Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Predios.exe

Overview

General Information

Sample name:Predios.exe
Analysis ID:1427676
MD5:b3f39d9d07c9ab215c5e204e7d1d46e8
SHA1:9a3122ff03254992c5a0b3d34ac181316a217268
SHA256:5e868e8eb5b82146457dc9381d68fb603e267c1ade4ba4ee5517be6afc70e33d
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Sigma detected: COM Hijacking via TreatAs
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample searches for specific file, try point organization specific fake files to the analysis machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64_ra
  • Predios.exe (PID: 7148 cmdline: "C:\Users\user\Desktop\Predios.exe" MD5: B3F39D9D07C9AB215C5E204E7D1D46E8)
    • Setup.exe (PID: 6152 cmdline: "C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe" MD5: 6911BC3432DFAF16063F6C2AF5EB4B52)
      • IKernel.exe (PID: 3988 cmdline: "C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe" -RegServer MD5: B3FD01873BD5FD163AB465779271C58F)
  • IKernel.exe (PID: 6228 cmdline: C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding MD5: B3FD01873BD5FD163AB465779271C58F)
    • IKernel.exe (PID: 6336 cmdline: "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /REGSERVER MD5: B3FD01873BD5FD163AB465779271C58F)
    • IKernel.exe (PID: 6360 cmdline: "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /UNREGSERVER MD5: B3FD01873BD5FD163AB465779271C58F)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: COM Hijacking via TreatAs
Source: Registry Key setAuthor: frack113: Data: Details: {22D84EC7-E201-4432-B3ED-A9DCA3604594}, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe, ProcessId: 3988, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8c3c1b17-e59d-11d2-b40b-00a024b9dddd}\TreatAs\(Default)
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding, CommandLine: C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe, NewProcessName: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe, OriginalFileName: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 804, ProcessCommandLine: C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding, ProcessId: 6228, ProcessName: IKernel.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Predios.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.cab
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\
Source: Predios.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: clean3.winEXE@10/23@0/0
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\
Source: C:\Users\user\Desktop\Predios.exeFile created: C:\Users\user\AppData\Local\Temp\plfDD4A.tmp
Source: Predios.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeFile read: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.ini
Source: C:\Users\user\Desktop\Predios.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\Predios.exeFile read: C:\Users\user\Desktop\Predios.exe
Source: unknownProcess created: C:\Users\user\Desktop\Predios.exe "C:\Users\user\Desktop\Predios.exe"
Source: C:\Users\user\Desktop\Predios.exeProcess created: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe "C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe" -RegServer
Source: unknownProcess created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /REGSERVER
Source: C:\Users\user\Desktop\Predios.exeProcess created: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe "C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe" -RegServer
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /REGSERVER
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /UNREGSERVER
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /UNREGSERVER
Source: C:\Users\user\Desktop\Predios.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: acgenral.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: samcli.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: msacm32.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: urlmon.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: mpr.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: winmmbase.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: winmmbase.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: aclayers.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: sfc.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: sfc_os.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: lz32.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: riched32.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: riched20.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: usp10.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: msls31.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\Predios.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: acspecfc.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: ddraw.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: dciman32.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: acspecfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: ddraw.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dciman32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: acgenral.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: msacm32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: aclayers.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sfc_os.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: acspecfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: ddraw.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dciman32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: acgenral.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: msacm32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: aclayers.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sfc_os.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: textshaping.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: acspecfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: ddraw.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dciman32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: acgenral.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: msacm32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: aclayers.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sfc_os.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: acspecfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: ddraw.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: dciman32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: acgenral.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: msacm32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: aclayers.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sfc_os.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
Source: C:\Users\user\Desktop\Predios.exeFile written: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.ini
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Windows\SysWOW64\RICHED32.DLL
Source: Predios.exeStatic file information: File size 2150764 > 1048576
Source: C:\Users\user\Desktop\Predios.exeFile created: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrte383.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rraJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\temp.000Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rraJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\temp.000Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrte383.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeFile created: C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rraJump to dropped file
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrte383.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rraJump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rraJump to dropped file
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.cab
Source: C:\Users\user\Desktop\Predios.exeFile opened: C:\Users\user\

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		11
Masquerading		OS Credential Dumping3
File and Directory Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory2
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Predios.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (copy)0%ReversingLabs
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rra0%ReversingLabs
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rra0%ReversingLabs
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rra0%ReversingLabs
C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rra0%ReversingLabs
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rra0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrt.dll (copy)0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1427676
Start date and time:2024-04-17 23:36:55 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:18
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:Predios.exe
Detection:CLEAN
Classification:clean3.winEXE@10/23@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • VT rate limit hit for: Predios.exe

Created / dropped Files

C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B3FD01873BD5FD163AB465779271C58F
SHA1:E1FF9981A09AB025D69AC891BFC931A776294D4D
SHA-256:985EB55ECB750DA812876B8569D5F1999A30A24BCC54F9BAB4D3FC44DFEDB931
SHA-512:6674AB1D65DA9892B7DD2FD37F300E087F58239262D44505B53379C676FD16DA5443D2292AEAAE01D3E6C40960B12F9CAC651418C827D2A33C29A6CDF874BE43
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1"\.PL..PL..PL..L@..PL.?LB..PL.TOF..PL.TOG..PL..O_..PL..PL..PL..PM.oPL..s_..PL.CpF..PL.CpG..PL.{VJ..PL.Rich.PL.........................PE..L...lh@=........../...............................@..................................................................................................................................................................................................text...Z........................... ..`.rdata..`T.......`..................@..@.data...\.... ...P... ..............@....rsrc................p..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\coree103.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):28529
Entropy (8bit):4.000373969114487
Encrypted:false
SSDEEP:
MD5:62D5F9827D867EB3E4AB9E6B338348A1
SHA1:828E72F9C845B1C0865BADAEF40D63FB36447293
SHA-256:5214789C08EE573E904990DCD29E9E03AAF5CF12E86FAE368005FD8F4E371BD5
SHA-512:B38BB74DC2E528C2A58A7D14A07BD1ECAAF55168B53AFC8F4718F3BF5D6F8C8B922B98551A355EBB1009F23CFF02FD8596413468993A43756C4DE7DFED573732
Malicious:false
Reputation:unknown
Preview:; Corecomp.ini..;..; This file stores information about files that InstallShield..; will install to the Windows\System folder, such as Windows..; 95 and NT 4.0 core components and DAO, ODBC, and ActiveX files...; ..; The entries have the following format, without a space before ..; or after the equal sign:..;..; <file name>=<properties>..; ..; Currently, following properties are supported:..; 0x00000000 No registry entry is created for this file. It is..; not logged for uninstallation, and is therefore ..; never removed...;..; Inappropriate modification to this file can prevent an..; application from getting Windows 95/Windows NT logo...;..; Last Updated: 12/8/1999; bn....[Win32]....12500852.CPX=0x00000000 ..12510866.CPX=0x00000000 ..12520437.cpx=0x00000000..12520850.cpx=0x00000000..12520860.CPX=0x00000000..12520861.CPX=0x00000000 ..12520863.CPX=0x00000000 ..12520865.CPX=0x00000000..82557ndi.dll=0x00000000..8514a.dll=0x00000000..95fiber.dll=0x000

