Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Legalia2Setup.msi

Overview

General Information

Sample name:Legalia2Setup.msi
Analysis ID:1433161
MD5:0a216a9077bd6cfc068733f066135328
SHA1:3dfcd675381a7669d1d9ddbb075277f54c7abf3f
SHA256:f2077ee5d8d323fcae3e098a94e893891fd086bf0cc82234669259a00a7d077b
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • msiexec.exe (PID: 7068 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Legalia2Setup.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7104 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7156 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E8FCA13A9B1F3AAD387632723CDFE49A C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6304 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding B5180FC8933C915E692FB8B14039806C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6424 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding F323B315522CA4C777CC6963F4839EA9 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • msiexec.exe (PID: 6612 cmdline: "C:\Windows\SysWOW64\msiexec.exe" /uninstall {590F466A-69D5-4C29-B0C2-3AC05CBFEF07} /quiet MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • Legalia2.exe (PID: 4684 cmdline: "C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe" MD5: D3CE8F025273554AC2A21C6FDF69A281)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 217.114.136.30:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.registradores.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownHTTPS traffic detected: 217.114.136.30:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\610ce8.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1005.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI10E1.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1140.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Fonts\code128.ttf
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}\_853F67D554F05449430E7E.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}\_DB919AB071B372378E83C6.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}\_8EB7ECF2B5D57C13BA030B.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1567.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\610cea.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\610cea.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI179B.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI1005.tmp
Source: classification engineClassification label: clean5.winMSI@11/36@1/4
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\Public\Desktop\Legalia 2.lnk
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeMutant created: NULL
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDF70.tmp
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.ini
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Legalia2Setup.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E8FCA13A9B1F3AAD387632723CDFE49A C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E8FCA13A9B1F3AAD387632723CDFE49A C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B5180FC8933C915E692FB8B14039806C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F323B315522CA4C777CC6963F4839EA9 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe" /uninstall {590F466A-69D5-4C29-B0C2-3AC05CBFEF07} /quiet
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B5180FC8933C915E692FB8B14039806C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F323B315522CA4C777CC6963F4839EA9 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe" /uninstall {590F466A-69D5-4C29-B0C2-3AC05CBFEF07} /quiet
Source: unknownProcess created: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe "C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe"
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: dwrite.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: version.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: textshaping.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: windowscodecs.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: rasapi32.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: rasman.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: rtutils.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: Legalia2Setup.msiStatic file information: File size 7300096 > 1048576
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\System.IO.Compression.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\CORPME.SECURITY.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\ICSharpCode.SharpZipLib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\NLog.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\CorpmeeFE.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.ProcessingObjectModel.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDFEE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\CORPMEeFirma.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.WinForms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\System.Net.Http.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\itextsharp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1567.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.Common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1567.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legalia 2.lnk
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeMemory allocated: 35F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeMemory allocated: 3790000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeMemory allocated: 5790000 memory reserve | memory write watch
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\CORPME.SECURITY.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\System.IO.Compression.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\ICSharpCode.SharpZipLib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\NLog.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\CorpmeeFE.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.ProcessingObjectModel.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIDFEE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\CORPMEeFirma.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.WinForms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\System.Net.Http.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\itextsharp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1567.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.Common.dllJump to dropped file
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_processor
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeMemory allocated: page read and write | page guard
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe" /uninstall {590F466A-69D5-4C29-B0C2-3AC05CBFEF07} /quiet
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dll VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\code128.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		11
Windows Management Instrumentation		1
Registry Run Keys / Startup Folder		11
Process Injection		22
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		2
Virtualization/Sandbox Evasion		LSASS Memory2
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Disable or Modify Tools		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS11
Peripheral Device Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials14
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Legalia2Setup.msi0%ReversingLabs
Legalia2Setup.msi0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\MSIDFEE.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIDFEE.tmp0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\CORPME.SECURITY.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\CORPME.SECURITY.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\CORPMEeFirma.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\CORPMEeFirma.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\CorpmeeFE.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\CorpmeeFE.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\ICSharpCode.SharpZipLib.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\ICSharpCode.SharpZipLib.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.Common.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.Common.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.ProcessingObjectModel.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.ProcessingObjectModel.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.WinForms.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.WinForms.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\NLog.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\NLog.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\System.IO.Compression.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\System.IO.Compression.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\System.Net.Http.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\System.Net.Http.dll0%VirustotalBrowse
C:\Program Files (x86)\CORPME\Legalia 2\itextsharp.dll0%ReversingLabs
C:\Program Files (x86)\CORPME\Legalia 2\itextsharp.dll0%VirustotalBrowse
C:\Windows\Installer\MSI1567.tmp0%ReversingLabs
C:\Windows\Installer\MSI1567.tmp0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.registradores.org
217.114.136.30
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    217.114.136.30
    		www.registradores.orgSpain
    		25267CORPME-ASCDiegodeLeon21ESfalse

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1433161
    Start date and time:2024-04-29 10:13:24 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:18
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:Legalia2Setup.msi
    Detection:CLEAN
    Classification:clean5.winMSI@11/36@1/4
    Cookbook Comments:
    • Found application associated with file extension: .msi

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe
    • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Report size getting too big, too many NtReadVirtualMemory calls found.

    Created / dropped Files

    C:\Config.Msi\610ce9.rbs

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):124889
    Entropy (8bit):6.6452692952596415
    Encrypted:false
    SSDEEP:
    MD5:F2D01C4675D712B1F3B7F70277B74295
    SHA1:F394D25AA2DA4D9D6BA867EBC7F6A18A056D505B
    SHA-256:47B01E5DB0B8F85058FACCAED5B742A9AA28FBE8FA9807FBEB0346D9DA279A62
    SHA-512:10ECB0D75DC38FFB699FACD912E02E6D7A0C3400BE8558307067F6B52B017F296E96A183F8A77AA1ABC4D05F19E789780AEA817A391B6C14CEFA1D65BEE26DAA
    Malicious:false
    Reputation:unknown
    Preview:...@IXOS.@.....@.Q.X.@.....@.....@.....@.....@.....@......&.{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}..Legalia 2..Legalia2Setup.msi.@.....@.....@.....@......_853F67D554F05449430E7E.exe..&.{2E6A8679-AA0E-4E53-8E83-4BC40E86E325}.....@.....@.....@.....@.......@.....@.....@.......@......Legalia 2......Rollback..R.e.v.e.r.t.i.r. .l.a. .a.c.c.i...n.:...[1]..RollbackCleanup%.Quitar archivos de copia de seguridad..Archivo: [1]....ProcessComponents$.Actualizando registro de componentes..&.{BCDFC14A-50FA-2EC3-F1D5-F63029A121FF}&.{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}.@......&.{7B65DFD2-3388-90D4-8583-B889064E4609}&.{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}.@......&.{11521D72-0FA2-97A2-6A2D-68E534CB60CA}&.{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}.@......&.{AE16A91E-0972-4F2A-F17A-02A0ECD47493}&.{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}.@......&.{7F303C82-E01E-5264-A00B-BE5CC3E09BA2}&.{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}.@......&.{C0151AD5-9737-98E9-97D2-04C26C689455}&.{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}

