Windows Analysis Report
https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi

ID:	1431475
Product:	CloudBasic
Start time:	09:09:30
Start date:	25.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Config.Msi\52f118.rbs	data	317DB5E1C09C155258AA6926051CF076	30B80F1CEA33489440EC620F4C1DB756EC701628	AA4722541A960A41469F90039A7BC02DA5423049D8E5D9E517EB2A83E547FD76
C:\Program Files (x86)\BistroPortal\BPortal.exe	PE32 executable (GUI) Intel 80386, for MS Windows	1DCA0C8BE772B030CE225C7B734BDB4A	ECE17D617D86BA5F508633EF89DB2185D4C58DA7	7B07EE7FCBD39B0272FB3044167B66E4FC4E1C6E0ADE4B914803D455CA2B3132
C:\Program Files (x86)\BistroPortal\BPortalWebUi.exe	PE32 executable (GUI) Intel 80386, for MS Windows	D94E9A0BD97A7E2B218B4F7AE3BAF598	747C73E579AC367545068458A1747C8D0FA87D95	2E8F90D2FD560A73C51DA5D7280BF287B24B004A5E78DEC7EF79DF06854232F2
C:\Program Files (x86)\BistroPortal\chrome_100_percent.pak	data	D3E06F624BF92E9D8AECB16DA9731C52	565BDCBFCBFCD206561080C2000D93470417D142	4EE67F0B0B9AD2898E0D70DDFAD3541FBD37520686F9E827A845D1930A590362
C:\Program Files (x86)\BistroPortal\chrome_200_percent.pak	data	34572FB491298ED95AD592351FB1F172	4590080451F11FF4796D0774DE3FF638410ABDBA	C4363D6ECFA5770B021CE72CC7D2AB9BE56B0CE88075EC051AD1DE99B736DBBD
C:\Program Files (x86)\BistroPortal\chrome_elf.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	8732BF6CD91A762B87758CF78A7DA97E	C4934F48A92EB1115442117F5FD0A633495E4F00	7FAD9E6DA723741C35E5FF224045692235C20B367E0F73C200D0A0E63F8808C8
C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	3B4647BCB9FEB591C2C05D1A606ED988	B42C59F96FB069FD49009DFD94550A7764E6C97C	35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
C:\Program Files (x86)\BistroPortal\icudtl.dat	data	74BDED81CE10A426DF54DA39CFA132FF	EB26BCC7D24BE42BD8CFBDED53BD62D605989BBF	7BF96C193BEFBF23514401F8F6568076450ADE52DD1595B85E4DFCF3DE5F6FB9
C:\Program Files (x86)\BistroPortal\libEGL.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	FE109AFAD5EE8AEB15F55CC0CE728608	E3B087D261AC7A7822F2E6B1C5D9B26CE973CA5A	5CD7E15F9D43F95BC256F8CDE1957F936E81692A17659FFE7EF41FDCD2BC0FF7
C:\Program Files (x86)\BistroPortal\libGLESv2.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	2906EB7EF18FCECA8ABD673C4DD57EA1	A3EE1F221F4F83009DC6F05E9B9EFADF60BEC5C0	6619A86CDF911720BD23A6FE41BDA19BE0AF9F3A163E95C82DFD6CECD4E5AD4B
C:\Program Files (x86)\BistroPortal\libcef.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	B04B64D4CE9A70D2F72537A2C52AF447	5599E7E9FBE84AA5EFBD78F11D4576F9A0B98FF4	5F8145E7A626A5DC2BDA3B29262D9147DAFC9BF8227FC69F09E013C2C91669D1
C:\Program Files (x86)\BistroPortal\locales\af.pak	data	305378FA2FF19489D7C92E38ECB00D15	AD58D051630F7F5CAE49A476E5853526EEA62DB1	3E213750DB54BA51437DE9A1F4C65ECE0ECA9892C1A4EF466DF81801AA121200
