hNDGN:IjbHtAyJe83dcWcyS3eCs4h5aO9UfAF
                                            MD5:275F7ECE15AB9F9C62DF3C12A4B32340
                                            SHA1:6F6DA05C0E5C78BFD3C5319A50D342A828126AE1
                                            SHA-256:D63C01B7DF04920FBB50EB7476EDD476886A34AF6B1B5BA3B465871CAE3FA5AF
                                            SHA-512:265931011F8FB8F482EBD7A1448C8496D82D4295C0F95AEA533E9CE8FC1EEE0AC91283FE4ADDDDAF732D9061405A457122B1488697D8EF5E4F4ED99444F91C08
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H"c.)L0.)L0.)L0.Q.0.)L0.FM1.)L0.FI1.)L0.FH1.)L0.FO1.)L0]FM1.)L0.AM1.)L0.)M0>)L0]FH1.)L0]FL1.)L0]F.0.)L0]FN1.)L0Rich.)L0................PE..d.....`_.........." .....n...p.......t....................................... ....../.....`..............................................*..............h.......$...............,.......T...............................0...............P............................text....m.......n.................. ..`.rdata...V.......X...r..............@..@.data...h...........................@....pdata..$...........................@..@.rsrc...h...........................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\prefs.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):22160
                                            Entropy (8bit):6.023260569165963
                                            Encrypted:false
                                            SSDEEP:384:mG53sZg1lhDX6lINp7Yy0acMRfgbDG7Yo6yDgf2hc:r3sZ6lhDzNpYyJRobDG7x6yUf2hc
                                            MD5:E2000CA6B2D664DB59BE241A096B1461
                                            SHA1:93EBEC637AEA9253272E361D3F40C2B7C7881A40
                                            SHA-256:632F1F121B6FE727C6DC279954E27A0400D081DD8503C3CB5DC4ADCB2AC28082
                                            SHA-512:3875D13B373FE4AAD4B635B27CF2839B4B64568CD6C5BD0A3AC3681F19C68FE2FA9A85F0D9473597A538A368C87A07D7A80260939D9CC70EC22DDDAA3434A158
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................R.....................................g.......................g.......g.......g.>.....g.......Rich............................PE..d.....`_.........." .........$......................................................[.....`.........................................p8..<....;.......p..p....`..(....:..........$...02..T............................2..0............0..p............................text...T........................... ..`.rdata..X....0......................@..@.data...8....P......................@....pdata..(....`.......0..............@..@.rsrc...p....p.......4..............@..@.reloc..$............8..............@..B................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rmi.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):17552
                                            Entropy (8bit):5.944925393643568
                                            Encrypted:false
                                            SSDEEP:192:NlqMAAQK26iMVnOqTUSOCEUFAD/MfXDWpHlHoaN+17yZka9sgfxIZHkL5z:zqX828OqnAgfXDG7YEZkDgf2hK5z
                                            MD5:21B77BFB34002ECDBB5056ED3029F90D
                                            SHA1:B8BE9F8B74BB358015F4F78C766546881EF3B622
                                            SHA-256:D5B872DE77D57D627F9C4E40516F34181C9F599A6210266C533D30081D565EAB
                                            SHA-512:6B7729C3421637846AEFE503538CEE5FD006180DBC176B730AA3F2B659FFECA6C4B9AFD6DE90946CE8C021CED0C5BEED10020EF48AD881DE6B4AD17A6EECB722
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........o...<...<...<...<...<...=...<.=...<...=...<...=...<...=...<s..=...<...<...<s..=...<s..=...<s.B<...<s..=...<Rich...<................PE..d.....`_.........." ................,........................................p......pW....`..........................................'..l...l'..d....P..h....@..t....(.......`.. ...p!..T............................!..0............ ...............................text...4........................... ..`.rdata..F.... ......................@..@.data........0......................@....pdata..t....@....... ..............@..@.rsrc...h....P......."..............@..@.reloc.. ....`.......&..............@..B........................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rmid.exe