    C:\Program Files (x86)\CORPME\Legalia 2\Ayuda\Legalia2HLPes.pdf

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PDF document, version 1.4, 10 pages
    Category:dropped
    Size (bytes):330998
    Entropy (8bit):7.907316835486357
    Encrypted:false
    SSDEEP:
    MD5:5C8F67739C7664F89B901D89FED32AD9
    SHA1:76747CEAC179941A25C86FC24E653749E718795A
    SHA-256:69E4CB9C5AE96A8BA3892D723EE5820726B6885D1CCB7E27BF13044754C9818E
    SHA-512:051728343C89E35F2FC4BFA49759D3DAF454ECC140734DA49F4408BB369AE90EAA87BF2B78853D2D3A85C89D3EF5AC42B451D778E2D128A81022D0B59F42EC4C
    Malicious:false
    Reputation:unknown
    Preview:%PDF-1.4.%.....2 0 obj.<</Length 3 0 R/Filter/FlateDecode>>.stream.x..VMo.0...W.\ ..o....M..5...N.........#)Y..5.lQ|z|.i9j..,....G..A.ha....z!....^..W....`..|....s...u...\.....#...:X.8~$......g....ce....O.d1?.a.r*..8Xy..$h3.j......,'.0....y{.I,.<.....Z>Q.V..4..O...Ld.`.E..._vZ.P..H.73q..7..77.%....R....Y*.u./...~........So4....@..P..00.........A._...C.N{|.&a...I....ZZ3.I...d)..p@...B..Q@..q*am.?.z..<.}.(.M.(=..2.*7..Fy.TTI9u..x..j.~.,vGq.5-o.....Q.../.[&..h.\..'..._9.oq..6...%....)..nF...6..P....*._.Wz3..-...e.@.....A.4......N....Z..2. ..p..E........v............S...U5..rq..}..<.Yll...=u..m.C..z_......YEvx........F|..&E..(....]..{...l....\.j..\.310.p...U=>3.,b.pW0....x.I.V5......y.{P8..m/...^....I.\\_n..+.S9.qx....8:.../.X.oy..._.G.t....T..e.i.?....?.x..N.t.....x.. .. )..)1....C....endstream.endobj..3 0 obj.766.endobj..17 0 obj.<</Type/XObject/Subtype/Image/Width 900 /Height 413 /BitsPerComponent 8 /ColorSpace/DeviceRGB/Filter/DCTDecode/Leng

    C:\Program Files (x86)\CORPME\Legalia 2\CORPME.SECURITY.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):375296
    Entropy (8bit):5.848686377964937
    Encrypted:false
    SSDEEP:
    MD5:3C6FE558FD3FE11803E67040399856BC
    SHA1:C68C08B89F103FE31B09FC9B91FA9FCCF0E90ED3
    SHA-256:BCECBA16A684739599A4BA206FD46C37978AD59C340F7ECFAE72F22F1323A6F0
    SHA-512:FEA0705FF9A9A90CAEBA194891705485C680C6B3CFDDF33EEE245599373DBDBEDF482DE869630BC88751D9CEF9209144F4C7502F00A338F9513C7FC7552ABD30
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.........." ..0.................. ........... ....................... ......;U....`.....................................O.......x............................................................................ ............... ..H............text...d.... ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B........................H.......x...,...............h.............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"

    C:\Program Files (x86)\CORPME\Legalia 2\CORPMEeFirma.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):166912
    Entropy (8bit):5.766894845777168
    Encrypted:false
    SSDEEP:
    MD5:49B0BF64D2588288F950BB4FF59A29B0
    SHA1:3DE38448572CA5BF89180E8311175D13AAD58282
    SHA-256:B40D4E1163163AB5FFFD4348C19EBC860001051881F2C1B8956264E4945DC96F
    SHA-512:FEE28F5F3B2C23F4B6842B03F8A92FDC4B2A93AD09B8519D8A5B42F544973B6C92F811660E279556990A022DF4BFD1895A80A12864DA431B502210F8D264C129
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.........." ..0................. ........... ..............................lI....`.................................p...O.......l...........................8................................................ ............... ..H............text...@.... ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B........................H........>...]............................................................{....*"..}....*V.(....,..(.....o....*..0..s........(........p...(....(....(....(....s.......(......~......~....}......}......}......(.....,..o....o....-..(....(....(....(.....*.,..o....o....-..(....(....(....(.....*.E...."......."......."....(......p...( ...(....(....(.....*..}......8m....r...po!...........o".........o#.....+...~.......($...(....(....(........o%.....,...i../..(&...(....(....(...........

    C:\Program Files (x86)\CORPME\Legalia 2\CorpmeeFE.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):2971136
    Entropy (8bit):6.09603559426898
    Encrypted:false
    SSDEEP:
    MD5:EEBD81730DE70E8F25F17825DDB9AE76
    SHA1:72D24074664ED0ED40588D7F2771985D5EFEAFB4
    SHA-256:D32DB8E0AFBADCDA7BAEF43CE66C537E71DBAF11A0407F2210E41DF3867C1CA6
    SHA-512:8C02D56037AA0600896D6AD0F1A909E0269305DDE3ACBAA24048F53A1F6DC240D8438B1846539095ADA82FE0B51061E39BF41D4727B2EA366C4F2BBA88EF6F43
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~.c.........." ..P..N-..........l-.. ....-...... ........................-......6....`..................................k-.O.....-.x.....................-......j-.............................................. ............... ..H............text...$L-.. ...N-................. ..`.rsrc...x.....-......P-.............@..@.reloc........-......T-.............@..B.................l-.....H.......<................\....*..j-.......................................(....*..( ...*.s!........s"........s#........s$........*.~....o%...*.~....o&...*.~....o'...*.~....o(...*.~.....()...,.r...p.....(*...o+...s,........~....*.~....*.......*~(....r)..p~....o-...(....t....*~(....rI..p~....o-...(....t....*~(....rc..p~....o-...(....t....*Vs....(/...t.........*..(0...*.~....*.(....*..(1...*..0..O.........(.......s2......(3...o4....o5.......,..o......(6......%(7.....~8....(9....