C:\Program Files (x86)\BistroPortal\locales\am.pak	data	079E3292162EAC768212DEC07942B372	EE9A5E1189AAE8AF3EC281B49BB1F53BB97BAE48	D5A439941C175F00848E49829CAF117C61F1385369EFE3A0983AB0269D0A7FFE
C:\Program Files (x86)\BistroPortal\locales\ar.pak	data	658885F79FB9AA70871295B232C4326A	DFA0B9ED4172BE790DE734BC8636290E1DBC7329	E954F9B353A9DB716F0F4E6D329340E4DB7B4104E120D8E38540C56FBD8F86C9
C:\Program Files (x86)\BistroPortal\locales\bg.pak	data	391D84A3DF1DAAB40AB2379E1F34A25C	62D47FACBE09DC1D6EF995F4F108414E958C0F5A	74ED9BD6F6A26E4B2924E18762C65CA93023225584CBC48C849516507056F085
C:\Program Files (x86)\BistroPortal\locales\bn.pak	data	14CEFD7CF2DCD18E9307EF6CA1F8EF71	DE840E8AAB095F0F8284920E9CA3BB0672EDFCD3	D10667C92482588F1BD3A935694E3782BABD49216971549B1EA5F480B97D0621
C:\Program Files (x86)\BistroPortal\locales\ca.pak	data	EF1FDB32DC585CC322001268C2AE2E16	A5F7F8B3F53958DFCB81DA619C037EF409F13843	3EA9D9FB89246BE49FC50E6352CAC01E0BD8C09F893C848A5917A4EDA94DE152
C:\Program Files (x86)\BistroPortal\locales\cs.pak	data	69D49B2AE2F0154A389654F1A813BE68	B24994D400F7FC56C8A059BD6213F80B182F5C89	1EF829A86F8D3153B89A5615DFB1EB907944B3963DE99B717B6C3545B9CE692F
C:\Program Files (x86)\BistroPortal\locales\da.pak	data	F245E8A82707C8F1F92A7E20168974B4	A1B1A72DE96C513A79B3A862C860EA95AD5CC826	F4BEE57359E2E6CBAF1E9F9BBE8E5CD09FB86AB4B6E8B824F5AC231AB0580746
C:\Program Files (x86)\BistroPortal\locales\de.pak	data	4391AF0B2214F3533754F72B7C9BF6CC	916FB392A1A16FABB09497052708327B99B8009B	3D23FBE8C05F3673309FAC0B3EB25ECB58D9DF044C4CDDD4CDED6A18CCEEF07E
C:\Program Files (x86)\BistroPortal\locales\el.pak	data	CAFE81C476214BDB7460528DDE620233	7115070ED4FCE96EBF041664A479DDB8D5DA88A1	6A27A089066FA780EBFACEAEEA3CC6A916BC64CE62E6ECE7F857EBF7ED69897C
C:\Program Files (x86)\BistroPortal\locales\en-GB.pak	data	2C846E20BFC306B063651D8A21C23981	A4D79FFF3F99A5F91ECC9B402A44AF8E74418BC0	1ABBA98CBE0303AEFBE09B91F621892AA5EF0B8E15F9F2DC23C78D6ACD5A676B
C:\Program Files (x86)\BistroPortal\locales\en-US.pak	data	A8D060AA17ED42B6B2C4A9FCBAB8A7E1	16E4E544ECA024F8B5A70B4F3CA339A7A0A51EBF	55E4AE861AA1CACB09DB070A4BE0E9DD9A24D2D45E4168824364307120A906B2
C:\Program Files (x86)\BistroPortal\locales\es-419.pak	data	E100B41F2F208F94E214FEDED131F16C	2414A67E055C3F015303B75038B8AEAB4105D7CC	DE7C8A29C6333EF7423AE2E4E515BBA7A4ED849DDD47F4886ED26B6A84535177
C:\Program Files (x86)\BistroPortal\locales\es.pak	data	B1845EDF91FFDF33AA2F0A1FCBCF7933	D5C21080D0F6CFAAB05D38FD1E09E85E1473CD31	E7747CBDE421C88B1F9FC4A23FBEF466BC73CAAE123B5E73C9FC7C3D50307E29
C:\Program Files (x86)\BistroPortal\locales\et.pak	data	6CA350436544813A70C42C605F838DDA	DC482D4B35F93DC3BCB6F9E2FF05204D16FD8D78	0F1C65CF3C19A9E267B2AA850127ACC5740BC84D7C6AC81DBA275B0D07D16842
C:\Program Files (x86)\BistroPortal\locales\fa.pak	data	419578CFF63A3B19D445BD76D1B4EF31	3569545DA984115842F3DE55E9EB5EFC1F12AC36	9951C60765DC6EB956CF7A88466DFEC084EB470AE354617E76FFDABC9504B4B5