C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):77824
Entropy (8bit):5.420648120129751
Encrypted:false
SSDEEP:
MD5:003A6C011AAC993BCDE8C860988CE49B
SHA1:6D39D650DFA5DED45C4E0CB17B986893061104A7
SHA-256:590BE865DDF8C8D0431D8F92AA3948CC3C1685FD0649D607776B81CD1E267D0A
SHA-512:032ABA4403EB45646AA1413FDC6C5D08BAAB4D0306D20B4209E70C84E47F6B72E68457BBC4331A5F1A5FA44AA776A89EB9FD29D0D956FA2FE11364C26AB09EE7
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9l..}..L}..L}..L...Ly..L.-.Lx..L}..Lx..L+..Lv..L}..L=..L$..Lt..L.-.L{..L...L|..L.-.L|..LRich}..L........PE..L.....;...........!.....p...........i.......................................0......................................@..........x........l................... ..........................................................4............................text....k.......p.................. ..`.rdata..'........ ..................@..@.data...............................@....rsrc....l.......p..................@..@.reloc....... ....... ..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):176128
Entropy (8bit):6.103238184891712
Encrypted:false
SSDEEP:
MD5:377765FD4DE3912C0F814EE9F182FEDA
SHA1:A0AB6A28F4BA057D5EAE5C223420EB599CD4D3B1
SHA-256:8EFCBD8752D8BBFD7EE559502D1AA28134C9BF391BF7FC5CE6FDFD4473599AFB
SHA-512:31BEFB11715F78043B7684287B4086CE003CB66F97C6EFF8C2B438EAE29045D8856172C6B898BE9F08C139EDC4647C2BCE000DA497AED208B7A5A69D4D90C710
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<`.]...]...]...A...]..yB...]...A...]..n}...]..yB...]...]...]...B...]...~...]...]..D]..n}...]..V[...]..n}...]..Rich.]..................PE..L.....;...........!.....p...@.......................................................................................................... .......................@.......................................................X............................text....m.......p.................. ..`.rdata...>.......@..................@..@.data....-....... ..................@....rsrc... ...........................@..@.reloc...$.......0..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):32768
Entropy (8bit):2.240898610474827
Encrypted:false
SSDEEP:
MD5:8F02B204853939F8AEFE6B07B283BE9A
SHA1:C161B9374E67D5FA3066EA03FC861CC0023EB3CC
SHA-256:32C6AD91DC66BC12E1273B1E13EB7A15D6E8F63B93447909CA2163DD21B22998
SHA-512:8DF23B7D80A4DD32C484CA3BD1922E11938D7ECDA9FC5FD5045EED882054EFCA7B7131EA109C4F20D8279845FFEB50EF46FB7419D190B8CF307EB00168746E59
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..hQ..hQ..hQ.Rt_..hQ..KB..hQ..hP..hQ..H[..hQ..nW..hQ..HU..hQ.Rich.hQ.........................PE..L.....;...........!.....0...@......p0.......@.......................................................................H.......C..<....`.......................p..h....................................................@...............................orpc...p........ .................. ..`.text...B....0.......0.............. ..`.rdata.......@.......@..............@..@.data...,....P.......P..............@....rsrc........`.......`..............@..@.reloc.......p.......p..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\temp.000

Download File
Process:C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):614532
Entropy (8bit):6.195803070094149
Encrypted:false
SSDEEP:
MD5:B3FD01873BD5FD163AB465779271C58F
SHA1:E1FF9981A09AB025D69AC891BFC931A776294D4D
SHA-256:985EB55ECB750DA812876B8569D5F1999A30A24BCC54F9BAB4D3FC44DFEDB931
SHA-512:6674AB1D65DA9892B7DD2FD37F300E087F58239262D44505B53379C676FD16DA5443D2292AEAAE01D3E6C40960B12F9CAC651418C827D2A33C29A6CDF874BE43
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1"\.PL..PL..PL..L@..PL.?LB..PL.TOF..PL.TOG..PL..O_..PL..PL..PL..PM.oPL..s_..PL.CpF..PL.CpG..PL.{VJ..PL.Rich.PL.........................PE..L...lh@=........../...............................@..................................................................................................................................................................................................text...Z........................... ..`.rdata..`T.......`..................@..@.data...\.... ...P... ..............@....rsrc................p..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):225280
Entropy (8bit):6.172364662668933
Encrypted:false
SSDEEP:
MD5:B2F7E6DC7E4AAE3147FBFC74A2DDB365
SHA1:716301112706E93F85977D79F0E8F18F17FB32A7
SHA-256:4F77A9018B6B0D41151366E9ACAB3397416D114FC895703DEB82B20F40116AD1
SHA-512:E6AE396BD9B4F069B5FAFE135C0F83718CC236D1CF9007DB7305BD5442C86483C0F1E0FAD9CD6D547E8715278E23E6FAFA973C63EBBE998A31A2153DBBBE7F83
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.".~.L.~.L.~.L...@...L...B.d.L...F.-.L...G.l.L...F...L.~.L.{.L.(._.c.L.'._.u.L.~.M...L...G.q.L...J...L...H...L.Rich~.L.........................PE..L.....;...........!.....P... ...............`..............................................................................P........ .......................@...1...................................................`..X............................text...fJ.......P.................. ..`.rdata..T....`.......`..............@..@.data....!....... ..................@....rsrc........ ... ..................@..@.reloc...=...@...@...0..............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B2F7E6DC7E4AAE3147FBFC74A2DDB365
SHA1:716301112706E93F85977D79F0E8F18F17FB32A7
SHA-256:4F77A9018B6B0D41151366E9ACAB3397416D114FC895703DEB82B20F40116AD1
SHA-512:E6AE396BD9B4F069B5FAFE135C0F83718CC236D1CF9007DB7305BD5442C86483C0F1E0FAD9CD6D547E8715278E23E6FAFA973C63EBBE998A31A2153DBBBE7F83
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.".~.L.~.L.~.L...@...L...B.d.L...F.-.L...G.l.L...F...L.~.L.{.L.(._.c.L.'._.u.L.~.M...L...G.q.L...J...L...H...L.Rich~.L.........................PE..L.....;...........!.....P... ...............`..............................................................................P........ .......................@...1...................................................`..X............................text...fJ.......P.................. ..`.rdata..T....`.......`..............@..@.data....!....... ..................@....rsrc........ ... ..................@..@.reloc...=...@...@...0..............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\corecomp.ini (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:62D5F9827D867EB3E4AB9E6B338348A1
SHA1:828E72F9C845B1C0865BADAEF40D63FB36447293
SHA-256:5214789C08EE573E904990DCD29E9E03AAF5CF12E86FAE368005FD8F4E371BD5
SHA-512:B38BB74DC2E528C2A58A7D14A07BD1ECAAF55168B53AFC8F4718F3BF5D6F8C8B922B98551A355EBB1009F23CFF02FD8596413468993A43756C4DE7DFED573732
Malicious:false
Reputation:unknown
Preview:; Corecomp.ini..;..; This file stores information about files that InstallShield..; will install to the Windows\System folder, such as Windows..; 95 and NT 4.0 core components and DAO, ODBC, and ActiveX files...; ..; The entries have the following format, without a space before ..; or after the equal sign:..;..; <file name>=<properties>..; ..; Currently, following properties are supported:..; 0x00000000 No registry entry is created for this file. It is..; not logged for uninstallation, and is therefore ..; never removed...;..; Inappropriate modification to this file can prevent an..; application from getting Windows 95/Windows NT logo...;..; Last Updated: 12/8/1999; bn....[Win32]....12500852.CPX=0x00000000 ..12510866.CPX=0x00000000 ..12520437.cpx=0x00000000..12520850.cpx=0x00000000..12520860.CPX=0x00000000..12520861.CPX=0x00000000 ..12520863.CPX=0x00000000 ..12520865.CPX=0x00000000..82557ndi.dll=0x00000000..8514a.dll=0x00000000..95fiber.dll=0x000