    C:\Program Files (x86)\CORPME\Legalia 2\ICSharpCode.SharpZipLib.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):200704
    Entropy (8bit):5.683688089372797
    Encrypted:false
    SSDEEP:
    MD5:C8164876B6F66616D68387443621510C
    SHA1:7A9DF9C25D49690B6A3C451607D311A866B131F4
    SHA-256:40B3D590F95191F3E33E5D00E534FA40F823D9B1BB2A9AFE05F139C4E0A3AF8D
    SHA-512:44A6ACCC70C312A16D0E533D3287E380997C5E5D610DBEAA14B2DBB5567F2C41253B895C9817ECD96C85D286795BBE6AB35FD2352FDDD9D191669A2FB0774BC4
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.K...........!......... ......^.... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\CORPME\Legalia 2\IconoColegio.ico

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
    Category:dropped
    Size (bytes):67646
    Entropy (8bit):2.2945981505892985
    Encrypted:false
    SSDEEP:
    MD5:91097E0ADC79FA87524E6E04B3F7392D
    SHA1:1D55684B1F8E8875EF88E5011B90D969E4DB00D5
    SHA-256:15C17AB664FD9152C59404D12C9BF81EAD809F1AFC07609EB14173FE8B4DFBAC
    SHA-512:16E75A62B941F63754577CB56061F52221C91B0C707B13F446169FD61ED0D6EE742ACE3F79DC4EFF4946E01147AA975E68C9A2346BB49BBC84078960B1C7C74E
    Malicious:false
    Reputation:unknown
    Preview:............ .(.......(............. ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):4716544
    Entropy (8bit):6.001706691914569
    Encrypted:false
    SSDEEP:
    MD5:D3CE8F025273554AC2A21C6FDF69A281
    SHA1:C78B910476FD93A89E2C9498154849FA8AD4BFC9
    SHA-256:267B8DF8EC7D5B9C2B5DCE751FB99FB0A182233A25C06D599ABA08D05231E30E
    SHA-512:7C53CD4C0B8411D8ADDCC94C879B02ABC174508C13ADAA1B2AA706F3EA520FD36DE30C650E39539876B1649749ED177473C09042764DF73087650B9C432A1FA1
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x..d..............P...F.........F.G.. ... G...@.. .......................`H...........`...................................G.O.... G.4....................@H.......G.............................................. ............... ..H............text...L.F.. ....F................. ..`.rsrc...4.... G.......F.............@..@.reloc.......@H.......G.............@..B................(.G.....H.......0...............D...x.?.........................................Z('...((...(.....o)...*..0..........(....o*...o+....+}.o,......o-....o....r...po/...,].o.....r...p(0...o1...............o2....(3...-.......+&...........o2....(3...-.......+........o4...:x......,..o5....(....-...o-...*.o6..., s!....%..o6.......o".......o-...*.....................(7...........s8...(9.....(:.....(;.....(<.....(=...*F.(....o....(>...*..(?...*.s@........sA........sB........sC........sD........

    C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe.config

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):514
    Entropy (8bit):5.325572247408468
    Encrypted:false
    SSDEEP:
    MD5:4D7B6B149D8D46C73B7A0B0C86949318
    SHA1:0D845A4EF26ACDE9688A672218BEE7C4C880C17C
    SHA-256:500FDC8BFAD750A6CFBEC1BE66D0E586FD502726029B82B61FDAD06AF856FA15
    SHA-512:5782F2FC24058D1758A23AA1B974A1B80EC1BD84468D0D569D5439BD59B2DEBD9B4117DE85029D44DC39281A143DEC9AB2F615DB14D4C85EE7B0A68455DC3CA3
    Malicious:false
    Reputation:unknown
    Preview:<?xml version="1.0"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/></startup>...<runtime>....<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.....<dependentAssembly>......<assemblyIdentity name="ICSharpCode.SharpZipLib" publicKeyToken="1B03E6ACF1164F73" culture="neutral"/>......<bindingRedirect oldVersion="0.0.0.0-0.86.0.518" newVersion="0.86.0.518"/>.....</dependentAssembly>....</assemblyBinding>...</runtime>..</configuration>..

    C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.InstallState

    Download File
    Process:C:\Windows\SysWOW64\msiexec.exe
    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2594), with no line terminators
    Category:dropped
    Size (bytes):2597
    Entropy (8bit):5.179903998694314
    Encrypted:false
    SSDEEP:
    MD5:8340E57C6861AA09B7AC38E04EE8E33D
    SHA1:624317D2DA2B09030773E809944F37B7A77B2177
    SHA-256:A9E636FFAA636D4FDA92BCEE8422B7ABF8ABCF0BCF5FF860CEAF23E327FE0B21
    SHA-512:2A243CE1DBB09EACF0B84FA5D778AEC42C6FBBC51AF9EDAF1E4B4DEACA9B347B5F19DA8366AA38350BC7CA33C80C19F159A26A7ECE8F3D41361C271C5FA6E6CF
    Malicious:false
    Reputation:unknown
    Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

    C:\Program Files (x86)\CORPME\Legalia 2\Legalia2Installer.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):9216
    Entropy (8bit):4.986832909689194
    Encrypted:false
    SSDEEP:
    MD5:3C416BA45531721B73327CB4E4F3BB7E
    SHA1:05819B1489B27B860E2B8B6F51ECEC1F400ED92F
    SHA-256:5775CAA61CFFFAF8B05438FA0C95C21A1350EBFB1F54C978B453282EC942B5BD
    SHA-512:8DF1140D32C863F81C65A7DC6856F84EC101E9DCF72E64D7A13907FDC4CB0416BF1D49E00A1CCFA83A9C74F2779BA169E3C6AC635383C1B2F4540D72390EB6F1
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..............!..P.............>;... ...@....... ....................................`..................................:..O....@.......................`......L:..8............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................;......H........"...............9................................................(....*..(....*.s.........s.........s.........s.........*.~....o ...*.~....o!...*.~....o"...*.~....o#...*.~.....($...,.r...p.....(%...o&...s'........~....*.~....*.......*Vs....((...t.........*..()...*.~....*.(....*..0..!........,..{....,..{....o*.......(+....*...................2.s,...}....*6.(-....(....*"..(....*.0..A.......s/...%o0...r9..po1...rI..p..r...p(2....%o0....o3...o4...&..(5...*6..(6...(7...*.