C:\Program Files (x86)\BistroPortal\locales\fi.pak	data	8606B0214820456FB8912C72160F325B	57911D980F14356E49F7AE3B1998FE14E3009730	85DE77D98D7A8D64A8F5A2CD23DA8298377DBFEF0EABE19DEC462CB9C54830BA
C:\Program Files (x86)\BistroPortal\locales\fil.pak	data	C3809AB2DC946EC1C206B4F6B6B360FA	F02F760D0A5E2947E0A303FE74BA3A1107DB76EB	742AD7B51E0D60D0F3DFA9AE5B9BD0C89ED65C7786B78D989976D936BBF00833
C:\Program Files (x86)\BistroPortal\locales\fr.pak	data	F9736FDCD4A687975065DCE1A8A4165E	D61919134AF14D173D9924E8C4FE6FD724C382E6	90433F513853EB1679B8092E3BF6118468487CBC93263EACCAA6C3B3436134F5
C:\Program Files (x86)\BistroPortal\locales\gu.pak	data	68B6FF1C3EC958BEA375D9E262FD1D50	3316616D90525476F19890674B647C81C954A6D6	35DD5AF2E398F80538D1BDE5701C17F4DEA6FF38A9B54F3DBF2E35F0BE989DD8
C:\Program Files (x86)\BistroPortal\locales\he.pak	data	FF2761F7A8750DABDD020DB198B59C81	608BB4FA80616737DFEB3A566C1C09FF39331C4C	E8C3B8DE967CE2BE8501CECAF34E874349D4F5DBC0572BDED470D600EC9B9B96
C:\Program Files (x86)\BistroPortal\locales\hi.pak	data	5CAB306E80E33E84D2BBD0C5778F679D	81955B19004853685B8C9422A8C1DDAE0CDF1EBC	C085F7682AA90E571C7CAB430D9C993DF7220C4BA7BEF6CA9535442E7BA47345
C:\Program Files (x86)\BistroPortal\locales\hr.pak	data	8C97405A7104C7E817EFB8C24040EFF0	766A990AD2ACC123AA07BE4DA00713FF2A3DBA71	23ED11C02FCF848AFBD0E0C1301F9D3B9B1267768A14BEA7233838A3705BBA72
C:\Program Files (x86)\BistroPortal\locales\hu.pak	data	2DF6993C9ADE7FFE81A32110EA8AF59C	D41578AA452BA014855718649C9BD0F4BE4F3FDA	7745DBDB744018B919B278BBF177E2BCC1ACE045EF89F1F12385D3C3EA199644
C:\Program Files (x86)\BistroPortal\locales\id.pak	data	B477ACE2F99EFEED02CC9B69C7806AC1	C5C31507ADCAAF1D9341B340FE985A9B9F37ED2E	A15956FC814A58921B128A7501A14B1B46A3A6A91F2C9585EBE03684B4633D04
C:\Program Files (x86)\BistroPortal\locales\it.pak	data	C75455595E050C22C3CC2D246F4C0723	9CC815AB7F55959A2713BEEBD3A4B2BBF373F982	569E35D401CA6CBC02665C797AFB3A8D74B9E8AD5436BABC4F0ADF6633984ED8
C:\Program Files (x86)\BistroPortal\locales\ja.pak	data	87FC19E8AE7FD3FDDBD57ED1F1920DA7	669D4379824525343F6A7395AB4288D5C0EED67A	8F3866E348114DC523CE54C18F48BF584C45D88CFA1B551E77C5FF9AF3D98E16
C:\Program Files (x86)\BistroPortal\locales\kn.pak	data	88D997A61195BE55A448602D0DA5A18D	68DFDE9BAB97083318F71433A9C0DD6FD3E486D1	DEDC68395D55245CE31307606C94A2B01041FEC0DF7F30DF932530D60A83EFFB
C:\Program Files (x86)\BistroPortal\locales\ko.pak	data	C45F87E32B4D8BBCEB0BE70422268CAD	A86652B06EC8AD497EC3B26058DE43719EC19489	979C49A8C189CEF8661CB8786318E8DFC34537F910088A2F6FA061FF2DB8F96B
C:\Program Files (x86)\BistroPortal\locales\lt.pak	data	5A69D04EA22C01A30ABC898BEB1A0CD9	99FD743F3F7DAA7942E3C96AAB5514A4964B987D	BA6FA852B9A29A01CF48F012EC8C25BCC9A8E50ECC88BF67445572C7A1226ACA
C:\Program Files (x86)\BistroPortal\locales\lv.pak	data	E4CD6BD3FC9FBF169BB969125B6E6AF0	5BA3028F04450F5719A0BE874897155DDFBEC9A0	3C0770264F6297F40299875236D3160B6D3899C89EE03B8F4640425574B5F047