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):20624
                                            Entropy (8bit):5.987004734669522
                                            Encrypted:false
                                            SSDEEP:192:g09aB3uPFaJU39f1so5q4bbZ+GD/9K1FS5tf9lXHa5AHqDWpHlHoaN+17cXGPbaq:R8y1soseBKFyV65AHqDG7Y+X6Dgf2hd
                                            MD5:0837FA881469110D6E25711EC5030A76
                                            SHA1:C937BC53688932780FEC5217A11280DF4564C6C4
                                            SHA-256:A949011651F2BC32135E92E63DD6DC1CF03EA3F915D7539DCBEA1B8B1AA36EAA
                                            SHA-512:1E78EDF1365C6556A0F7F3367CA838FDAE9BE7CDA7A0131001374E41C5B40433954D1766814D2695AD7244BB9E4B2FFF91B94D4BE71FFAE7D14546B8892F1CF7
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u...............l|......{.......|.......{.......{.......{......`{..............`{......`{......`{......`{......Rich....................PE..d.....`_..........".........."......$..........@..........................................`.........................................`(..@....(.......`.......P..8....4.......p..8... #..T............................#..0............ ...............................text............................... ..`.rdata..".... ......................@..@.data........@.......$..............@....pdata..8....P.......&..............@..@.rsrc........`.......(..............@..@.reloc..8....p.......2..............@..B........................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\rnpkeys.exe

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):799648
                                            Entropy (8bit):6.460397959876444
                                            Encrypted:false
                                            SSDEEP:12288:TjDLTxDDpIpgsrjU70ry9MYpyuaEweqJc2FvjOJz5wLuczdpSlsCNK8hQ4QnnAWm:njxDDek4hl4QnAWgjHj40lDSUD
                                            MD5:AE63517A3CE7949A2C084CD7541C2FD8
                                            SHA1:8DAFA610A0C3AA6EE2E50F657C90757BFAE80336
                                            SHA-256:14B6F5C640C73CDD99E5834E7A56AB3D2912ABE623BF5E41946154DAD69E5F26
                                            SHA-512:FD5A85D902B376226D14BAFE7C9AD9AABFC5245C61E2C3C17D12227DCCBD9AEE3B21E59A9357349DABCDC5ECAFDA9FC2AB737E8F06D7B7490931648021B3C1F3
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....|e.........."..........0.................@.....................................$....`..................................................i..d...............Dg.......)...........P..........................(.......8............p...............................text............................... ..`.rdata..............................@..@.data....D.......(...^..............@....pdata..Dg.......h..................@..@.00cfg..(....@......................@..@.tls.........P......................@....voltbl.:....`.........................._RDATA.......p......................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\srv\classes.jsa

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):12124160
                                            Entropy (8bit):4.1175508751036585
                                            Encrypted:false
                                            SSDEEP:49152:opbNLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8p8j:o9NDU1eB1
                                            MD5:8A13CBE402E0BBF3DA56315F0EBA7F8E
                                            SHA1:EE8B33FA87D7FA04B9B7766BCF2E2C39C4F641EA
                                            SHA-256:7B5E6A18A805D030779757B5B9C62721200AD899710FF930FC1C72259383278C
                                            SHA-512:46B804321AB1642427572DD141761E559924AF5D015F3F1DD97795FB74B6795408DEAD5EA822D2EB8FBD88E747ECCAD9C3EE8F9884DFDB73E87FAD7B541391DA
                                            Malicious:false
                                            Preview:.................*.\.....................................+................................Ol.....................................">.............................d..3......................A.......@...... t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\srv\classes_nocoops.jsa

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):12124160
                                            Entropy (8bit):4.117842215789484
                                            Encrypted:false
                                            SSDEEP:49152:lIsY5NLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8v:lYNDUK7k59
                                            MD5:8DD2CDF8B1702DEE25F4BC2DCE10DA8F
                                            SHA1:7AE8D142C41159D65C7AB9598C90EC1DF33138D1
                                            SHA-256:B19E92D742D8989D275BB34FB7828211969997D38FF9250D9561F432D5C5F62C
                                            SHA-512:6CEBD788559543623A3F54154F6C84E31A9716CFFA19D199087F0704CC9016F54CF0B3CFF6D8DB65428138EEB12553B23EBA7EDAF5B64A050A077DD2951286B0
                                            Malicious:false
                                            Preview:....j..L.........*.\.....................................+..............................j..-.....................................!>.............................|<:.......................A.......@...... t...............................".....................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\srv\jvm.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):11394704
                                            Entropy (8bit):6.390661514563496
                                            Encrypted:false
                                            SSDEEP:196608:Nx/CuWMTWEv0qY/fpk97lfo7LSOcOCuCxQ5WOJO7sFbIH/EEqsmCFzpbBJApxkjE:NxIMTWEv0qY/fpk97lfo7LSOcOCuCxQD
                                            MD5:B97B7AAB1F877A7B3A426A434ED5562D
                                            SHA1:12D88F7C2FE3D3908BFEDD415CF3C6590CEB42CB
                                            SHA-256:B30ACCB880B398FC9743A51831A741CE22364FE091AFF9846CF457A772BBE2A2
                                            SHA-512:23489E913523444FE24462E36A70EC5B8E6C1CFC4C7AC1DD8290DAA778362789B484E43B4A35930EAFC6B29C2322597B38F7AEA19E029A09FAAC9A5ED42D1D77
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............~...~...~.....~......~.i....~...z...~...}...~...{..~......~......~.3.{.I.~.3.~...~.3....~......~.3.|...~.Rich..~.................PE..d...6.`_.........." ......}...8.....$.}............................................KU....`............................................................8.......P....................T......................(...P..0.............}..............................text.....}.......}................. ..`.rdata..D.!...}...!...}.............@..@.data........@......................@....pdata..P...........................@..@.rsrc...8.........................@..@.reloc............................@..B................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\uiaehuv.rar