    C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.Common.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):6388088
    Entropy (8bit):6.141004336077301
    Encrypted:false
    SSDEEP:
    MD5:B961BB3BF07E887CDEF83ADABE855E79
    SHA1:422022979E3F08587C0C2BAF262F5A2EE9DF4FF2
    SHA-256:6E45570B06742EC17A23AF1C28B4250D2254736A428CBA0242BE0A06D88928B8
    SHA-512:1BAE93A178191F89F78637A95ED8931F1830A24D96F5C398F295D5C648F712458E69716C2D9309F2B360DA67375E91D23C7D71CC54708399F9BA14D2C092B76B
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....K...........!.....Xa.........Nva.. ....a...... ........................a.......b...@..................................ua.O.....a..............ba.x.....a.....dua.............................................. ............... ..H............text...TVa.. ...Xa................. ..`.rsrc.........a......Za.............@..@.reloc........a......`a.............@..B................0va.....H.......xw1.../...........'.....P ......................................b....A.<B.....7.CQ..p$.:.s..L.b .l....YoR.....~W&'1.N}....g`..K..{.Mj.~.....J.7...........>.NJ9........Ij.K...4.O....e.Uj..(t.....}.....s....(u...*>...-..+..(v...*..0..%.........Q.{.....(w....(....,..*....sx.....(y..............;....8.....{....-..s....}.....(z...u......,..o{....(.....(|...-l.,W..o}.../Nr...p.o~....(....,;.o}...s......r!..p.(....o.....r9..p.o.....{.....o....&8.....{.....o....&8....

    C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.ProcessingObjectModel.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):92056
    Entropy (8bit):6.0358055472578105
    Encrypted:false
    SSDEEP:
    MD5:986A8699687D2BC10998B0E7C8A0B7E9
    SHA1:8719AF5C6737B61E282D706E1952286EDF658638
    SHA-256:13A78E6F83B09DB46D4B7A5284A4D044DA893A0AF3EF118C8981C85E9B80A0E2
    SHA-512:95C8EE4699D1010561CB3A0EF1F244C8456D8FD9DED6862CB23A143A0970435A7C6E2FA618BF7F134AF1BD5F49E483184185117D1F461F037E344BBC15503942
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....K...........!.....F...........e... ........... ...............................S....@..................................d..W.......@............P...............d............................................... ............... ..H............text....E... ...F.................. ..`.rsrc...@............H..............@..@.reloc...............N..............@..B.................d......H........;..X(..................P ....................................... .Y....k...O2.BG-..^.w.1|.......m....g....V...Z=..?h..h..1T.E....C..v.P..%m...K...Op7.,..|SF...6Ow..i._.e.~`*^n.o...[..._Q:.(......}....*..{....*.*..o....*"..}....*2.{....oM...*2.{....oN...*2.{....oO...*2.{....oP...*2.{....oQ...*2.{....oR...*2.{....oS...*2.{....oT...*6.{.....oU...*6.{.....oV...*6.{.....oV...*..(....*..(....*..(....*..(....*..*..(....*..*..(....*:.(......}....*.s....z.s....z6.{......

    C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.WinForms.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):546688
    Entropy (8bit):5.997973225762315
    Encrypted:false
    SSDEEP:
    MD5:263593FB2FEC0DDA4522C97063DC69DB
    SHA1:CB582E72CD34FFE92062BFA4C9E3C4B7674191DB
    SHA-256:CDE57CD6E0DB4C7E4B49AFCF1CDCC698C3DB89987A80C7CCB868889D1C7D54C1
    SHA-512:B8D493B0BB128C432CC2FB64A6A322F7B64242F7A4D38B57E9EB2856CCF64CD4AE38ECCA80DE3279836112C18B61D9BA22F428035614A606F77A6A2C3F5F0E63
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....K...........!.....6...........T... ...`....... ...................................@.................................pT..K....`...............@...............S............................................... ............... ..H............text....4... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B.................T......H.......@................P...6..P .......................................B`..%B...cs.|.7.o5,.i(...!YL~W.....N....&.C...d.}.8.R..9.Y...p.7G......LF<.u).....w...r#-..A.3p..WL.M...i..N......jy.1..r...p}......}.....s!...}.....(!...*..{....*"..}....*...0.............o....*&...(....*..0.......................(....*..0.......................o....*6..o....o%...**.(.......*..{....*"..}....*....0...........( ......&.....*.................0..1........{....%.("....o....,..o!....

    C:\Program Files (x86)\CORPME\Legalia 2\NLog.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):612352
    Entropy (8bit):5.955176127490977
    Encrypted:false
    SSDEEP:
    MD5:169A2802F25F1F083432FC099F4B5E6C
    SHA1:E9AD81EA61A436303978AADC2E96F7968BCD2C5D
    SHA-256:4B8399F36A0ABEBD8B2A0DC58AF5D83F3A6AE5F2228AC49E1FE9F70497975635
    SHA-512:D4F6170448183D5839E44C3F5C971327824CC8B9A760DBEF325F3F866D4CA76AAB58D56A3BCE0A802FFC80CD67F0CF4C7A7DD62C48A9B0033098E2811185351B
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y...........!.....P...........o... ........... ..............................O.....`..................................o..W...................................Ln............................................... ............... ..H............text....O... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B.................o......H.......T.......................P .......................................Bm.=X1.G..^.........'...:(js..a..Q(....N.h.......|r...0L.H.>+.%..cn...3..-..3...B%.^.\(#l....V.(..8.<!.,j..@<-]u...8w.^..($...*..($...*:.($.....(....*..{....*"..}....*..($...*..($...*:.($.....(....*..{....*"..}....*&...(....*V.($.....(......(....*..{....*"..}....*..{....*"..}....*"..(....*:.($.....(....*..{....*"..}....*..($...*:.($.....(....*..{....*"..}....*&...(....*&...(....*&...(....*V.($...

    C:\Program Files (x86)\CORPME\Legalia 2\System.IO.Compression.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):66888
    Entropy (8bit):6.4369283052543125
    Encrypted:false
    SSDEEP:
    MD5:B5BCEEA7EF5EC52CD91C22CF91DA0F94
    SHA1:C680F2AC978785B1F9B2A082A8DA0E59B506AE19
    SHA-256:D13F7D37EB9B0D5BA1CBCDFB05B9AFF55735E4FD2D0D407E9AA1D7A102D3EECF
    SHA-512:90A8BED664BA842334947B7220FFABEA877BC0C36CDE0A413351927110015DA0D7D2C4623AC338E7B08405CA77B9F61B75A832821C1A221C7108F2A9AB372D1B
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W.Pb.........." ..0.................. ........... ....................... ......5.....`.....................................O.......X...............HM........................................................... ............... ..H............text....... ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H........X...\............. ..............................................a..+.~.......%.X...a ...._...da....Y%.../...a...*n .....0...%....(.........*>.........(....*..(......}.......}......}.......}......}......}.......}....*2......(....*J.(.....{....o....*J.(.....{....o....*f.(.....(.....{.....o....*Z.{....,..{....o....*.*Z.{....,..{....o....*.*Z.{....,..{....o....*.*~.{....,..(....o ...(....s!...z*R.o....-.(....s"...z*R.o....-.(....s"...z*R.o....-.(....s"...z*n.(.....(..

    C:\Program Files (x86)\CORPME\Legalia 2\System.Net.Http.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):83136
    Entropy (8bit):6.05230026111273
    Encrypted:false
    SSDEEP:
    MD5:1FF49D90F4645807AA04D23B9FAC37A9
    SHA1:AEB55A9A0DF580FBB13E20D7D35FD6815C9CF79A
    SHA-256:2F71D95305DE6C0DE9AF7057E349A449753EEB1755CF78824A7258E0A4C5C984
    SHA-512:D4D5F96B86C0A85522A0666B533681E37D36BB42CE3F64B76935B22CEBF2E4616E796E45FA882928902BB65C1669982AADDA5C0F0AE479DD7F24349B237145F7
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.HS.........." ................^.... ... .....a. .......................`............`.....................................O.... ..T................>...@....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...T.... ......................@..@.reloc.......@......................@..B................@.......H........#..x...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Program Files (x86)\CORPME\Legalia 2\itextsharp.dll

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):3694592
    Entropy (8bit):6.044591962411611
    Encrypted:false
    SSDEEP:
    MD5:C3017EAF96C84AFFB110EBF6303944D3
    SHA1:AEDACDA2B652EBB042F5AA3EED322205FBECB028
    SHA-256:0BDFC493F2975D8098615B8826F01494B14D2E2605B82D0A5580F93F19840693
    SHA-512:134FECD06E3C52BB17E1CCD70B44B300482260808D382E8C92F156EED82E4A217F3998A26679060E0D42FF158F655953938EA8C671EB200143386D1C61A2C89D
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.RJ...........!.....08.. .......N8.. ...`8...... ........................8.......8......................................N8.O....`8.@.....................8...................................................... ............... ..H............text.....8.. ...08................. ..`.rsrc...@....`8......@8.............@..@.reloc........8......P8.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legalia 2.lnk

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
    Category:dropped
    Size (bytes):2623
    Entropy (8bit):2.638408800535573
    Encrypted:false
    SSDEEP:
    MD5:FCC3F1194ED72318FE17033B67036F25
    SHA1:8D09DE97A79B30AA60B0D1B15CA70F985F13F75E
    SHA-256:FEE25A5776CA6E962CE68A19557C237030B327B0CDC3601A5A22DEA213C52734
    SHA-512:75360B63E2FB56D842C4D84A087680D5D2077DF507084A1531433DF963C687BF6E1A77E75B73F3B8C676EFB75931BDC4ED5A712E16E272CF88B34C5DC61489FE
    Malicious:false
    Reputation:unknown
    Preview:L..................F.P...........................................................P.O. .:i.....+00.../C:\...................V.1......X.A..Windows.@......OwH.X.A....3.........................W.i.n.d.o.w.s.....\.1......X.A..Installer.D......O.I.X.A..........................2...I.n.s.t.a.l.l.e.r.......1......X.A..{9B3E9~1..~......X.A.X.A....b........................{.9.B.3.E.9.0.B.C.-.1.D.5.7.-.4.0.1.7.-.8.3.3.3.-.3.5.E.8.F.D.A.E.D.F.7.F.}.......2.>....X.A!._DB919~1.EXE..h......X.A.X.A....t........................_.D.B.9.1.9.A.B.0.7.1.B.3.7.2.3.7.8.E.8.3.C.6...e.x.e.......c.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.9.B.3.E.9.0.B.C.-.1.D.5.7.-.4.0.1.7.-.8.3.3.3.-.3.5.E.8.F.D.A.E.D.F.7.F.}.\._.D.B.9.1.9.A.B.0.7.1.B.3.7.2.3.7.8.E.8.3.C.6...e.x.e.(.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.O.R.P.M.E.\.L.e.g.a.l.i.a. .2.\.W.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.9.B.3.E.9.0.B.C.-.1.D.5.7.-.4.0.1.7.-.8.3.3.3.-.3.5.E.8.F.D.A.E.D.F.7.F.}.\._.D.B.9.1.9

    C:\Users\Public\Desktop\Legalia 2.lnk

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
    Category:dropped
    Size (bytes):2611
    Entropy (8bit):2.628693402132069
    Encrypted:false
    SSDEEP:
    MD5:01ABD48D639B2AFFF72BF12C5AFC75F7
    SHA1:A3A2E35802730BE62AB29C88D5B2AEC0C3A3B62A
    SHA-256:35DB4009B097B57CC5B754284AA78FC66C985D3F125B6AE52AAF20C3F1B1DD31
    SHA-512:F12616C0627DB24BCC69036AC4A169881FEAEB0ECD51588253E73BE2C3DF1EFBBD4BEA7FC6023A33E9EDF4D605812946A42CDB1BA870BE998E9AE6021B0D501B
    Malicious:false
    Reputation:unknown
    Preview:L..................F.P...........................................................P.O. .:i.....+00.../C:\...................V.1......X.A..Windows.@......OwH.X.A....3.........................W.i.n.d.o.w.s.....\.1......X.A..Installer.D......O.I.X.A..........................2...I.n.s.t.a.l.l.e.r.......1......X.A..{9B3E9~1..~......X.A.X.A....b.....................#O..{.9.B.3.E.9.0.B.C.-.1.D.5.7.-.4.0.1.7.-.8.3.3.3.-.3.5.E.8.F.D.A.E.D.F.7.F.}.......2.>....X.A!._8EB7E~1.EXE..h......X.A.X.A....v.....................#O.._.8.E.B.7.E.C.F.2.B.5.D.5.7.C.1.3.B.A.0.3.0.B...e.x.e.......].....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.9.B.3.E.9.0.B.C.-.1.D.5.7.-.4.0.1.7.-.8.3.3.3.-.3.5.E.8.F.D.A.E.D.F.7.F.}.\._.8.E.B.7.E.C.F.2.B.5.D.5.7.C.1.3.B.A.0.3.0.B...e.x.e.(.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.O.R.P.M.E.\.L.e.g.a.l.i.a. .2.\.W.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.9.B.3.E.9.0.B.C.-.1.D.5.7.-.4.0.1.7.-.8.3.3.3.-.3.5.E.8.F.D.A.E.D.F.7.F.}.\._.8.E.B.7.E.C.F.2.B.5.D

    C:\Users\user\.Legalia2\ConfLegalia2.xml

    Download File
    Process:C:\Program Files (x86)\CORPME\Legalia 2\Legalia2.exe
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):1592
    Entropy (8bit):4.971310831073418
    Encrypted:false
    SSDEEP:
    MD5:860BE2E6729449E1B43D59945AEBB078
    SHA1:36FF89F0D5255BBC49FDA02F53943704A68B11B0
    SHA-256:F9E666BD7B667131BFC0FA5A48D22B1F3A3B80D05742D4543859EC107B0813DA
    SHA-512:21C1FF0CFFCCB5DF4DFAB142E303679705E9B648227CF11CBD2D7B3C605BCEF5FA4AEF271EFAAC203362256C1097ADEC5344728677F9EF85F25B966719010D79
    Malicious:false
    Reputation:unknown
    Preview:<?xml version="1.0" encoding="ISO-8859-1"?>..<Configuracion version="1.5.6">.. <Legalia2>.. <LogActivado>False</LogActivado>.. <AplicarNuevasReglasAVersionLegalia>False</AplicarNuevasReglasAVersionLegalia>.. <BytesMaximosZip>314572800</BytesMaximosZip>.. <BytesAvisoZip>346030080</BytesAvisoZip>.. <AdjuntosMaximos>3</AdjuntosMaximos>.. <Idioma>es</Idioma>.. <PathDatos>C:\Users\user\Legalia2</PathDatos>.. <UrlPortal>https://www.registradores.org/registroonline/accesoCargaDirectaLibroCuenta.seam</UrlPortal>.. <ValorDefectoCodigoRegistro>.. </ValorDefectoCodigoRegistro>.. <ValorDefectoCodigoProvincia>.. </ValorDefectoCodigoProvincia>.. <RegistradaFuenteCodigoBarrasXP>False</RegistradaFuenteCodigoBarrasXP>.. <FactorResolucionX>.. </FactorResolucionX>.. <FactorResolucionY>.. </FactorResolucionY>.. <PoliticaPrivacidadAceptada>cc91066d1995d071ae95c2fb0a0689511f8eb3ee</PoliticaPrivacidadAceptada>.. <MostrarMensajeAlEncriptarEnLegalizacio

    C:\Users\user\AppData\Local\Temp\CFGDFED.tmp

    Download File
    Process:C:\Windows\SysWOW64\msiexec.exe
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):152
    Entropy (8bit):5.038757123363281
    Encrypted:false
    SSDEEP:
    MD5:CCB860553902094F48B6D91DBAE56FDD
    SHA1:0A9909816F156632C0C8718725853F48A81FA0BC
    SHA-256:7D10AEA89090852F80436F2C5EB025DF6BE018D8C7E27CAF46131446E6ABDCCD
    SHA-512:BE344E0E9567E469FCD46E5166310779E69B092CD6B55256CFC4525287F2A0F6E52463967C58C5609D81FBAEC27422264F1C1C62E7327DD31FF7DD9920A3339C
    Malicious:false
    Reputation:unknown
    Preview:<?xml version="1.0"?>..<configuration>...<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/>...</startup>..</configuration>..

    C:\Users\user\AppData\Local\Temp\MSIDFEE.tmp

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):305152
    Entropy (8bit):6.504247783181216
    Encrypted:false
    SSDEEP:
    MD5:684F2D21637CB5835172EDAD55B6A8D9
    SHA1:5EAC3B8D0733AA11543248B769D7C30D2C53FCDB
    SHA-256:DA1FE86141C446921021BB26B6FE2BD2D1BB51E3E614F46F8103FFAD8042F2C0
    SHA-512:7B626C2839AC7DF4DD764D52290DA80F40F7C02CB70C8668A33AD166B0BCB0C1D4114D08A8754E0AE9C0210129AE7E885A90DF714CA79BD946FBD8009848538C
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|U..84..84..84...Z..;4......;4...U..<4....0.54....2..4....3.%4...Y..j4...Y..)4...Y..-4......#4..84..f5...Z..$4...Z..94...Z>.94...Z..94..Rich84..........PE..L...p..a.........."!.....N...v...............`......................................O.....@..........................Z..:.......................................l....(..T...........................X(..@............................................text....L.......N.................. ..`.data...<....`.......R..............@....idata...............b..............@..@.rsrc................r..............@..@.reloc..l........0...x..............@..B................................................................................................................................................................................................................................................................................

    C:\Windows\Fonts\code128.ttf

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:TrueType Font data, 11 tables, 1st "OS/2", 16 names, Macintosh, Grandzebu. 2003. All Rights Reserved - GNU General Public LicenseRegularCode 128:1,201,20 Januar
    Category:dropped
    Size (bytes):7884
    Entropy (8bit):4.497206670622352
    Encrypted:false
    SSDEEP:
    MD5:8FFEDC82F9B9A02F4016F502AB30117E
    SHA1:E9E851434E0170BE30477DCA722ABA27DF1C5241
    SHA-256:2998DE8D2EBED4F31BC7CE8F1A0414342D35068149A6A52C14BCE8EC8BCCB0DB
    SHA-512:DA533C2575793B85602FDFD785B3B03E40F306BFBD349A90FC3E2EB645826D11FF9442BA420F8F0DB801A1DED9F399F697077200BE31FA0157790B18DE0D7CFE
    Malicious:false
    Reputation:unknown
    Preview:...........0OS/2_..c...8...Vcmap...o...H...Jgasp............glyf.7.....t....head.6z........6hhea...........$hmtx.b.1........loca,{&.........maxp...A....... nameAT.]...d...+postD.J........4............_.<..........i.i......O..............................2.~...1...................n.....n............./.B.............&......................................................TYPR.@. .......2...............&.U.....&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...............~......................................................................................... .".$%..().+.....1234.6.8...<.>..ABCDEF.H..K..NO..RST..WX.Z...._`........

    C:\Windows\Installer\610ce8.msi

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;3082, Number of Pages: 200, Revision Number: {2E6A8679-AA0E-4E53-8E83-4BC40E86E325}, Title: Legalia 2, Author: CORPME, Number of Words: 2, Last Saved Time/Date: Tue Mar 21 15:30:04 2023, Last Printed: Tue Mar 21 15:30:04 2023
    Category:dropped
    Size (bytes):7300096
    Entropy (8bit):7.888165922882174
    Encrypted:false
    SSDEEP:
    MD5:0A216A9077BD6CFC068733F066135328
    SHA1:3DFCD675381A7669D1D9DDBB075277F54C7ABF3F
    SHA-256:F2077EE5D8D323FCAE3E098A94E893891FD086BF0CC82234669259A00A7D077B
    SHA-512:FC3D25752B54C5B9DF52117D2A64C309DD30B98464138F126EAE96362224029E76405DCD0DCACFFBFEF3CCF26E98783A981B2763410B0C7A800B33121C2B42A0
    Malicious:false
    Reputation:unknown
    Preview:......................>...................p...............8...................]...^...F...G...H...I...J.......B.......w...x...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~.......................................................................................................................................................................................................................................................Z................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...F...>...:...;...<...=...>...?...@...A...B...C...D...Y.......G...H...I...J...K...L.......>...O...P...Q...R...S...T...U...V...W...X...[...\...5...7...<...........`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

    C:\Windows\Installer\MSI1140.tmp

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):433472
    Entropy (8bit):5.256438373419202
    Encrypted:false
    SSDEEP:
    MD5:894A4271B7DCDF437E7280D488E6F044
    SHA1:1D15EF57D498A045FDB08CCB300072B9E7F8D1AA
    SHA-256:3510DBA25DFA5F52C5A69A4EAAF544CA84DAB30B9D59F1B675FE8B3A045C0E70
    SHA-512:61319E55B67592E7F7CB7A4A40CDCCA53D7D403E1E06B403CA3CD7335AE0D293334AEAAD3DE57DFD563037D3ECECC54549E9CBE6D4397D6CC8638960F4B9854A
    Malicious:false
    Reputation:unknown
    Preview:...@IXOS.@.....@.Q.X.@.....@.....@.....@.....@.....@......&.{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}..Legalia 2..Legalia2Setup.msi.@.....@.....@.....@......_853F67D554F05449430E7E.exe..&.{2E6A8679-AA0E-4E53-8E83-4BC40E86E325}.....@.....@.....@.....@.......@.....@.....@.......@......Legalia 2......Rollback..R.e.v.e.r.t.i.r. .l.a. .a.c.c.i...n.:...[1]..RollbackCleanup%.Quitar archivos de copia de seguridad..Archivo: [1]...@.......@........ProcessComponents$.Actualizando registro de componentes.....@.....@.....@.]....&.{BCDFC14A-50FA-2EC3-F1D5-F63029A121FF}5.C:\Program Files (x86)\CORPME\Legalia 2\CorpmeeFE.dll.@.......@.....@.....@......&.{7B65DFD2-3388-90D4-8583-B889064E4609}A.C:\Program Files (x86)\CORPME\Legalia 2\System.IO.Compression.dll.@.......@.....@.....@......&.{11521D72-0FA2-97A2-6A2D-68E534CB60CA}K.C:\Program Files (x86)\CORPME\Legalia 2\Microsoft.ReportViewer.WinForms.dll.@.......@.....@.....@......&.{AE16A91E-0972-4F2A-F17A-02A0ECD47493}8.C:\Program Files (x86)\CORPME\Legalia

    C:\Windows\Installer\MSI1567.tmp

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):109472
    Entropy (8bit):6.596202706431375
    Encrypted:false
    SSDEEP:
    MD5:3941CCF542C241226104AC61FD1CD373
    SHA1:636332A86C0C476977F3D9B7EB5D88E40A1A0F07
    SHA-256:1D1191207B4ACCCDA55DB6EC688FFC606AF1EBB3053060AE04E7EDAE0F80CE7B
    SHA-512:7034A6A17E45DBEF45950A41F60B31C295B7299CED5A34B6A8E98E9698B5A45B3A2D8EB9DF845822540802999DF244E53A3A264AC2C23D042EFCA4B946BA28A1
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......-0..iQ.SiQ.SiQ.Sw.7SkQ.S..UScQ.S..WS.Q.S..VSqQ.S;$.RvQ.S;$.RfQ.S;$.R{Q.S.#.R`Q.SiQ.S.Q.S.$.RhQ.S.$.RhQ.S.$.RkQ.S.$.RhQ.S.$[ShQ.S.$.RhQ.SRichiQ.S........................PE..L.....Pb.........."!.....X...6..............p......................................".....@A.........................e......\...x.......X................'..........lk..T............................k..@...............X............................text....V.......X.................. ..`.data........p.......\..............@....idata...............d..............@..@.rsrc...X............n..............@..@.reloc...............t..............@..B................................................................................................................................................................................................................................................................

    C:\Windows\Installer\SourceHash{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):1.165312158827701
    Encrypted:false
    SSDEEP:
    MD5:8BD6190DFB7FB0F9639BB3900EEF2BBC
    SHA1:051FC2A1ABB024777BDA9A20E9A9EAD38D7BEF1B
    SHA-256:A1EE845F511766D97DB50E3A35881546E2F0F5A508553C461398B7CF68300CE0
    SHA-512:11DA14DEF965A25EC9CDD89D5486020029E1F8150501135879CD76C87B31D440726B67FAFA1CC1487A194FCF6CA3E5709683513F55BBFA56D24AE6FBF7761BEC
    Malicious:false
    Reputation:unknown
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\Installer\{9B3E90BC-1D57-4017-8333-35E8FDAEDF7F}\_DB919AB071B372378E83C6.exe

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
    Category:dropped
    Size (bytes):67646
    Entropy (8bit):2.2944749596283254
    Encrypted:false
    SSDEEP:
    MD5:BDD1F90F194FC74A419809BBE2714A26
    SHA1:F2A247188CEB3CAB7B27142667B93FBB3A2AA58B
    SHA-256:6BE5EE580C7A537F1BDCC2E06F99A4246EE578A72E80BD3AA8D0FE1A10D896D0
    SHA-512:4675CA70051486C72A1AABB0EF3E572E3F252907988039961D976295AF39A393B1D54E8B5E7DA705AFE38DA59952D561452BE079C23C9B4A4E95090E2EC88DC9
    Malicious:false
    Reputation:unknown
    Preview:............ .(.......(............. ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
    Category:dropped
    Size (bytes):454234
    Entropy (8bit):5.356154854546596
    Encrypted:false
    SSDEEP:
    MD5:760654EDCE079A2893B057E63CCB5654
    SHA1:4B5ADB6AEDE2E4DE7B28FC4BF67C4E912DB5BA2A
    SHA-256:A9D35CACD467BCB8A39EF1E763786EA9C1664D3118C8A417A73437F58ECB274E
    SHA-512:977FCCEC2FDC1201D2A89C872FB519FF723538E3FD8405CC747868365215FFDDDA9DDAE8C4612A86D8CDAE6FBFE1D106618FE6323F17B427B29CA038B2661DC9
    Malicious:false
    Reputation:unknown
    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

    C:\Windows\Temp\~DF047C0385DEC1F9A9.TMP

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):69632
    Entropy (8bit):0.1983582915415147
    Encrypted:false
    SSDEEP:
    MD5:519893957CE9C6DE4FFC2CC2DA924DD4
    SHA1:8DECCA2F1FBCC6E6103CDE85A69117103067C3F5
    SHA-256:D753AD4E8BB13D2360EF5B050F84510E2C28810ECD8E55367717FD2D868C89F1
    SHA-512:35B3721EE97B3A9CBF0CE3963EC592D9CC0FA0F29F11FC33E09DFA93D659BDF52C754DBB3CC2310426C2E82EA0332E488C929AB9C84128F73950C00A8CF5FF53
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\~DF6AB44113BFF427A8.TMP

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:modified
    Size (bytes):512
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:BF619EAC0CDF3F68D496EA9344137E8B
    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
    Malicious:false
    Reputation:unknown
    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\~DFC5F44B05F4FE42D3.TMP

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):1.7005377544754858
    Encrypted:false
    SSDEEP:
    MD5:3895C907F4A6ABB4E3A31CCB93F9F306
    SHA1:43DDE929234C6E08A71A809DFAFFF829DCC20E23
    SHA-256:A9320E1DACFB8C36F5E2FE45C8FF78F47DC9C893B01F9E32430BB26CBCC71B3D
    SHA-512:CB60C4804EB15E13E2160D1DF262F7F29A5A7381AB34AD8BF621A63904B4F69D9AE94F76A60AA16E313415A8E549B98C14D634AD48AA6CC2E2B2028E289EECC9
    Malicious:false
    Reputation:unknown
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\~DFC8826386CB0E8AD3.TMP

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:data
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):0.07264902631307761
    Encrypted:false
    SSDEEP:
    MD5:E6021B3860BEE8FDE1F8898C054055DB
    SHA1:6C95EE98C540B88D899814954B5BBB859EDF6EFF
    SHA-256:C9273A6413D953C3FBD66DA94A768E1CE389E4A9D6C20313027B7F571EFAF65E
    SHA-512:02EBB53A525B987C09EE35FEDF2FA7163420C95A055699DE443096CF4E0C3AF69DFB024F9D504521AE8F423D01185F5D41EADB4994492177B5849A573CA9A38D
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Windows\Temp\~DFCEEEDA8442420AAF.TMP

    Download File
    Process:C:\Windows\System32\msiexec.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):1.3517944755506481
    Encrypted:false
    SSDEEP:
    MD5:C8F2ACE8D844F2436C1421A753FC1269
    SHA1:01E51A5AD146464DA9F8018EB89AD038D509BF28
    SHA-256:1EDB7A49C2CA0892747FF3C456462B9CC420DC014F8F21BC1A959EC78534CBE8
    SHA-512:AE2326163E19F33CC1219CFF41B39A1D7E80979ADA2DB5697874E6893EBB51F27666653043DA905AE31E7DED8CFF4447D0FD84F28933FF79C8E4B5C8B6BA7E4E
    Malicious:false
    Reputation:unknown
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    Static File Info

    General

    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;3082, Number of Pages: 200, Revision Number: {2E6A8679-AA0E-4E53-8E83-4BC40E86E325}, Title: Legalia 2, Author: CORPME, Number of Words: 2, Last Saved Time/Date: Tue Mar 21 15:30:04 2023, Last Printed: Tue Mar 21 15:30:04 2023
    Entropy (8bit):7.888165922882174
    TrID:
    • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
    File name:Legalia2Setup.msi
    File size:7'300'096 bytes
    MD5:0a216a9077bd6cfc068733f066135328
    SHA1:3dfcd675381a7669d1d9ddbb075277f54c7abf3f
    SHA256:f2077ee5d8d323fcae3e098a94e893891fd086bf0cc82234669259a00a7d077b
    SHA512:fc3d25752b54c5b9df52117d2a64c309dd30b98464138f126eae96362224029e76405dcd0dcacffbfef3ccf26e98783a981b2763410b0c7a800b33121c2b42a0
    SSDEEP:98304:ioYic5MkgxLaYxCnTbLmbIExN+Pzt2iRZGHH/vJVXMo/uar0wi1YbdierPY7Hpxx:eiqMkgxLt0bN8EpCp/t0bYbd57GFrPX
    TLSH:8C76230179828E37C2EF053D44F5D6D7473AAD2049A84B7B6358F3AC5A332C1627FA66
    File Content Preview:........................>...................p...............8...................]...^...F...G...H...I...J.......B.......w...x...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y..

    File Icon

    Icon Hash:2d2e3797b32b2b99