C:\Program Files (x86)\BistroPortal\locales\ml.pak	data	6F7D497FA095A87BA77985760C749D31	39B7644C52A3443BDEFD8A67D27ADE30876E9A67	2475D2A29FEECCE37C67284BBCFDF52527FC9EB1EAC0CB81ADB307BD6073B7AA
C:\Program Files (x86)\BistroPortal\locales\mr.pak	data	0980B8DA2385CAEB8DB47F031CF825BA	2932FD301339D5F1F970AF5B83C904A0FF54C6A4	EEF4F77EA9BFDCA58FDD48C105F77C29E7E586B4F98374897B59FEE23261DD6E
C:\Program Files (x86)\BistroPortal\locales\ms.pak	data	E027E7853B8B9DD24871456F14BB8744	189219A26B54B19FD8E88A37C06FDF8D12E6BB48	4006F5341D8A954422383BE2D631DFC3916BEF0866B818F22E568666454B6A9A
C:\Program Files (x86)\BistroPortal\locales\nb.pak	data	11586465E13CC391D0477FBE47EC45E9	0D28FFD0F71C6FF7AAD3FB7CE78371A23E9B5B3E	C9E6BA8B6C6E28F22C4FAB5A4DADB29A6BF241A4D0D76A7DB5D56B112F65DA41
C:\Program Files (x86)\BistroPortal\locales\nl.pak	data	A78342F05AE43C5700A4BAB660C8AF5D	5AF055F4173A1B480A83E3BD5A40D39285BEF4DF	C7AAC0884458115EBB5B9B84F5197B7C25CE68FFC150A24A6A68B6B04E604AA5
C:\Program Files (x86)\BistroPortal\locales\pl.pak	data	827893A75C44CDD33EC9A971784B23B2	AE83987940A763FDD35DF06236C92CF9263BC12D	6FED6867972984C9CAA70F3C752AB20B72EF644E9858587311E864BF84644EB7
C:\Program Files (x86)\BistroPortal\locales\pt-BR.pak	data	7C98581A10A5C3A8945449ED5FC76FD5	C577BC8B8E7D328B341D3802179E7C5CAB08520D	5A01AEB9445671D063992488B5016FF7507E8C4A145F95C02BA4E8497042A36F
C:\Program Files (x86)\BistroPortal\locales\pt-PT.pak	data	B4FF86FC5AD96BCC3D4170B1E9FFE508	70ACEE277D74F7198FD89A85BB8FBA9491D995F3	36DFF552701125A2090872570B0E8CCF2408BAB351955BF2633FAF95BDF18F7B
C:\Program Files (x86)\BistroPortal\locales\ro.pak	data	429453C95F44892282B3E8950D767BCA	6F6509C120CC0B98F5A0F2FD6D3258507129CD0D	E5A2C82A3759525F26C8A501700B657E3E8924CE131523AC1F4143DCD0C504F2
C:\Program Files (x86)\BistroPortal\locales\ru.pak	data	37252BFE5EC58325DDC455661203A1D9	1AB4F6A760ACD8E2517BEE42881750ACFC970A93	7BBF682BB72A59E55ECD1807631C1078E89DDED57AFBF27092F5498C0517DAF9
C:\Program Files (x86)\BistroPortal\locales\sk.pak	data	151C68194B1DD25B921C6B3E0BD8970E	36B7A5A7D2E1FE99EC9D292F58AC0C6E66720E6C	FE2FA256B7632868199FEA85A9F03238D98F1A2519F510F32583DF26B10D75C0
C:\Program Files (x86)\BistroPortal\locales\sl.pak	data	9216DB464601FEA48DB43A11E8EC1C2A	D6336335193A961E3A41163ACE20584542064040	586B6955D0FFE670D6EA395C5CA892E30A50F19CF46D14E2E0BF96241C42C2D3
C:\Program Files (x86)\BistroPortal\locales\sr.pak	data	1E1586BDE8F9AB983B44F3545207A4A7	32D0CD4F82F0608EFE5663EA3E015BEE02F100F9	8787F0197145F7DEA0913C681E7210971C2F445820B18D2BD46755EDB1F6BFBA
C:\Program Files (x86)\BistroPortal\locales\sv.pak	data	B91584A15FAFAF0F8F4BEE8AA2A89392	CA74D0170ADDC3D1F2575F78E74EAA829AD4D61E	FB5FCA3F1070AC66D74ECDBF6EC8019EF83BE19440200EFE704A919561478E79