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Non-ISO extended-ASCII text, with very long lines (65536), with no line terminators
                                            Category:dropped
                                            Size (bytes):307000000
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:3:33H:n
                                            MD5:2B409220FDE291217B91ACD53D850544
                                            SHA1:B06D5F1A8690A88A3A8859188DD94DDACAC7A8F5
                                            SHA-256:CE8DF06A5EFF7A9D852E192A1979C267F277553C73AE17A81502B62C0DD95E45
                                            SHA-512:9D1A41D5EBBAEB6D8B2BCF8CE3DCD4DB9205FF67AE29492D7D311CA8AD182E4B2D360287CDED942DDA6FB2C97A3261C95E29ADFF5D71F70A337A5C038B3343E7
                                            Malicious:false
                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\vlc.ico

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:MS Windows icon resource - 6 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                            Category:dropped
                                            Size (bytes):73164
                                            Entropy (8bit):7.359281145016179
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:3F06061E0600712128B17CAED76DAD0C
                                            SHA1:71BABAE2068F98074799D449323F466BAFA48F2C
                                            SHA-256:E65ADB3CD7A08D343C0D2C4D1C20E0213B01429A8A8113EA9D2732F4433979C2
                                            SHA-512:F7D3098178078FE36E1CA1672C5A11545EC1CBE1B0CA26CBB4806BAA8E464A348739C602EF5F98DCE4B77E61CE942504F687445DA5508E028122E3F0375FB74A
                                            Malicious:false
                                            Preview:...... ..........f...........h............. .....v...00.... ..%...... .... ............... .h...d...(... ...@................................2.......b..J....f...z..........b...R......&z...n..............R....Z...F.......n...n.......Z.......z...b..J....>...j..J...j...........R...v..................&...........R........v.......j.......:..fz...z...f...n...N...........Z..........J....j...........f...R...............r...f..F...:...R...............b...z...r.......^...J...~...B...j..F............V...:..>z...........^.......6..:r..J....z..........b...V......:....n......R....F.......n...r.......Z.......b...>...j.......v..........*...........n....v...j..v............R..F....~...r..J....V..^....f...>.......Z.......f.......r...f.......^...~...V......................J....................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\w2k_lsa_auth.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):27792
                                            Entropy (8bit):6.133744679521017
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:41E8E69AF1369F1AE608B0B3A68FCF7F
                                            SHA1:C5D10756B858CA990AF4CB25EAE122EF970A3487
                                            SHA-256:225540844A45DC342C72771D112CB22AC65EDCD5E626A908DA7F708A0E29E9E5
                                            SHA-512:8BFB19CE4E6ECC6FD8AADA923D96C01ED6A7DE0A8F0220B6E669835478ABA3AE8519D4023235F68FE5BC71D86CF50FCE399CB44A2BE38B3EEC667F475C55507F
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Da..%...%...%...]...%...J...%...J...%...J...%...J...%..M...%...%...%..(J...%..(J...%..(J...%..(J...%..Rich.%..................PE..d.....`_.........." .....$...0.......(...............................................Z....`..........................................T.......T...............p..|....P..........$...0M..T............................M..0............@...............................text....".......$.................. ..`.rdata.......@.......(..............@..@.data........`.......D..............@....pdata..|....p.......F..............@..@.rsrc................J..............@..@.reloc..$............N..............@..B................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Microsoft\Installer\{B1B66780-D60D-433F-9DFF-34A6F436A96E}\icon_25.exe