C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:003A6C011AAC993BCDE8C860988CE49B
SHA1:6D39D650DFA5DED45C4E0CB17B986893061104A7
SHA-256:590BE865DDF8C8D0431D8F92AA3948CC3C1685FD0649D607776B81CD1E267D0A
SHA-512:032ABA4403EB45646AA1413FDC6C5D08BAAB4D0306D20B4209E70C84E47F6B72E68457BBC4331A5F1A5FA44AA776A89EB9FD29D0D956FA2FE11364C26AB09EE7
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9l..}..L}..L}..L...Ly..L.-.Lx..L}..Lx..L+..Lv..L}..L=..L$..Lt..L.-.L{..L...L|..L.-.L|..LRich}..L........PE..L.....;...........!.....p...........i.......................................0......................................@..........x........l................... ..........................................................4............................text....k.......p.................. ..`.rdata..'........ ..................@..@.data...............................@....rsrc....l.......p..................@..@.reloc....... ....... ..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:377765FD4DE3912C0F814EE9F182FEDA
SHA1:A0AB6A28F4BA057D5EAE5C223420EB599CD4D3B1
SHA-256:8EFCBD8752D8BBFD7EE559502D1AA28134C9BF391BF7FC5CE6FDFD4473599AFB
SHA-512:31BEFB11715F78043B7684287B4086CE003CB66F97C6EFF8C2B438EAE29045D8856172C6B898BE9F08C139EDC4647C2BCE000DA497AED208B7A5A69D4D90C710
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<`.]...]...]...A...]..yB...]...A...]..n}...]..yB...]...]...]...B...]...~...]...]..D]..n}...]..V[...]..n}...]..Rich.]..................PE..L.....;...........!.....p...@.......................................................................................................... .......................@.......................................................X............................text....m.......p.................. ..`.rdata...>.......@..................@..@.data....-....... ..................@....rsrc... ...........................@..@.reloc...$.......0..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8F02B204853939F8AEFE6B07B283BE9A
SHA1:C161B9374E67D5FA3066EA03FC861CC0023EB3CC
SHA-256:32C6AD91DC66BC12E1273B1E13EB7A15D6E8F63B93447909CA2163DD21B22998
SHA-512:8DF23B7D80A4DD32C484CA3BD1922E11938D7ECDA9FC5FD5045EED882054EFCA7B7131EA109C4F20D8279845FFEB50EF46FB7419D190B8CF307EB00168746E59
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..hQ..hQ..hQ.Rt_..hQ..KB..hQ..hP..hQ..H[..hQ..nW..hQ..HU..hQ.Rich.hQ.........................PE..L.....;...........!.....0...@......p0.......@.......................................................................H.......C..<....`.......................p..h....................................................@...............................orpc...p........ .................. ..`.text...B....0.......0.............. ..`.rdata.......@.......@..............@..@.data...,....P.......P..............@....rsrc........`.......`..............@..@.reloc.......p.......p..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\e0d4.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):119296
Entropy (8bit):2.6322736780222207
Encrypted:false
SSDEEP:
MD5:34AAA1BBB28D5A358D3D827AD504CCC1
SHA1:717A1619CF1AAFA0834786A5AAAA1304BA5607B5
SHA-256:70A75179F8A94D05A0BD3EFA2BC266147D24A1370904C475635FEF01F5BE683D
SHA-512:05E22B2717319F458C5CA67408C2368747E80584007CC06AF736F4059132A032CD12C7C9CB3B6F6F12561CEACF35603CDD038CD9AD0CC1F96A0CC27E821F9E1B
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................".......................................................................................................$........... ...!...#...U...%.../...&...'...(...)...*...+...,...-.......C...B...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...X...G...D...E...F...T...W...I...J...K...L...M...N...O...P...Q...R...S.......V.......^...a...Y...Z...[...\...]...r..._...`...b...e...c...d.......o...g...h...i...j...k...l...m...n...x...p...q...w...s...t...u...v.......y...{...z...

C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):166912
Entropy (8bit):4.868695285760508
Encrypted:false
SSDEEP:
MD5:6911BC3432DFAF16063F6C2AF5EB4B52
SHA1:94E77684FE200B189061207B5FD042BB22D2F37D
SHA-256:AD22C57908918F70864634B2580CB57237DBD1031F6F7A662F7644CFE0B57528
SHA-512:6702CBA5A3D05637017A76812970E32701D3A96B84E95819B633426495EB98CCFC1254753D49525A3E20EBDDD2AE23B1DF495139FFC6AEB697E772EFDD045F3A
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k.z..b)..b)..b)^.h)..b)5.l)..b)I*h)..b)..b)..b)..q)..b)..c)..b).)q)..b)I*i)..b)q.d)..b)Rich..b)........PE..L......:.................n........................@..................................................................................................................................................................................................text....l.......n.................. ..`.rdata...............r..............@..@.data...P...........................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.ini

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):51
Entropy (8bit):4.135099302875261
Encrypted:false
SSDEEP:
MD5:95B31317E41FAFC647C70C6F23BDDAC0
SHA1:81AAB27354D9561C7D235B7E8CF1F5FB53E38315
SHA-256:6B99F3FD8ABB32A2FB387933CB4CF95130BD3003E27C403101CD6226C60C8C44
SHA-512:3DCFA8379CF3F4F304153519E0D159DBEE7908C9EC865F70F8FC04540012834A2B666B0541FC811BD67E30842F36E0FCD8B4C51C3739C93619B506D5E5D783A4
Malicious:false
Reputation:unknown
Preview:[Languages]..Default=0x000a..count=1..key0=0x000a..