C:\Program Files (x86)\BistroPortal\locales\sw.pak	data	F705479B21542EFB2D1D0949148D1162	971A551036BD84473B7160AE3A8A685FB18EF6D6	1E8241C4E3CE461727E5BD517ADB16DBFF269D62BAE3C6CA3E71C451641BF013
C:\Program Files (x86)\BistroPortal\locales\ta.pak	data	7C450BF31072DCF36BDE01C0D05BA41B	B96AB5CDD9BF314964D487D9AB611C3F63C53CAF	D9A1509244F1020FA91F110B37AFE6A72CD26994ACDB73650B824613D12EAD68
C:\Program Files (x86)\BistroPortal\locales\te.pak	data	6D4D3E657FFCA020EFD136E111B5A804	D1BC975AF4167B19641434EE713895EFCCE370E9	76482CE268988399926E39853CAB7AE284D11256415D74C47F78E9EC329716E5
C:\Program Files (x86)\BistroPortal\locales\th.pak	data	741FEEC71604E01CEFC9452ABD1607E0	EB2B2135D8C11746128C615B6EDC116D6E43CFCB	28500B94569C2DF37B827D95E1D32ADCC9AC3844E062E025976342A9861F28AA
C:\Program Files (x86)\BistroPortal\locales\tr.pak	data	4D33D1571AC15132F4031AA2E1614F58	AA09F2480FB950D6CF5C09CFD5E327F783FE4DD1	9044D7F65DAB1D83B38E2563957F75C8CF20518A652069ED4AA0A2750B416DDE
C:\Program Files (x86)\BistroPortal\locales\uk.pak	data	4DFE248064586E469D5E802F2176A985	A6AE6E59421FD9C4428303D665C65AC97D0B28FF	71C9BA90E54C09803DCDA706806E3A32680B47D116C3BA003232AB383BDD03B4
C:\Program Files (x86)\BistroPortal\locales\ur.pak	data	20370AF851A11AD3BD58CD33035CFEDA	024C466A4E9002311B8A8C498B489AC357AC3C61	A911541F815F3488E2C6EE3E52ADA2A771BB14237982C84C0CB81DCEE994AFCC
C:\Program Files (x86)\BistroPortal\locales\vi.pak	data	A59DB20DA040A181F48D953D26860967	484431EE751E4C14BFFED15F9E61DE130A69EEF7	8934B10330C7231022CB9C710EF462AD41427E3D00FDDD4606B663EAE9961ABA
C:\Program Files (x86)\BistroPortal\locales\zh-CN.pak	data	A31C3C11CB32F359B3BE69E62A29378D	396FBAD5177F600C228D05A07B47991DC2B34EC5	473553A9877B1BEB5E07CA2EDCAFDE8260F218A1EF26FFCAFD1BC48F81811257
C:\Program Files (x86)\BistroPortal\locales\zh-TW.pak	data	11464F2E3AA0F389FFD34304B0B709BF	BA73E42B74182403FE98C0211A27D8488300D3C4	CFA8E568E9FFCC04731D42880040D6FEAC75378320FA79B2D982C48C40E5D2B2
C:\Program Files (x86)\BistroPortal\resources.pak	data	5955471C84EAAD269C23F8A22B71F781	D625FB0B12D132FEC9F91CBC7DB54887589F202E	B8AE091D95E927A75A9B0A367A8EE9BC5FAE0A10427EB77CB3C3460097CD4F5E
C:\Program Files (x86)\BistroPortal\snapshot_blob.bin	data	CBA13F0A5EBE5D2D19F719E6852FCBDA	19F403863A8B9E39E04B9FE06C4056F1EB6C6354	E5DA22C6DEA005A05919E5E9486E3A773A410D1BFC298140D896C661A1D5CAC0
C:\Program Files (x86)\BistroPortal\v8_context_snapshot.bin	data	E41092148E381DC2DE6E2A82DF54F857	4ECC22A7461367B411191C2D71624453C1EF8149	EC605373BF61F9876012C5816A36B853E404DD7D2508F469599F8B499EC6A9B8
C:\Program Files (x86)\BistroPortal\vk_swiftshader.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	8ACDBC4BDD49F2E839CB7E762653FC49	18332F2CF72A9630174325737B0C11BA119A8C3D	B9B1B23598210E2079FD49C0F0E7E046806B5440F4887113E0B77FC2803E0EC8