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                            Category:dropped
                                            Size (bytes):187137
                                            Entropy (8bit):4.642988795116356
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:3353DF7B5F65D56082398CD5FAD14687
                                            SHA1:27A0E9DF2C39CF4242C7BD3C28D1CE098100A4AF
                                            SHA-256:95FA1D58705395373EB5416C5A1D28E1258074CDFE4AAA00FAAC54AA00ACCF30
                                            SHA-512:29E8AB8F94BB3396DE215790A1AF01E664AE5574AA5E1A760ABAF8C39BEA7691A6FE8A1CD1E8E7384319408F8CA0CC0B9F4C0C13180939D117E2AF0DDED485A5
                                            Malicious:false
                                            Preview:............ ..b............ .(...Ac..``.... .....ik..HH.... ..T......@@.... .(B...T..00.... ..%...... .... .....i......... ............... .h........PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..}y..U...Su.^....;."...(.."....0..8.....vEaPt.qT.`+.8# ` 8.....%{...{-...........t._..KU.:.s...."D..!B..."D..!B..."D..!B..."D..!B..."D..!B..."D..!B..."D.'@{.."......./_N.'.p.5t.....[.+\.l.../..|.r6..@...`....,....K....B2:%.K.n$u.h.:.:W........3G..>....r0@....5k...X.n].3.B.<.O%G.R.F/.7.......$..l...<........Zx.,G..j..ba"o-....C..._...U........t.k.-.....i......203a.r.5....>...[.....zw...~....E....]+n'...u..u..:a.$.....@.P.p31..f.....Ck!D.."#...E....-...r...u....Dn..-..r........:.$,[..^....a.!".....]]..~...-.et.zb.P.X...WY...|.....D.$.6K.f.................#...5.(8F .2.$.H".. .4..+x.K.IXr.../...H.5.W..O\t.&......%...l.#...:"...`..rq.... .LR....Y..].a._....".....T............L.....&...`L.i...'.(.<...1. 0..5.p....YB.&.K.....|.x.~.O`M,e?$.......\..

                                            C:\Windows\Installer\570a0b.msi

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {847FACC8-465F-4938-AF1A-A70D5A9EDA57}, Number of Words: 10, Subject: IcuApp, Author: Icuuq Cmpq, Name of Creating Application: IcuApp, Template: x64;2057, Comments: This installer database contains the logic and data required to install IcuApp., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Aug 26 09:54:16 2024, Last Saved Time/Date: Mon Aug 26 09:54:16 2024, Last Printed: Mon Aug 26 09:54:16 2024, Number of Pages: 450
                                            Category:dropped
                                            Size (bytes):35910144
                                            Entropy (8bit):7.941902122746861
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:7B9E449D03CC0E3E5FD65DD019505BCB
                                            SHA1:26EB5C00591FA4307CBF71C95D9A0B63CA6CD5D3
                                            SHA-256:BB193B20D415134B38B673F30B232325F9CABFF21732957266D2D207E2B7E170
                                            SHA-512:4A70427A618A1B30119337B5475ACDF74BC4E49C8DDDD58D633127593AF5D7D6162B035D462B54B42F9DC7EBBC366F197BC122A3C1140BFCF40E839969BA21DA
                                            Malicious:false
                                            Preview:......................>...................$...................................^.......................5.......k.......c.......y...z...{...|...}...~...........................O...P...Q...R...S...T...[.......................;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~...............................Z...............................5...6........................................................................... ...!..."...#...$...%...&...'...(...)...3...+...,...-......./...0...1...2.......4...7...@...L...8...9...:...;...<...=...>...?...D...A...B...C...J...E...F...G...H...I.......K...[...M...N...O...P...Q...R...S...T...U...V...W...X...Y...........\...]...........`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                            C:\Windows\Installer\570a0e.msi