C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.cab

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:InstallShield CAB
Category:dropped
Size (bytes):437673
Entropy (8bit):7.99834509266046
Encrypted:true
SSDEEP:
MD5:4A35FC4935297C7CDA6566D71CFC9E4C
SHA1:0CEB120F545F78A9888B23B1D2F97E70726B69DB
SHA-256:E6C7DAF57879819C4CBA9ADFC29EAEC3713A3DC76D65E7F5AB10CDDE5393B323
SHA-512:FD30EA115020FBA8054A87F73DFC7A6D4D3D62C557CA74104F0C47229108B786ECC6B96D724162755CD7E45591E79F5DCEAA2F31A389B1E6A0EFF5EA0E9D4E17
Malicious:false
Reputation:unknown
Preview:ISc(.`.....................................................................................................................................................................................................................................................................................................................................................d.................................y...+.HG.".....................,..$.8.@.,. n!...SNx..wK....t..P.m4..NO.{o7;B........................................................\.r"9.}....>..m....(.n.m0...8..P*. ;..%.....V...f..8..P..R...h..z..+Y.w...._~....^.^.K.........QW.'...[6..^...(.r......K..E{..R../m....~.Q.^Q...?..A.{"|......yo..]]\.$..K...1...............e.....T.i..G_xM..Z...f..v.;....k..^pB.^...b...=QD../..A...w.o.B.{+ +...?..|...?.w`|.:P....f.].'..pp..Q..^.wy.....-..W;...o...I.^.*..O.....^o..=...?......>.8.Yig.$=.fQ......U...2U....pi$^Sgz..u..iu...}.Hai.T.%...%}W~/Z...v*.$...@.........W..}.!..]....^........z.....7}6

C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.hdr

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:InstallShield CAB
Category:dropped
Size (bytes):11360
Entropy (8bit):3.702684062480897
Encrypted:false
SSDEEP:
MD5:DBF63E458853A706AD60BEAC003F9A1F
SHA1:918CC70E4EAF6DB17D51AC6C9359D9413C6FE635
SHA-256:E3F68550DC43306BE0FE88B32075B6F912C8CB1E81BF8B71694DB11B3A45612F
SHA-512:BD9CBB23FDF469CB0A8F6578C94A449556CCCF705F91DF893518C99AD4B02B7FFD3D2D1121BA89173BC6A37E23C160ABD13CA87EC03649DF548F273528734020
Malicious:false
Reputation:unknown
Preview:ISc(.`..............`,.....................................................................................................................................................................................................................................................................................................................................d.................................y...+.HG.".....................,..$.8.@.,. n!...SNx..wK....t..P.m4..NO.{o7;B.....................................................M...................L...L............... .........O.................................................................................................................................../...............................;...G...S......._.......................k...........w.............................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data2.cab

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:InstallShield CAB
Category:dropped
Size (bytes):353280
Entropy (8bit):7.99786344013456
Encrypted:true
SSDEEP:
MD5:4D69A93F67A37BBCBC6CB315EB609904
SHA1:90A6AC21288819F1DCCD4416EB9421FBD105F096
SHA-256:0B7DC11787D740AC9A4726DECA0461F0D350ECFB0CC58F6AC8C93BD22D3AD77D
SHA-512:FB0E436274D86150061E9BB1369560BD10FCFDF668AC94F9CF28DFAC1D4B47C0CE3AD9DF6BDAA02EFB4984E840F34CDFC9D8A86617C4DD3E19FF63BBFA3C6113
Malicious:false
Reputation:unknown
Preview:ISc(.`.......................................................0...............3.............................................................................................................................................................................................................................................................................d.................................y...+.HG.".....................,..$.8.@.,. n!...SNx..wK....t..P.m4..NO.{o7;B......................................................*.{\T......%A../...E..s..pQ.D.....f1S#3.....LM.....M.Zj..$...u.Dee...ZY.}4.<...3....9......e...^.;k.`.j.!.Pp.2...I.....S.K&....=..[.y.gy.................oEY..,.2%7f...>4,.c?..}..<.a.UM.y=r....D......^..q.;.._.Kv*...BY..}}......2.%...._423.`...Y.l..9.<yB....2r.Y.m...%.B(.)E!...7L..HIh4F6r......>.=}D..X.-. N......}Kw.co...R..z......d..(..Y.aL`3...i...C-V..=...ZSkjM..5....ZSkjM....?1.....if..6..e.Y......0..s.z9....Wr....F..f..1#\_..kKLz....C..|....0..IF..

C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\ikernel.ex_

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:MS Compress archive data, SZDD variant, original size: 614532 bytes
Category:dropped
Size (bytes):346602
Entropy (8bit):7.73908901473112
Encrypted:false
SSDEEP:
MD5:93B63F516482715A784BBEC3A0BF5F3A
SHA1:2478FECA446576C33E96E708256D4C6C33E3FA68
SHA-256:FBF95719B956B548B947436E29FEB18BB884E01F75AE31B05C030EBD76605249
SHA-512:2C8F29DDA748E21231AB8C30C7A57735104B786120BB392EB1C20A320F2DDDDE392D136FD0C70853BB9AF851BBE47DF2955D8F9D5973B64870AC90BD12D2DD70
Malicious:false
Reputation:unknown
Preview:SZDD..'3A..`...MZ......}.............@....................!..L.!T.his prog.ram cann.ot be ru.n in DOS. mode.....$...1"\..PL.t..L@.}.u.?LB..u..TOF...G.}.u..O_..u..u.M.ou..s._..u.CpF....G..u.{V.J..u.Rich.t.....PE..L....lh@=...../................/...........p%.%...6....#.......%.M.Z.K...........................).........te.xt..Z...%....l... ..`.r/data. T-.)..`"$....@..#..\.-. ....!N ~1+..rsrc..,........pV-....-.-.-.-.-.-.-.=..=-===M=]=m=}=.=..=.=.=.=.=.=.=.M..M-M=MMM]MmM}M.M..M.M.M.M.M.M.M.]..]-]=]M]]]m]}].]..].].].].].].].m..m-m=mMm]mmm}m.m..m.m.m.m.m.m.m.}..}-}=}M}]}m}}}.}..}.}.}.}.}.}.}.....-.=.M.].m.}....................-.=.M.].m.}....................-.=.M.].m.}....................-.=.M.].m.}....................-.=.M.].m.}....................-.=.M.].m.}....................-.=.M.].m.}....................-.=.M.].m.}................/.F........<SVW3.9.y..M.u...u..u.......u..].3..S..3.j.Q.PV.}..}...R.;........W.M.j._QV.P.0.....f.}..ul8...j.@.||.E..j.P.M...." .E.

C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\layout.bin

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:data
Category:dropped
Size (bytes):461
Entropy (8bit):2.1149449263097346
Encrypted:false
SSDEEP:
MD5:5C3E186FE4E2247287C107D5ADF72B1A
SHA1:B57A9F2DACA31CDA6DA7BBA1175CD2ABFB9FFA94
SHA-256:A7226831DCC5D687A8EB8DBA47018E179175BD946C1656602F662D1F4ED08418
SHA-512:AA0D361653814B31DE33726CB2ADBA3B943D5734784D499B2CD7E64D8BB5B22FD6566A4AA15A8115D947DFA0807345DF4B379C4D55C3DDC7DB3FB6E9615900D6
Malicious:false
Reputation:unknown
Preview:c..R.@.............>......................................................................................................................................................................................................................................................$.....:...V.................r...v...............z...............................................................SETUP.INI..Setup.exe.ikernel.ex_.Setup.inx.data1.hdr.data1.cab.data2.cab.data3.cab.

C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk2\data3.cab

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:InstallShield CAB
Category:dropped
Size (bytes):772760
Entropy (8bit):7.9915105468092795
Encrypted:true
SSDEEP:
MD5:D1C10E9B61D9D2BDD5E0177C2C6AB68B
SHA1:295D41CE4E4BFB1F68819ADAF91CC38CFEF56E06
SHA-256:CB37783B7830266FF1CD287EF9D7DFED2719B5E5D1FF60852A67D0A146F8ACA1
SHA-512:396E0F871FAEBC3C909250A239371AB80691C33B371EF2DB01B358CBF519DC5967C1F308B20E45BFD049847ED16C81C570CE32F54214AC7821A1476C45C17591
Malicious:false
Reputation:unknown
Preview:ISc(.`.....................................................................................................................................................................................................................................................................................................................................................d.................................y...+.HG.".....................,..$.8.@.,. n!...SNx..wK....t..P.m4..NO.{o7;B......................................................sw..t[......wip.Q......`...Fe.U.\[. ..R...dE.W.wh.:...K.dK.Z*(O.....r..s...l..L..g.mA.!.U|/.h..p*.0..6...y5.{........8.r.w...S.I>ut.#..;.........}....G.m......U.'vQ..Ho.........X..uT..Es..r.0.6f..8...6"c..G.p.}.aq...SX,U.............9.v..mH#.-.......;..Q.x.K.Pi.c....-l..z;..0..^.....du..#.i..u].Jh...].43.J....?..4..d qR................,.C..g.m..};...%..t...x}.M.b.p....mPkO.g....A6..P...}.OH.n.*.....Xo.K..Sh..@.SI...9.....?.L.o.:......1.GiW.;.....G:4.

C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\pftw1.pkg

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:Microsoft Cabinet archive data, many, 1981877 bytes, 9 files, at 0x2c +A "\Disk1\data1.cab" +A "\Disk1\data1.hdr", ID 12345, number 1, 68 datablocks, 0x1 compression
Category:dropped
Size (bytes):1981877
Entropy (8bit):7.9992583419211325
Encrypted:true
SSDEEP:
MD5:5C69717B1F67908EF24BE331972B1342
SHA1:CD62B66008CED88F8003ADA49B3236EBEB1F4D61
SHA-256:5C96EC94B2CE9D39739739388B88B84014498E098A145D7DEFB852E4C68160EE
SHA-512:5A9287A3192B0BA2EBA2970E79615738DF3727ACC9F4760D4C746C410A0FC2348A97D50AA3E6BC3CFB559F5B141A295B9DDAE9903D14EE0AF39E5646C92A0FC6
Malicious:false
Reputation:unknown
Preview:MSCF.....=......,...............90..X...D..............V.u .\Disk1\data1.cab.`,.........V.u .\Disk1\data1.hdr..d.........V.u .\Disk1\data2.cab..I...>.....,. .\Disk1\ikernel.ex_...........V.u .\Disk1\layout.bin............*.. .\Disk1\Setup.exe.3..........V.u .\Disk1\Setup.ini............V;i .\Disk1\setup.inx............V.u .\Disk2\data3.cab..,..r~..CK.S.0@.%xm.m..m.m.m.m........d.yO.s..tw..J:-.dD......_......?......|.0.....e....3u..x..oK.\f..<O..@...(.I.I`K..2...=..M: )z.y.B......\...;..z.....Eko9.q...........__dDP....0.._p...S..p.$.&D\]..^^..es....*..L..G.y.MRk`....^.........H.@'../..w#*...7^"h.=....N.RL:..UN/...I...z5.*V...<UB.5..+d.*.t<.?...z.y.-.....{.5\..h....I.TU726/.?-...M....,.|.,.D).X.T....lGi...NU...q.._Zm.=....U.F..V.<.*..l.l.&.....}zQ.PG.....z.$.-.....{..r.........g...>*.T,..yt../].V.q....?..I&.BR.v..|..D..E.<..F.4n...r..iX.=...*|...U..$.t3..<F...U.[..*.y.N...X.4/...H.X.+...n=.....k.O>.R.....4....-B....a................lmm.yb.|..}....|

C:\Users\user\AppData\Local\Temp\plfDD4A.tmp

Download File
Process:C:\Users\user\Desktop\Predios.exe
File Type:Generic INItialization configuration [Dialog1001]
Category:dropped
Size (bytes):4880
Entropy (8bit):4.89494473907046
Encrypted:false
SSDEEP:
MD5:F114A12FB837065496A1F030DCAD1C16
SHA1:D0A3EE8558BD737AAD090864E3FB2FDFD3721A4A
SHA-256:94F9FDB98A32C1218F00EA894DCB1EA6D9B430709C0A3987CD9667B24FCCDC10
SHA-512:B61B6818B55D0FA5342E59BCAE82CDABAC4134B7601434E49934F931B8B2CE202A7C405FB90CCB80865DF19D5703B1A1441A25864A0BE33BB8F2E8936BA820BF
Malicious:false
Reputation:unknown
Preview:[Dialog1000]..100=Bienvenido a InstallShield Wizard para %s..101=InstallShield(r) Wizard le ayudar. a instalar %s en su equipo. Para continuar, haga clic en Siguiente.....[Dialog1001]..0=Contrato de licencia..1=Lea cuidadosamente el contrato de licencia siguiente...121=A&cepto los t.rminos del contrato de licencia..122=&No acepto los t.rminos del contrato de licencia....[Dialog1002]..0=Ubicaci.n para guardar archivos..1=.D.nde desear.a guardar los archivos?..101=Introduzca la carpeta en la que desee guardar los archivos. Si la carpeta no existe, se proceder. a su creaci.n. Para continuar, haga clic en Siguiente...102=&Guardar archivos en carpeta:..103=&Cambiar.......[Dialog1003]..0=Contrase.a..1=Este paquete est. protegido por contrase.a...106=C&ontrase.a:..107=Introduzca la contrase.a requerida para ejecutar este paquete. Tenga en cuenta que las contrase.as distinguen entre may.sculas y min.sculas. Haga clic en Siguiente para continuar.....[Dialog1004]..0=Protecci.n contra escri

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\Licee345.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:ISO-8859 text, with CRLF line terminators
Category:dropped
Size (bytes):481
Entropy (8bit):4.334977417859925
Encrypted:false
SSDEEP:
MD5:031CC0CE2867DB66202B974F99164DB1
SHA1:85ADDF830C494EE2006B8669079CB0E6D126754B
SHA-256:707CB7AB4AF9214BC61F39117B389D24E3B17802592C573F93AFFE11D89AF230
SHA-512:5F9E32AF485B73D0AEF19C7F63D7E202CD2D281F1C34FB6D92BAA34E0442C233E2808AF20C1AB82B75F5C023753DEDF66D719A29F5A56B3BEC154A1D3271EA84
Malicious:false
Reputation:unknown
Preview:Es aconsejable cerrar todos los programas antes de ejecutar la instalaci.n.....Pulse el bot.n No para detener la instalaci.n.....Pulse el bot.n Si para continuar con la instalaci.n.....El Programa de Declaraci.n Telem.tica es un producto desarrollado por la..Superintendencia Nacional de Administraci.n Tributaria para uso por parte..de los contribuyentes y/o declarantes. ....El Programa de Declaraci.n Telem.tica es un producto de libre distribuci.n..en todos sus componentes...

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\License.txt (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:ISO-8859 text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:031CC0CE2867DB66202B974F99164DB1
SHA1:85ADDF830C494EE2006B8669079CB0E6D126754B
SHA-256:707CB7AB4AF9214BC61F39117B389D24E3B17802592C573F93AFFE11D89AF230
SHA-512:5F9E32AF485B73D0AEF19C7F63D7E202CD2D281F1C34FB6D92BAA34E0442C233E2808AF20C1AB82B75F5C023753DEDF66D719A29F5A56B3BEC154A1D3271EA84
Malicious:false
Reputation:unknown
Preview:Es aconsejable cerrar todos los programas antes de ejecutar la instalaci.n.....Pulse el bot.n No para detener la instalaci.n.....Pulse el bot.n Si para continuar con la instalaci.n.....El Programa de Declaraci.n Telem.tica es un producto desarrollado por la..Superintendencia Nacional de Administraci.n Tributaria para uso por parte..de los contribuyentes y/o declarantes. ....El Programa de Declaraci.n Telem.tica es un producto de libre distribuci.n..en todos sus componentes...

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):225280
Entropy (8bit):4.441866713321277
Encrypted:false
SSDEEP:
MD5:CD67B128E6C3B33B1A8F03D10CAD60C6
SHA1:1B60D6DF046810078DA8B301761D1B095A2F90D8
SHA-256:60633F136A0198FA67AD23F06F84585E23B9FA55B80AF8F4ADA5829B7B07B20E
SHA-512:9CBC050AC01462D8842E9D556E150A1D7B1E72145BBFDB3A972B5A65AE64F06843CF69227B8E53618074D2C2FB2DE2C9E9726DF3CDB3B63C517C6DF828E1A399
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W.&.\...W.&.]...W.M.Y...W...V...W...D...W.1.]...W...Q...W.Rich..W.................PE..L..... 9...........!.....0...0...............@...............................p...............................................D..(....`.......................`.......................................................@...............................text....*.......0.................. ..`.rdata.......@.......@..............@..@.data........P.......P..............@....rsrc........`.......`..............@..@.reloc..d....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRes.dll (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:CD67B128E6C3B33B1A8F03D10CAD60C6
SHA1:1B60D6DF046810078DA8B301761D1B095A2F90D8
SHA-256:60633F136A0198FA67AD23F06F84585E23B9FA55B80AF8F4ADA5829B7B07B20E
SHA-512:9CBC050AC01462D8842E9D556E150A1D7B1E72145BBFDB3A972B5A65AE64F06843CF69227B8E53618074D2C2FB2DE2C9E9726DF3CDB3B63C517C6DF828E1A399
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W.&.\...W.&.]...W.M.Y...W...V...W...D...W.1.]...W...Q...W.Rich..W.................PE..L..... 9...........!.....0...0...............@...............................p...............................................D..(....`.......................`.......................................................@...............................text....*.......0.................. ..`.rdata.......@.......@..............@..@.data........P.......P..............@....rsrc........`.......`..............@..@.reloc..d....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\defae393.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Category:dropped
Size (bytes):1168
Entropy (8bit):2.551387347019812
Encrypted:false
SSDEEP:
MD5:0ABAFE3F69D053494405061DE2629C82
SHA1:E414B6F1E9EB416B9895012D24110B844F9F56D1
SHA-256:8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
SHA-512:63448F2BEF338EA44F3BF9EF35E594EF94B4259F3B2595D77A836E872129B879CEF912E23CF48421BABF1208275E21DA1FABFDC494958BCFCD391C78308EAA27
Malicious:false
Reputation:unknown
Preview:RIFF....PAL data..........................................................f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3...............f...3..................f...3...............f..3.....f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3...................f...3..................f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3.....f...f...f...f.f.f.3.f...f...f...f..f.f.f.3.f...f...f...f...f.i.f.3.f...ff..ff..ff..fff.ff3.ff..f3..f3..f3..f3f.f33.f3..f...f...f...f.f.f.3.f...3...3...3...3.f.3.3.3...3...3...3..3.f.3.3.3...3...3...3...3.f.3.3.3...3f..3f..3f..3ff.3f3.3f..33..33..33..33f.333.33..3...3...3...3.f.3.3.3.............f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3.........................................................................................................

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\default.pal (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:0ABAFE3F69D053494405061DE2629C82
SHA1:E414B6F1E9EB416B9895012D24110B844F9F56D1
SHA-256:8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
SHA-512:63448F2BEF338EA44F3BF9EF35E594EF94B4259F3B2595D77A836E872129B879CEF912E23CF48421BABF1208275E21DA1FABFDC494958BCFCD391C78308EAA27
Malicious:false
Reputation:unknown
Preview:RIFF....PAL data..........................................................f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3...............f...3..................f...3...............f..3.....f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3...................f...3..................f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3.....f...f...f...f.f.f.3.f...f...f...f..f.f.f.3.f...f...f...f...f.i.f.3.f...ff..ff..ff..fff.ff3.ff..f3..f3..f3..f3f.f33.f3..f...f...f...f.f.f.3.f...3...3...3...3.f.3.3.3...3...3...3..3.f.3.3.3...3...3...3...3.f.3.3.3...3f..3f..3f..3ff.3f3.3f..33..33..33..33f.333.33..3...3...3...3.f.3.3.3.............f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3.........................................................................................................

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrt.dll (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:13B70633DF1BF63E19FE4A74A53B8896
SHA1:F542F67CC15002F76F3AB9230297CCCA2461C009
SHA-256:7F852B5EE852AE2870D63DB4D9CAC454E08E93104D18BF5C9EFC068D85C35147
SHA-512:5FE27C41FB5DE0AE2373295D0F5B13BE7D863161E94D29BBEDDB84ACAB4300A9BC93482C80F874CCAA9FA20B2066D7824C530AC3F4575BB999DA3F594CCD4A2B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#U..B;..B;..B;.^7..B;.z^5..B;..]1.B;..]0..B;..b1..B;..B;..B;..](..B;..a(..B;..B:..C;..b0..B;.>D=..B;..b?..B;.Rich.B;.................PE..L...S..:...........!.........`............................................... ...................................... R......`;..................................$9......................................................`............................text.............................. ..`.rdata..............................@..@.data...0I...p... ...p..............@....rsrc...............................@..@.reloc...F.......P..................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrte383.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):323584
Entropy (8bit):6.378203696124137
Encrypted:false
SSDEEP:
MD5:13B70633DF1BF63E19FE4A74A53B8896
SHA1:F542F67CC15002F76F3AB9230297CCCA2461C009
SHA-256:7F852B5EE852AE2870D63DB4D9CAC454E08E93104D18BF5C9EFC068D85C35147
SHA-512:5FE27C41FB5DE0AE2373295D0F5B13BE7D863161E94D29BBEDDB84ACAB4300A9BC93482C80F874CCAA9FA20B2066D7824C530AC3F4575BB999DA3F594CCD4A2B
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#U..B;..B;..B;.^7..B;.z^5..B;..]1.B;..]0..B;..b1..B;..B;..B;..](..B;..a(..B;..B:..C;..b0..B;.>D=..B;..b?..B;.Rich.B;.................PE..L...S..:...........!.........`............................................... ...................................... R......`;..................................$9......................................................`............................text.............................. ..`.rdata..............................@..@.data...0I...p... ...p..............@....rsrc...............................@..@.reloc...F.......P..................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\setue335.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:data
Category:dropped
Size (bytes):132260
Entropy (8bit):4.634485533846506
Encrypted:false
SSDEEP:
MD5:25923E26470310A22807864DAE449C25
SHA1:FC9B78727D65EE153DD12A815DD5A14400738E93
SHA-256:58475E1F61AB5F54B4035EAFF5FD99CD268C293850ADFC3CF10BB0DA81B3DE37
SHA-512:5665E167FCFDE3C56DBE6AF83B27A587CDA3A71B2F79D57A0A7AE433D17D91A54F7BD8710EDDF8FFFE0182671EA79A6FD7C623186AE07E317E4AA495500B0420
Malicious:false
Reputation:unknown
Preview:aLuZ..Copyright (c) 1990-1999 Stirling Technologies, Ltd. All Rights Reserved...........................|............/..j...?...............................................................O................bWin95.....bWin9X.....bWin98.....bWinMe.....bSubversion_A.....bSubversion_B.....bSubversion_C.....bVersionNotFound.......bWinNT.....bWinNT4.....bWinNT351.....bWin2000.....bAdmin_Logged_On.....nServicePack.......WINNT.....WIN9X.....bShellExplorer.....bAlpha.....bIntel.....nOSMajor.....nOSMinor.....nWinMajor.....nWinMinor.......int1.....int2.......dwEventType.....dwRestorePtType.....llSequenceNumber.@...szDescription.......nStatus.....llSequenceNumber.......nYearMonth.....nDay.....nHourMin.....nSeconds.......nLength.....nMemoryLoad.....nTotalPhys.....nAvailPhys.....nTotalPageFile.....nAvailPageFile.....nTotalVirtual.....nAvailVirtual.......nOSVersionInfoSize.....nMajorVersion.....nMinorVersion.....nBuildNumber.....nPlatformId.....szCSDVersion.......nLowDateTime.....nHighDateTime.......n

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\setup.inx (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:25923E26470310A22807864DAE449C25
SHA1:FC9B78727D65EE153DD12A815DD5A14400738E93
SHA-256:58475E1F61AB5F54B4035EAFF5FD99CD268C293850ADFC3CF10BB0DA81B3DE37
SHA-512:5665E167FCFDE3C56DBE6AF83B27A587CDA3A71B2F79D57A0A7AE433D17D91A54F7BD8710EDDF8FFFE0182671EA79A6FD7C623186AE07E317E4AA495500B0420
Malicious:false
Reputation:unknown
Preview:aLuZ..Copyright (c) 1990-1999 Stirling Technologies, Ltd. All Rights Reserved...........................|............/..j...?...............................................................O................bWin95.....bWin9X.....bWin98.....bWinMe.....bSubversion_A.....bSubversion_B.....bSubversion_C.....bVersionNotFound.......bWinNT.....bWinNT4.....bWinNT351.....bWin2000.....bAdmin_Logged_On.....nServicePack.......WINNT.....WIN9X.....bShellExplorer.....bAlpha.....bIntel.....nOSMajor.....nOSMinor.....nWinMajor.....nWinMinor.......int1.....int2.......dwEventType.....dwRestorePtType.....llSequenceNumber.@...szDescription.......nStatus.....llSequenceNumber.......nYearMonth.....nDay.....nHourMin.....nSeconds.......nLength.....nMemoryLoad.....nTotalPhys.....nAvailPhys.....nTotalPageFile.....nAvailPageFile.....nTotalVirtual.....nAvailVirtual.......nOSVersionInfoSize.....nMajorVersion.....nMinorVersion.....nBuildNumber.....nPlatformId.....szCSDVersion.......nLowDateTime.....nHighDateTime.......n

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\value.shl (copy)

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:Generic INItialization configuration [Data]
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:F3511841C616791B64CB56F3B7CAAFFC
SHA1:A5F8DF46DD3E30437E678404D3D1A449A101352A
SHA-256:D528EDC175551BAF480A6F7C9D4EF03369DD472274DEC4D4319642ED8BD34B2C
SHA-512:8D4311790B8CB63AEEE02642778031CB4CFAB1E17FB7F4A766A4783E84FD25DE73065616A02E8B7F168623D94E52A39388A2AD656D9676B46CB76ED27F50D584
Malicious:false
Reputation:unknown
Preview:[General]..Type=STRINGTABLESPECIFIC..Version=1.00.000..Language=000a....[Data]..TITLE_MAIN=PDT PREDIOS..TITLE_CAPTIONBAR=PDT PREDIOS..COMPANY_NAME=..PRODUCT_NAME=..PRODUCT_KEY=..PRODUCT_VERSION=..FOLDER_NAME=....

C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\value374.rra

Download File
Process:C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
File Type:Generic INItialization configuration [Data]
Category:dropped
Size (bytes):212
Entropy (8bit):4.9555709127572
Encrypted:false
SSDEEP:
MD5:F3511841C616791B64CB56F3B7CAAFFC
SHA1:A5F8DF46DD3E30437E678404D3D1A449A101352A
SHA-256:D528EDC175551BAF480A6F7C9D4EF03369DD472274DEC4D4319642ED8BD34B2C
SHA-512:8D4311790B8CB63AEEE02642778031CB4CFAB1E17FB7F4A766A4783E84FD25DE73065616A02E8B7F168623D94E52A39388A2AD656D9676B46CB76ED27F50D584
Malicious:false
Reputation:unknown
Preview:[General]..Type=STRINGTABLESPECIFIC..Version=1.00.000..Language=000a....[Data]..TITLE_MAIN=PDT PREDIOS..TITLE_CAPTIONBAR=PDT PREDIOS..COMPANY_NAME=..PRODUCT_NAME=..PRODUCT_KEY=..PRODUCT_VERSION=..FOLDER_NAME=....

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
Entropy (8bit):7.948480059078867
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:Predios.exe
File size:2'150'764 bytes
MD5:b3f39d9d07c9ab215c5e204e7d1d46e8
SHA1:9a3122ff03254992c5a0b3d34ac181316a217268
SHA256:5e868e8eb5b82146457dc9381d68fb603e267c1ade4ba4ee5517be6afc70e33d
SHA512:f041734ba7c46fb23f90805762d9badb6ee4e8b361cbcb6b95403f9e199640602dd3346672905681a320ce78601a7c3d46ca4130b337c38c7fbf521e4ab09b6e
SSDEEP:24576:hXyha8SEMjEBihT4ZdjZYx24kPpriiTa4IXkREmyKCFHgIvIt9cFzA0xnS+MooOw:VuV6thW2x24kP8i+4IUFOOsSFoVwl
TLSH:00A523003EF78E91CC92A832DA64FE75469DB83009F25F8686C25F464D22DEE5BD6313
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4...pv..pv..pv..pv..yv...i..xv...j..bv...i..9v..)U...v..pv...v...V..zv...p..qv..Richpv..........................PE..L...$kJ9...

File Icon

Icon Hash:4cf8f0f8daf2b607

Static PE Info

General

Entrypoint:0x4084a7
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:0x394A6B24 [Fri Jun 16 18:00:04 2000 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:690c9e79bb34f8d71799aa65a51d3c5d

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 00412310h
push 0040B5E0h
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 58h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
call dword ptr [004121E8h]
xor edx, edx
mov dl, ah
mov dword ptr [00415330h], edx
mov ecx, eax
and ecx, 000000FFh
mov dword ptr [0041532Ch], ecx
shl ecx, 08h
add ecx, edx
mov dword ptr [00415328h], ecx
shr eax, 10h
mov dword ptr [00415324h], eax
xor esi, esi
push esi
call 00007F73B8617345h
pop ecx
test eax, eax
jne 00007F73B861726Ah
push 0000001Ch
call 00007F73B8617315h
pop ecx
mov dword ptr [ebp-04h], esi
call 00007F73B861A176h
call dword ptr [004121ECh]
mov dword ptr [004168E4h], eax
call 00007F73B861A034h
mov dword ptr [004152FCh], eax
call 00007F73B8619DDDh
call 00007F73B8619D1Fh
call 00007F73B861818Eh
mov dword ptr [ebp-30h], esi
lea eax, dword ptr [ebp-5Ch]
push eax
call dword ptr [00412088h]
call 00007F73B8619CB0h
mov dword ptr [ebp-64h], eax
test byte ptr [ebp-30h], 00000001h
je 00007F73B8617268h
movzx eax, word ptr [ebp-2Ch]
jmp 00007F73B8617265h
push 0000000Ah
pop eax
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword ptr [004120DCh]

Rich Headers

Programming Language:
  • [C++] VS98 (6.0) build 8168
  • [ C ] VS98 (6.0) build 8168
  • [EXP] VC++ 6.0 SP5 build 8804

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x128000xa0.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x180000x11208.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x120000x2f4.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x1067a0x11000c5ed1c470db2fcb57b814d82c0292896False0.5868135340073529data6.4669272173768295IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x120000x17e80x2000d17184d8f4b5b34c55189f25493c2c91False0.3363037109375data4.616388320994259IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x140000x3cfc0x2000ff95d6d261e578ed8925d2003fa45169False0.243408203125data2.424573704283208IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x180000x112080x1200099e934bbd399446c74ff8bacd99b89d5False0.1777615017361111data3.752764147979227IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_BITMAP0x1a5400xcd50Device independent bitmap graphic, 164 x 314 x 8, image size 51496, 256 important colorsEnglishUnited States0.12165144596651446
RT_BITMAP0x272900xfc0Device independent bitmap graphic, 53 x 53 x 8, image size 2968, 256 important colorsEnglishUnited States0.4290674603174603
RT_ICON0x18c780x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.4594594594594595
RT_ICON0x18da00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.5202312138728323
RT_ICON0x193080x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.3655913978494624
RT_ICON0x195f00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.5153429602888087
RT_DIALOG0x282500x19adataEnglishUnited States0.5121951219512195
RT_DIALOG0x188a00x92dataEnglishUnited States0.7054794520547946
RT_DIALOG0x189380xbedataEnglishUnited States0.6263157894736842
RT_DIALOG0x18aa80xd6dataEnglishUnited States0.5841121495327103
RT_DIALOG0x189f80xaedataEnglishUnited States0.6091954022988506
RT_DIALOG0x186280x272dataEnglishUnited States0.4792332268370607
RT_DIALOG0x185400xe2dataEnglishUnited States0.6017699115044248
RT_DIALOG0x18be80x90dataEnglishUnited States0.6805555555555556
RT_DIALOG0x18b800x62dataEnglishUnited States0.8061224489795918
RT_STRING0x283f00x632dataEnglishUnited States0.3291298865069357
RT_STRING0x28a280x1a8dataEnglishUnited States0.5165094339622641
RT_STRING0x28ff80x11adataEnglishUnited States0.549645390070922
RT_STRING0x28bd00xbadataEnglishUnited States0.5483870967741935
RT_STRING0x28c900x366dataEnglishUnited States0.3793103448275862
RT_STRING0x291180x98dataEnglishUnited States0.7302631578947368
RT_STRING0x291b00x58dataEnglishUnited States0.4318181818181818
RT_GROUP_ICON0x19e980x3edataEnglishUnited States0.8387096774193549
RT_VERSION0x19ed80x668dataEnglishUnited States0.26402439024390245

Imports

DLLImport
KERNEL32.dllFormatMessageA, GetSystemDefaultLCID, GetProcAddress, GetTempFileNameA, MulDiv, CreateProcessA, WaitForSingleObject, GetStartupInfoA, IsDBCSLeadByte, Sleep, CompareStringA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, FreeLibrary, RemoveDirectoryA, FindNextFileA, WritePrivateProfileSectionA, WritePrivateProfileStringA, lstrcpynA, GetPrivateProfileSectionA, WriteFile, DeleteFileA, LocalAlloc, LockResource, LoadResource, FindResourceA, SizeofResource, GetModuleHandleA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, MultiByteToWideChar, lstrcmpiA, GetDiskFreeSpaceA, HeapAlloc, GetProcessHeap, HeapFree, GetModuleFileNameA, ExitProcess, CreateFileA, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, SetFileAttributesA, GetFileSize, ReadFile, SetFilePointer, FindFirstFileA, CreateDirectoryA, GetLastError, GetPrivateProfileStringA, FindClose, GetFileAttributesA, lstrcatA, lstrlenA, GetWindowsDirectoryA, lstrcpyA, GetSystemDirectoryA, GetTempPathA, MoveFileExA, LoadLibraryA, LocalFree, GetShortPathNameA, FlushFileBuffers, CloseHandle, SetStdHandle, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, LCMapStringW, LCMapStringA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetStringTypeW, GetStringTypeA, GetOEMCP, GetACP, GetCPInfo, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetVersion, GetCommandLineA, RtlUnwind
USER32.dllGetParent, GetDlgItem, SendDlgItemMessageA, EnableWindow, CheckRadioButton, SetWindowTextA, GetWindowTextA, LoadStringA, LoadImageA, MessageBoxA, IsDlgButtonChecked, GetDlgItemTextA, SetDlgItemTextA, ReleaseDC, GetDC, GetWindowLongA, SetFocus, PostMessageA, GetWindow, wsprintfA, GetDesktopWindow, DestroyWindow, CreateDialogParamA, DispatchMessageA, TranslateMessage, GetSysColor, GetSysColorBrush, FillRect, BeginPaint, DrawTextA, EndPaint, GetClientRect, ScreenToClient, MoveWindow, SetParent, MapDialogRect, GetNextDlgTabItem, GetWindowRect, CreateDialogIndirectParamA, IsWindow, InvalidateRect, IsWindowEnabled, ShowWindow, UpdateWindow, IsDialogMessageA, SetWindowPos, GetActiveWindow, SetActiveWindow, CharNextA, LoadIconA, SendMessageA, PeekMessageA, SetWindowLongA
GDI32.dllDeleteObject, CreatePalette, RealizePalette, GetDeviceCaps, CreateDIBitmap, GetObjectA, SelectPalette, EnumFontFamiliesExA, GetTextExtentPointA, GetStockObject, TextOutA, DeleteDC, SelectObject, CreateCompatibleDC, SetBkMode, BitBlt, SetTextColor, CreateSolidBrush, SetBkColor, CreateFontIndirectA
ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA
SHELL32.dllShellExecuteA, SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc
LZ32.dllLZOpenFileA, LZCopy, LZClose
COMCTL32.dll

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States