C:\Program Files (x86)\BistroPortal\vulkan-1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	05729E4E09E0BAE966794B205C5DDBD0	20BD0602CA2731C800C07A176F65137E41E57F37	0794B747F2C1FE1A70F7EE7B2BDB8009070C94B8E48E9DC32BE5326286BAC14E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BistroPortal\Amadeus Bistro Portal.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Apr 17 11:01:44 2024, mtime=Thu Apr 25 06:11:48 2024, atime=Wed Apr 17 11:01:44 2024, length=7439408, window=hidenormal	9961D705A1DB67AA331D88B9660C7988	97F7CC4BCAA4F0064BE39B049E5683988BA51693	E3145B5F77A85382C386F6D5E849C0FD0A0A8A08400676B004508AE35DC3713B
C:\Users\Public\Desktop\Amadeus Bistro Portal.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Apr 17 11:01:44 2024, mtime=Thu Apr 25 06:11:40 2024, atime=Wed Apr 17 11:01:44 2024, length=7439408, window=hidenormal	954DADBC2931251346416891AA40C210	30DD57311593CAC1C1F246958CAF4708444157B5	F25B96612E5B1F110896F9C4BE8883410C097AB670A53AC405FF3BFDBAD02EB5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	50CAA3D73F39D65220D21576461B82AA	5A763CD7E277685012CF38B210CD61C73A5C8D57	323B8F051EACDD8EBECF634747E24564F43984B487851CC17195B080E93B0E71
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	DFF6B1745AC522E94F6AA687CA0F9A01	28711D0D84C9B7B9B203CEE00069E6E53548EA67	C57B48BBAAEB68DB8EB44646F9B1F8151D6D7C5F664699206B3B66B3C764A7E4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	78DCBA59DDDAA206FC67FD0D91F51AE9	3FCB6B7DB3DD993D46619FC0BF3929816204FAC2	26893A017900E965D85A13F5B24AF59E7C00A50D19B86FC32C3EB6328A2FD6C2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	13E3B33A7A1A34EDD932329455BAD450	DE122D54FC8D33F0CA09A85083E6A2C2440C6637	0BB66EBAB924163A2DE4BB50CDC05DFB5D57CFF02B5D928BB54FE827A7878255
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	17B974A838EBC7277241266BFEB34752	5C2A34A1F6E544975D2FFCAB65E9DF851519605F	CA5017CE86DC182A61F37E0AF78BE09F5861DB3906DD77C8D84F7154E4453721
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	523D37907AAB2A05342313BE2021F2A7	9EB529DD0197900031C4563D6A28740F2405EF00	CEFFD3FEE5E59AEA3E11811349B2165D9ADFBAC391C766B68F3C88BA1A59C470
C:\Users\user\Downloads\BistroPortal_9.10.102_setup_de.msi (copy)	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Amadeus Bistro Portal, Author: Amadeus Leisure IT GmbH, Keywords: Installer, Comments: This installer database contains the logic and data required to install Amadeus Bistro Portal., Template: Intel;1031, Revision Number: {7DE516CC-454E-46AF-B433-9115142FC1B5}, Create Time/Date: Thu Apr 18 09:32:18 2024, Last Saved Time/Date: Thu Apr 18 09:32:18 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2	FDBC4B17C9AB9E4A817383A7F6AECCD3	3E0BA6D95DCCBB2E545F38F04325AB889AEE06C4	2D501E35F33C6F288535F3551E73AE94752502AEF678C92620D0225713E5B291