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {847FACC8-465F-4938-AF1A-A70D5A9EDA57}, Number of Words: 10, Subject: IcuApp, Author: Icuuq Cmpq, Name of Creating Application: IcuApp, Template: x64;2057, Comments: This installer database contains the logic and data required to install IcuApp., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Aug 26 09:54:16 2024, Last Saved Time/Date: Mon Aug 26 09:54:16 2024, Last Printed: Mon Aug 26 09:54:16 2024, Number of Pages: 450
                                            Category:dropped
                                            Size (bytes):35910144
                                            Entropy (8bit):7.941902122746861
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:7B9E449D03CC0E3E5FD65DD019505BCB
                                            SHA1:26EB5C00591FA4307CBF71C95D9A0B63CA6CD5D3
                                            SHA-256:BB193B20D415134B38B673F30B232325F9CABFF21732957266D2D207E2B7E170
                                            SHA-512:4A70427A618A1B30119337B5475ACDF74BC4E49C8DDDD58D633127593AF5D7D6162B035D462B54B42F9DC7EBBC366F197BC122A3C1140BFCF40E839969BA21DA
                                            Malicious:false
                                            Preview:......................>...................$...................................^.......................5.......k.......c.......y...z...{...|...}...~...........................O...P...Q...R...S...T...[.......................;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~...............................Z...............................5...6........................................................................... ...!..."...#...$...%...&...'...(...)...3...+...,...-......./...0...1...2.......4...7...@...L...8...9...:...;...<...=...>...?...D...A...B...C...J...E...F...G...H...I.......K...[...M...N...O...P...Q...R...S...T...U...V...W...X...Y...........\...]...........`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                            C:\Windows\Installer\MSI117F.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):756576
                                            Entropy (8bit):6.616629532136608
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B158D8D605571EA47A238DF5AB43DFAA
                                            SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                            SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                            SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI120D.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):756576
                                            Entropy (8bit):6.616629532136608
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B158D8D605571EA47A238DF5AB43DFAA
                                            SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                            SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                            SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI1346.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):756576
                                            Entropy (8bit):6.616629532136608
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B158D8D605571EA47A238DF5AB43DFAA
                                            SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                            SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                            SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI1B27.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):756576
                                            Entropy (8bit):6.616629532136608
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B158D8D605571EA47A238DF5AB43DFAA
                                            SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                            SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                            SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI1B57.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):373600
                                            Entropy (8bit):6.517672795827092
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:54D74546C6AFE67B3D118C3C477C159A
                                            SHA1:957F08BEB7E27E657CD83D8EE50388B887935FAE
                                            SHA-256:F9956417AF079E428631A6C921B79716D960C3B4917C6B7D17FF3CB945F18611
                                            SHA-512:D27750B913CC2B7388E9948F42385D0B4124E48335AE7FC0BC6971F4F807DBC9AF63FE88675BC440EB42B9A92551BF2D77130B1633DDDA90866616B583AE924F
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........."..q..q..q3..p..q3..pP.q.s.p..q.s.p..q.s.p..q3..p..q3..p..q..q..q.s.p..q.s.p..q.sJq..q.."q..q.s.p..qRich..q........................PE..L.....e.........."!...&............................................................R4....@A............................X............`...............v..`=.......5..`...p...............................@............................................text...Z........................... ..`.rdata...!......."..................@..@.data....!...0......................@....rsrc........`.......(..............@..@.reloc...5.......6...@..............@..B................................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI2134.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):215809
                                            Entropy (8bit):5.040513607802485
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4256E622BD4671484EAC07739B00CB98
                                            SHA1:B646BDFC04357C304230F23EB25DA0194BB6D5BD
                                            SHA-256:7A4D6F8C3E32ACBBA3A2C0DA43D5EBE1F070DC509712BA83D18F69E8C4A29E31
                                            SHA-512:DED4E46BE0F684235178C1F02F81B058E4C2241CB00F3E0B8F099D9AFBBE5361AAD420FC658D6D964CCF903681F0B707C139C775222A75BE6B09B69FF97D3D07
                                            Malicious:false
                                            Preview:...@IXOS.@.....@.e.Y.@.....@.....@.....@.....@.....@......&.{B1B66780-D60D-433F-9DFF-34A6F436A96E}..IcuApp..r3Zor4OEe5.msi.@.....@.....@.....@......icon_25.exe..&.{847FACC8-465F-4938-AF1A-A70D5A9EDA57}.....@.....@.....@.....@.......@.....@.....@.......@......IcuApp......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@R....@.....@.]....&.{A1891289-FBA3-4394-97C6-59BEB51FC0CD}2.C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\.@.......@.....@.....@......&.{BA9848B9-FD9A-4F66-A260-353B1A39344A}&.21:\Software\Icuuq Cmpq\IcuApp\Version.@.......@.....@.....@......&.{B38797AC-AC2E-421D-B180-F8E18558EE2F}F.C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\jmods\java.base.jmod.@.......@.....@.....@......&.{F1C6C119-92FE-4258-B0E3-6BABD549DF7B}A.C:\Users\user\AppData\Roaming\Icuuq Cmpq\IcuApp\srv\classes.jsa.@.......@.....@.....@......&.{40B539D7-F501-49C5-A9AE-7A21A44D396B}=.C:\Users\

                                            C:\Windows\Installer\MSIE7F.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):756576
                                            Entropy (8bit):6.616629532136608
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B158D8D605571EA47A238DF5AB43DFAA
                                            SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                            SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                            SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSIF7A.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):756576
                                            Entropy (8bit):6.616629532136608
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B158D8D605571EA47A238DF5AB43DFAA
                                            SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                            SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                            SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\SourceHash{B1B66780-D60D-433F-9DFF-34A6F436A96E}

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):20480
                                            Entropy (8bit):1.164986528731125
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:A3D4AA7A82170300C1C50B00FAEFB36F
                                            SHA1:1B005491753066AEB1ED88F4613E352F06A91778
                                            SHA-256:66A51131A3DADD901595A931E9843F1EA0173C6561F390182AF065B0540C3BA7
                                            SHA-512:910A8C57D66D90EE7F2A2A0377A41A3AC3072EA6CB53B1D6D1733A25CF4C7EFE9FAC82239B5F68B701779435E5B300DE1FCBB58D3DCBF85CC7573726D10DDA85
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\inprogressinstallinfo.ipi

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):20480
                                            Entropy (8bit):1.5369150673506673
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:088ACAE5AB6F0D994743CC4D05C45E4B
                                            SHA1:0E3611F7B75DECC1DDFD93CEA40114B2BF4ED9EB
                                            SHA-256:F002066C71ACDF4CF15D4E752577EA4D04718E6B9883BBBC29BAD3231E38D409
                                            SHA-512:2EC949E030CD116007E6BD6402A7849686721A0418259C8A9552083D7426DE5F74363B8DEDC7ADBE080F52B994B0EC28C51515915BDBD06D5B3A5573FF22A3A8
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):364484
                                            Entropy (8bit):5.365493090919163
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BC89219E6D9F20F5F65D01BE59EB7478
                                            SHA1:7025A45B73C2FF8B7B630053EA5BAB1882CB1BF6
                                            SHA-256:6880F61FE47B26B03D7AD5A2A5BDFE8FE75D46C83F5F74A91603CA9D2784B0DD
                                            SHA-512:B5F28071D9AF1A48F2BF8F8159C613DA8A1A9C97EDF0E1978A11FA4B2A4E6E082739FE1D3794DC123431205FD0D85C306142FD2A6A46E08974026FE3CCAD4596
                                            Malicious:false
                                            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                            C:\Windows\Temp\~DF2BD579F6C7F82AA6.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):20480
                                            Entropy (8bit):1.5369150673506673
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:088ACAE5AB6F0D994743CC4D05C45E4B
                                            SHA1:0E3611F7B75DECC1DDFD93CEA40114B2BF4ED9EB
                                            SHA-256:F002066C71ACDF4CF15D4E752577EA4D04718E6B9883BBBC29BAD3231E38D409
                                            SHA-512:2EC949E030CD116007E6BD6402A7849686721A0418259C8A9552083D7426DE5F74363B8DEDC7ADBE080F52B994B0EC28C51515915BDBD06D5B3A5573FF22A3A8
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF2EFFE9EA79457652.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):73728
                                            Entropy (8bit):0.12697450066887614
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:6BE8D03BD0564737736149D47738ABCA
                                            SHA1:61E14F67D5CC2235FDECF1B5C590777BC13C1AC7
                                            SHA-256:3EA788CCD5EA0DEFD43D895B609FB913A4C25AF3115D7ECBEDB94F46E09DECFC
                                            SHA-512:9F8D0C50CA401F9BDC3E202CFDA8F8290A9A5E79631B7FDD34C29642118877B834D1612612C4B629A7689258F51A2A73BBBD3B30245515EA6AD333EACC18112E
                                            Malicious:false
                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF341BF03659C2EC12.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):20480
                                            Entropy (8bit):1.5369150673506673
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:088ACAE5AB6F0D994743CC4D05C45E4B
                                            SHA1:0E3611F7B75DECC1DDFD93CEA40114B2BF4ED9EB
                                            SHA-256:F002066C71ACDF4CF15D4E752577EA4D04718E6B9883BBBC29BAD3231E38D409
                                            SHA-512:2EC949E030CD116007E6BD6402A7849686721A0418259C8A9552083D7426DE5F74363B8DEDC7ADBE080F52B994B0EC28C51515915BDBD06D5B3A5573FF22A3A8
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF39DFB11D985183B0.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF3B6527C454D44616.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF654CB57AEEEFB9A1.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):32768
                                            Entropy (8bit):0.07213544074640627
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:E62126E659E9F68411419F3BD6D2F4BA
                                            SHA1:D43C2B5DADF1AD7CD255D5156EE554C01438B6C3
                                            SHA-256:B06A7E2340EB2A93D78A3E7775F947656631DB6AF8710C3C9173BCFAB08CEEF5
                                            SHA-512:A33535F02728689EA55888CEB6D1347CDE094EB3519C6AE80851C29FDBCE35CC30018E03C8D0EDA8981F71AAC6A0D3634F00561B7412A6A59C6FEF113B9BFD3F
                                            Malicious:false
                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF78BBE61A06B603F8.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF884265A42E7B07E1.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFA8C13C3B448AACB9.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):32768
                                            Entropy (8bit):1.2338949454260586
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B06AE937D20262E2C085BC8E1D89AE31
                                            SHA1:33EADEC8B11A23F276A09588CB407F2B43A21068
                                            SHA-256:0678502EECF5C88AF7E444BDFB619564C5C18C9D0F021789B6A49A093A81C94C
                                            SHA-512:FE8D2B053D8A12ED945D97BD9DA537265B20B0B90CA4B5FF21C231932F8E681B60904C19444D866F7171436B4690D3EBB13E31305BAA78822333F5A3C31EDA12
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFB155AF76AB21BD8C.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):32768
                                            Entropy (8bit):1.2338949454260586
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B06AE937D20262E2C085BC8E1D89AE31
                                            SHA1:33EADEC8B11A23F276A09588CB407F2B43A21068
                                            SHA-256:0678502EECF5C88AF7E444BDFB619564C5C18C9D0F021789B6A49A093A81C94C
                                            SHA-512:FE8D2B053D8A12ED945D97BD9DA537265B20B0B90CA4B5FF21C231932F8E681B60904C19444D866F7171436B4690D3EBB13E31305BAA78822333F5A3C31EDA12
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFE4994961F2F79BC1.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFF4CAF8004D6295D9.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):32768
                                            Entropy (8bit):1.2338949454260586
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B06AE937D20262E2C085BC8E1D89AE31
                                            SHA1:33EADEC8B11A23F276A09588CB407F2B43A21068
                                            SHA-256:0678502EECF5C88AF7E444BDFB619564C5C18C9D0F021789B6A49A093A81C94C
                                            SHA-512:FE8D2B053D8A12ED945D97BD9DA537265B20B0B90CA4B5FF21C231932F8E681B60904C19444D866F7171436B4690D3EBB13E31305BAA78822333F5A3C31EDA12
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            Static File Info

                                            General

                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {847FACC8-465F-4938-AF1A-A70D5A9EDA57}, Number of Words: 10, Subject: IcuApp, Author: Icuuq Cmpq, Name of Creating Application: IcuApp, Template: x64;2057, Comments: This installer database contains the logic and data required to install IcuApp., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Aug 26 09:54:16 2024, Last Saved Time/Date: Mon Aug 26 09:54:16 2024, Last Printed: Mon Aug 26 09:54:16 2024, Number of Pages: 450
                                            Entropy (8bit):7.941902122746861
                                            TrID:
                                            • Windows SDK Setup Transform Script (63028/2) 88.73%
                                            • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                                            File name:r3Zor4OEe5.msi
                                            File size:35'910'144 bytes
                                            MD5:7b9e449d03cc0e3e5fd65dd019505bcb
                                            SHA1:26eb5c00591fa4307cbf71c95d9a0b63ca6cd5d3
                                            SHA256:bb193b20d415134b38b673f30b232325f9cabff21732957266d2d207e2b7e170
                                            SHA512:4a70427a618a1b30119337b5475acdf74bc4e49c8dddd58d633127593af5d7d6162b035d462b54b42f9dc7ebbc366f197bc122a3c1140bfcf40e839969ba21da
                                            SSDEEP:786432:ot9wUyTDXySTjxA4Ztx2+G+N0WYQYBXPByttH+dktHEDv0ylvnA:ot9Q7xVLYjsp+ikJlPA
                                            TLSH:7277230091B3B515F7ABB2BF2AB95FE48549BC6A02E59DF7637173B906F10920433893
                                            File Content Preview:........................>...................$...................................^.......................5.......k.......c.......y...z...{...|...}...~...........................O...P...Q...R...S...T...[.......................;...<...=...>...?...@...A...B..