C:\Users\user\Downloads\Unconfirmed 365049.crdownload	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Amadeus Bistro Portal, Author: Amadeus Leisure IT GmbH, Keywords: Installer, Comments: This installer database contains the logic and data required to install Amadeus Bistro Portal., Template: Intel;1031, Revision Number: {7DE516CC-454E-46AF-B433-9115142FC1B5}, Create Time/Date: Thu Apr 18 09:32:18 2024, Last Saved Time/Date: Thu Apr 18 09:32:18 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2	FDBC4B17C9AB9E4A817383A7F6AECCD3	3E0BA6D95DCCBB2E545F38F04325AB889AEE06C4	2D501E35F33C6F288535F3551E73AE94752502AEF678C92620D0225713E5B291
C:\Users\user\Downloads\e7b29052-a764-44ea-82c4-1af9067154bd.tmp	Composite Document File V2 Document, Can't read SAT	E7A7BEFF3532B2972B17C9FB9BD22D76	74DF82A47EC441BD70535BCBFD6A36987C3F3571	F0EF0D400CFC99B37B4E3CA7139E20A7DCB8A807CC0B01866D5F855F151D5AB9
C:\Windows\Installer\MSI27EA.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	A3AE5D86ECF38DB9427359EA37A5F646	EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90	C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
C:\Windows\Installer\MSIFDAA.tmp	data	D7D2901C600626B8272DFF9EB422CD12	58BF2760E863E38F13A61A42EC962688ED44F566	22EA9DAFEA41435EA8EA5C08FD611296F400E8959264A835C063D221B8679E6B
C:\Windows\Installer\SourceHash{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}	Composite Document File V2 Document, Cannot read section info	168FB59428DACAACFD9665E6386354AD	4BC00D33FBA22D6527D1468C78BB103FE326C1D8	A38330CCC5EF2DF79ABD5249E53574EDE84B9D74BD46015EAE8F409DCD01AC58
C:\Windows\Installer\{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}\BistroIcon	MS Windows icon resource - 5 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel	F57B6A07EC5436F86104B2D57F106B12	3D526286F864D070B5AFDDBA1F527117DAD9B40B	B859A888E39D05F919F2AA207573E6F1AF07F14986C9613972CF66E18BF8610A
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	2CA1831D4B57A9DE3C1A684145EB0C48	4DB1EFB816907C6954A71D96AFEA8EDA512CE829	5DEDB9D3FABB9A07C6295EA1ACD1730335CEDEA772BFA44717BCA7359E541983
C:\Windows\Temp\~DF2F8BE6BDDAAD0D12.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF425179CC499F46DB.TMP	data	33095FF492614AABC8056FD7F431915C	80A1DD7E6CC439141A3164A2116493904647668F	974557A1F5E6620F5EE50EFE538CA38E65E5EA51F4F786E1C7CB05C4FD524486
C:\Windows\Temp\~DF589E67984BA26261.TMP	data	73EB42659EB2ED169CD7D5525C5812BE	FA396BA6A4CE31A5765BEE604B2A3FA7544C42E7	A24A313EABE6DDB1A6089A0D9F604DC2E949933EC2EA39BE01B3962648D2E2E4
C:\Windows\Temp\~DF7FFB6D8BB0475148.TMP	Composite Document File V2 Document, Cannot read section info	5E29B5186352D3EB33417753BE5D2AC9	3E102C0AB27618030FF3BB852DEF2777D7E645F7	344BA8C2807AD764CD5F564A6CFDC9D90AC42AC744ABAE02C6615C63A79EEF11
C:\Windows\Temp\~DF937DDAE1C8A256A4.TMP	Composite Document File V2 Document, Cannot read section info	20EFD6A9C83EF63677075C973DDF485E	9254FEB91449FE25FCE93824266DCE7B1539CDCE	852A1EDD87423A6B41D9BAA549BD54E51E7068D0E977FCC255DE0AE7018958DB