                                            File Icon

                                            Icon Hash:2d2e3797b32b2b99

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                            2024-08-28T18:47:05.379095+0200TCP2829202ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA149704443192.168.2.5188.114.96.3

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Aug 28, 2024 18:47:04.802357912 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:04.802460909 CEST44349704188.114.96.3192.168.2.5
                                            Aug 28, 2024 18:47:04.802555084 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:04.804663897 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:04.804699898 CEST44349704188.114.96.3192.168.2.5
                                            Aug 28, 2024 18:47:05.300775051 CEST44349704188.114.96.3192.168.2.5
                                            Aug 28, 2024 18:47:05.300884008 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:05.376471043 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:05.376494884 CEST44349704188.114.96.3192.168.2.5
                                            Aug 28, 2024 18:47:05.376718044 CEST44349704188.114.96.3192.168.2.5
                                            Aug 28, 2024 18:47:05.376780987 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:05.378932953 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:05.379025936 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:05.379040956 CEST44349704188.114.96.3192.168.2.5
                                            Aug 28, 2024 18:47:05.892755985 CEST44349704188.114.96.3192.168.2.5
                                            Aug 28, 2024 18:47:05.892823935 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:05.892842054 CEST44349704188.114.96.3192.168.2.5
                                            Aug 28, 2024 18:47:05.892853975 CEST44349704188.114.96.3192.168.2.5
                                            Aug 28, 2024 18:47:05.892913103 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:05.903544903 CEST49704443192.168.2.5188.114.96.3
                                            Aug 28, 2024 18:47:05.903559923 CEST44349704188.114.96.3192.168.2.5

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Aug 28, 2024 18:47:04.746022940 CEST6201653192.168.2.51.1.1.1
                                            Aug 28, 2024 18:47:04.795193911 CEST53620161.1.1.1192.168.2.5

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Aug 28, 2024 18:47:04.746022940 CEST192.168.2.51.1.1.10xe34dStandard query (0)get-license4.comA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Aug 28, 2024 18:47:04.795193911 CEST1.1.1.1192.168.2.50xe34dNo error (0)get-license4.com188.114.96.3A (IP address)IN (0x0001)false
                                            Aug 28, 2024 18:47:04.795193911 CEST1.1.1.1192.168.2.50xe34dNo error (0)get-license4.com188.114.97.3A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • get-license4.com

                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.549704188.114.96.34437420C:\Windows\SysWOW64\msiexec.exe
                                            TimestampBytes transferredDirectionData
                                            2024-08-28 16:47:05 UTC198OUTPOST /licenseUser.php HTTP/1.1
                                            Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                            User-Agent: AdvancedInstaller
                                            Host: get-license4.com
                                            Content-Length: 44
                                            Cache-Control: no-cache
                                            2024-08-28 16:47:05 UTC44OUTData Raw: 49 73 49 43 53 3d 30 26 4c 61 6e 67 43 6f 64 65 3d 35 38 37 35 26 41 77 61 69 74 54 6d 70 3d 31 37 26 4b 69 69 64 3d 38 31 32 35 37
                                            Data Ascii: IsICS=0&LangCode=5875&AwaitTmp=17&Kiid=81257
                                            2024-08-28 16:47:05 UTC632INHTTP/1.1 200 OK
                                            Date: Wed, 28 Aug 2024 16:47:05 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            Vary: Accept-Encoding
                                            Cache-Control: no-store
                                            CF-Cache-Status: DYNAMIC
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tu%2F%2BV2DZnvCfHXnpPWwSHhTDGompWQFQh22%2B%2FLHNFLGhWyxNe3IXol0r3EONR%2FBb0gKRMH0PX0B%2FT95T8jkTiMlM269BD6m672Ryf9FetR73J8ivqqtNc2f%2B%2Bhn%2FhtoTNn4a"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 8ba5c7faec1a440e-EWR
                                            alt-svc: h3=":443"; ma=86400
                                            2024-08-28 16:47:05 UTC7INData Raw: 32 0d 0a 30 61 0d 0a
                                            Data Ascii: 20a
                                            2024-08-28 16:47:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:12:46:59
                                            Start date:28/08/2024
                                            Path:C:\Windows\System32\msiexec.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\r3Zor4OEe5.msi"
                                            Imagebase:0x7ff6c30b0000
                                            File size:69'632 bytes
                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:1
                                            Start time:12:46:59
                                            Start date:28/08/2024
                                            Path:C:\Windows\System32\msiexec.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                            Imagebase:0x7ff6c30b0000
                                            File size:69'632 bytes
                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:false

                                            General

                                            Target ID:3
                                            Start time:12:47:00
                                            Start date:28/08/2024
                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding ACEE42F6E57521698C9A0D746A0AD34D
                                            Imagebase:0x40000
                                            File size:59'904 bytes
                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Disassembly

                                            No disassembly