Compliance

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49716 version: TLS 1.2

Spreading

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\System32\msiexec.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Networking

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: bpupdate.amadeus-leisure-it.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49716 version: TLS 1.2

System Summary

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52f117.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFDAA.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFDBB.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFEE5.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}\BistroIcon
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52f119.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52f119.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIFDBB.tmp

Source: classification engine

Classification label: clean4.win@22/91@4/73

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\BistroPortal

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\e7b29052-a764-44ea-82c4-1af9067154bd.tmp

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF589E67984BA26261.TMP

Source: C:\Windows\System32\msiexec.exe

File read: C:\Program Files (x86)\desktop.ini

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,13528502181189178401,7161413107906935293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,13528502181189178401,7161413107906935293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Downloads\BistroPortal_9.10.102_setup_de.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Downloads\BistroPortal_9.10.102_setup_de.msi"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D3ACF2FE856DC08AA3F34FC43853299E
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7257BF0C576D4709F0900F2270C9D578 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D3ACF2FE856DC08AA3F34FC43853299E
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7257BF0C576D4709F0900F2270C9D578 E Global\MSI0000
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: linkinfo.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntshrui.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cscapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\libGLESv2.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\libcef.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\libEGL.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\vk_swiftshader.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\BPortalWebUi.exe			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\BPortal.exe			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\chrome_elf.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\vulkan-1.dll			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\MSI27EA.tmp

Jump to dropped file

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BistroPortal
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BistroPortal\Amadeus Bistro Portal.lnk

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\libGLESv2.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\libcef.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\vk_swiftshader.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\libEGL.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\BPortalWebUi.exe			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\BPortal.exe			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\chrome_elf.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\vulkan-1.dll			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Language, Device and Operating System Detection

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation