Edit tour

Windows Analysis Report
https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi

Overview

General Information

Sample URL:	https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi
Analysis ID:	1431475
Infos:

Detection

Score:	4
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Checks for available system drives (often done to infect USB drives)

Creates files inside the system directory

Deletes files inside the Windows folder

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Found dropped PE file which has not been started or loaded

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

System is w10x64_ra

chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,13528502181189178401,7161413107906935293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msiexec.exe (PID: 7948 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Downloads\BistroPortal_9.10.102_setup_de.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7996 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 8136 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding D3ACF2FE856DC08AA3F34FC43853299E MD5: 9D09DC1EDA745A5F87553048E57620CF)

msiexec.exe (PID: 8180 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 7257BF0C576D4709F0900F2270C9D578 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49716 version: TLS 1.2

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\System32\msiexec.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: bpupdate.amadeus-leisure-it.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49716 version: TLS 1.2

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52f117.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFDAA.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFDBB.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFEE5.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}\BistroIcon
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52f119.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\52f119.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIFDBB.tmp

Source: classification engine

Classification label: clean4.win@22/91@4/73

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\BistroPortal

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\e7b29052-a764-44ea-82c4-1af9067154bd.tmp

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF589E67984BA26261.TMP

Source: C:\Windows\System32\msiexec.exe

File read: C:\Program Files (x86)\desktop.ini

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,13528502181189178401,7161413107906935293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,13528502181189178401,7161413107906935293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Downloads\BistroPortal_9.10.102_setup_de.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Downloads\BistroPortal_9.10.102_setup_de.msi"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D3ACF2FE856DC08AA3F34FC43853299E
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7257BF0C576D4709F0900F2270C9D578 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D3ACF2FE856DC08AA3F34FC43853299E
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7257BF0C576D4709F0900F2270C9D578 E Global\MSI0000
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: linkinfo.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntshrui.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cscapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\libGLESv2.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\libcef.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\libEGL.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\vk_swiftshader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\BPortalWebUi.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\BPortal.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\chrome_elf.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\BistroPortal\vulkan-1.dll	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\MSI27EA.tmp

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BistroPortal
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BistroPortal\Amadeus Bistro Portal.lnk

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\libGLESv2.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\libcef.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\vk_swiftshader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\libEGL.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\BPortalWebUi.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\BPortal.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\chrome_elf.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\BistroPortal\vulkan-1.dll	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	22 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Process Injection	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi	0%	Avira URL Cloud	safe
https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi	0%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Program Files (x86)\BistroPortal\BPortalWebUi.exe	0%	Virustotal	Browse
C:\Program Files (x86)\BistroPortal\chrome_elf.dll	0%	ReversingLabs
C:\Program Files (x86)\BistroPortal\chrome_elf.dll	0%	Virustotal	Browse
C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll	0%	ReversingLabs
C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll	0%	Virustotal	Browse
C:\Program Files (x86)\BistroPortal\libEGL.dll	0%	ReversingLabs
C:\Program Files (x86)\BistroPortal\libEGL.dll	0%	Virustotal	Browse
C:\Program Files (x86)\BistroPortal\libGLESv2.dll	0%	ReversingLabs
C:\Program Files (x86)\BistroPortal\libGLESv2.dll	0%	Virustotal	Browse
C:\Program Files (x86)\BistroPortal\libcef.dll	0%	ReversingLabs
C:\Program Files (x86)\BistroPortal\libcef.dll	1%	Virustotal	Browse
C:\Program Files (x86)\BistroPortal\vk_swiftshader.dll	0%	ReversingLabs
C:\Program Files (x86)\BistroPortal\vk_swiftshader.dll	0%	Virustotal	Browse
C:\Program Files (x86)\BistroPortal\vulkan-1.dll	0%	ReversingLabs
C:\Program Files (x86)\BistroPortal\vulkan-1.dll	0%	Virustotal	Browse
C:\Windows\Installer\MSI27EA.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI27EA.tmp	0%	Virustotal	Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bpupdate.amadeus-leisure-it.com	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	108.177.122.147	true	false		high
bpupdate.amadeus-leisure-it.com	185.64.96.162	true	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.124.101	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.64.96.162	bpupdate.amadeus-leisure-it.com	Germany	8469	PIRONETNDH-ASCANCOMPironetAGCoKGDE	false
142.251.15.84	unknown	United States	15169	GOOGLEUS	false
108.177.122.138	unknown	United States	15169	GOOGLEUS	false
74.125.138.94	unknown	United States	15169	GOOGLEUS	false
108.177.122.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431475
Start date and time:	2024-04-25 09:09:30 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean4.win@22/91@4/73

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.138.94, 172.253.124.101, 172.253.124.102, 172.253.124.139, 172.253.124.100, 172.253.124.138, 172.253.124.113, 142.251.15.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Skipping network analysis since amount of network traffic is too extensive

Created / dropped Files

C:\Config.Msi\52f118.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	20012
Entropy (8bit):	5.765215580439219
Encrypted:	false
SSDEEP:
MD5:	317DB5E1C09C155258AA6926051CF076
SHA1:	30B80F1CEA33489440EC620F4C1DB756EC701628
SHA-256:	AA4722541A960A41469F90039A7BC02DA5423049D8E5D9E517EB2A83E547FD76
SHA-512:	927CA4A812AB61A11109000164E78EE6310C26AE8437AB99E1D9A88AD7945C831D5C3C0E5F7D5E268461D9FAE2CDD13DE5AFFE7E3A2F509FDE8C7A2A226C182E
Malicious:	false
Reputation:	unknown
Preview:	...@IXOS.@.....@uI.X.@.....@.....@.....@.....@.....@......&.{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}..Amadeus Bistro Portal".BistroPortal_9.10.102_setup_de.msi.@.....@f....@.....@......BistroIcon..&.{7DE516CC-454E-46AF-B433-9115142FC1B5}.....@.....@.....@.....@.......@.....@.....@.......@......Amadeus Bistro Portal......Rollback$.R.o.l.l.b.a.c.k. .f...r. .A.k.t.i.o.n. .w.i.r.d. .a.u.s.g.e.f...h.r.t.:...[1]..RollbackCleanup!.Sicherungsdateien werden entfernt..Datei: [1]....ProcessComponents*.Komponentenregistrierung wird aktualisiert..&.{090A79DC-AF6D-4DCD-9E92-FC2DD850A4C8}&.{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}.@......&.{9C6EDE0A-0D88-4FA3-BB23-76937706E827}&.{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}.@......&.{B66B66F1-C77B-4BB1-811F-6706942BC69D}&.{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}.@......&.{A210D754-E792-5042-9E24-73DB0FA1E5A2}&.{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}.@......&.{3B9D244A-DBE2-5BFC-A741-726F2AB0C792}&.{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}.@......&.{0C0E3FF5-B773-5D96-

C:\Program Files (x86)\BistroPortal\BPortal.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7439408
Entropy (8bit):	6.377931217512233
Encrypted:	false
SSDEEP:
MD5:	1DCA0C8BE772B030CE225C7B734BDB4A
SHA1:	ECE17D617D86BA5F508633EF89DB2185D4C58DA7
SHA-256:	7B07EE7FCBD39B0272FB3044167B66E4FC4E1C6E0ADE4B914803D455CA2B3132
SHA-512:	80BCBB6215D45633C8D6A915698B677874E2645FA45230DF9845080FB2222B58006AB097ED22B625D9A6F777584EFEEF8606C5FCAA1B9C232B8F5CC5646A786A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........>D.A_.A_.A_../).f_../.I_../-.@_../.._../..n_..//.._../,.@_....U_..).Z_..".D_../..^../+.t_.A_+."[../..^....@_.A_..@_..(.@_.RichA_.........PE..L......f..........#.......U...........@......0U...@..........................0r.......q.....................................,Ye.......g..............\q.0(............].T.....................].......[.@............0U.....$Se.@....................text.....U.......U................. ..`.rdata.. o...0U..p....U.............@..@.data.........e..D....e.............@....shr..........g.......f.............@....rsrc.........g.......f.............@..@................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\BPortalWebUi.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	501808
Entropy (8bit):	6.511022204440423
Encrypted:	false
SSDEEP:
MD5:	D94E9A0BD97A7E2B218B4F7AE3BAF598
SHA1:	747C73E579AC367545068458A1747C8D0FA87D95
SHA-256:	2E8F90D2FD560A73C51DA5D7280BF287B24B004A5E78DEC7EF79DF06854232F2
SHA-512:	274E7AEE8143C09A173F3735A12305110267C454D0A0DAD955AAA5FEDFF882F9092C2EA5C9CD9DC803B79F0DDA7BB40CD80DE6CC576733B47161FA0AA194107F
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'...t...t...t...u..t...u_..t...u..t...u...t...u..t...u..t...u...t;..u...t...t...t...t...t;..u...t;.1t...t..Yt...t;..u...tRich...t........PE..L...3..f.................N...>......X........`....@.................................G@....@.....................................<........g..............0(...p...O...E..p...........................@F..@............`...............................text....L.......N.................. ..`.rdata...`...`...b...R..............@..@.data...."..........................@....rsrc....g.......h..................@..@.reloc...O...p...P...0..............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\chrome_100_percent.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	698907
Entropy (8bit):	7.962774999271825
Encrypted:	false
SSDEEP:
MD5:	D3E06F624BF92E9D8AECB16DA9731C52
SHA1:	565BDCBFCBFCD206561080C2000D93470417D142
SHA-256:	4EE67F0B0B9AD2898E0D70DDFAD3541FBD37520686F9E827A845D1930A590362
SHA-512:	497126AF59961054155FBB8C3789D6278A1F5426000342F25F54115429FF024E629783F50F0C5350500007854712B07F7D8174ECFE60D59C4FDD5F3D72DAC262
Malicious:	false
Reputation:	unknown
Preview:	..........O...............D...........d.........p?....q?....r?....s?`...t?...u?4...v?....w?...x?J...y?....z?....{?]...\|?....}?....~?r....?....?.....?n....?....?.....?....?.....?U....?s....?7....?.....?.....?.....?I....?.....?.....??....?:....?.....?.....?Y....?.....?.....?.....?T....?9....?.....?.....?.....?.....?.&...?b'...?.'...?.@...?.B...?QB...?.B...?.K...?.U...?.i...?.\|...?M~...?.....?....?t....?.....?.....?.....?N....?.....?.....?5....?.....?0....?.....?.....?2....?.....?.....?.....?.....?@....?>....?.....?.....?.....?J....?.'...?.0...?.:...?gC...?.K...?=Q...?.Y...?.Z...?.x...?9....?.....?j....?C....?.....?_....?.!...?.=...?]P...?Oy...?.....?z....?'....?U....?0....?.....?.....?.....?K....?./...?.:...?.D...?.L...?.T...?.\...?.b...?\|m...?.w...?.{...?e....?.....?....?.....?.....?u....?x....@,....@.....@.....@. ...@p-...@.C...@WY...@.k...@.\|...@u....@a....@[....@b....@m....@!....@t....@Y....@\....@]....@....'@q...(@d...)@....*@&...+@....,@....-@ ....@`.../@."..0@N(..1@.Q..2@.S

C:\Program Files (x86)\BistroPortal\chrome_200_percent.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1102414
Entropy (8bit):	7.949919971724352
Encrypted:	false
SSDEEP:
MD5:	34572FB491298ED95AD592351FB1F172
SHA1:	4590080451F11FF4796D0774DE3FF638410ABDBA
SHA-256:	C4363D6ECFA5770B021CE72CC7D2AB9BE56B0CE88075EC051AD1DE99B736DBBD
SHA-512:	E0E7DECCB26B7DF78D6193750BFB9AAD575B807424A0A5D124BD944E568C1BB1AE29F584246F753D619081A48D2897815145028FFEDD9488E9A8F102CDC67E2F
Malicious:	false
Reputation:	unknown
Preview:	..........O.........O.................G.........p?....q?d...r?...s?P...t?...u?<...v?....w?....x?v...y?...z?K...{?....\|?....}?z...~?....?C....?.....?.....?m....?>....?e....?.....?.....?8....?.....?.....?.&...?.C...?:Y...?.n...?up...?.p...?fr...?.y...?vz...?.\|...?.~...?y....?#....?\|....?....?....?.....?2....?....?....?\|....?-....?D....?.....?A....?.....?.....?e"...?.M...?.x...?.{...?.\|...?.....?.....?.....?.....?....?.....?`....?.....?.....?(....?.....?.....?L+...?5@...?.V...?.k...?.~...?7....?.....?o....?.....?.....?4....?.....?:0...?.H...?.`...?.t...?....?....?B....?>....?2....?.....?2....?.&...?.>...?.V...?.l...?[~...?r....?4....?2....?.....?u....?.....?h....?O,...?.C...?.U...?2i...?.w...?.....?D....?E....?.....?.....?B....?.....?+....?v....?A....?.....?$....?.....?.;...?.g...?.....?.....@.....@.....@.&...@.@...@.Z...@.....@....@.....@.....@9....@.(...@.6...@#E...@.....@q....@.....@g....@.....@(....@u...'@....(@P%..)@k0..*@.<..+@eI..,@SU..-@.^...@.h../@tt..0@.~..1@....2@..

C:\Program Files (x86)\BistroPortal\chrome_elf.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1047040
Entropy (8bit):	6.39152942747882
Encrypted:	false
SSDEEP:
MD5:	8732BF6CD91A762B87758CF78A7DA97E
SHA1:	C4934F48A92EB1115442117F5FD0A633495E4F00
SHA-256:	7FAD9E6DA723741C35E5FF224045692235C20B367E0F73C200D0A0E63F8808C8
SHA-512:	8D87065A7625A44CAD77C7EF4BA87002E823B4D862EE200F68750CABAE3D4CB7D5E914695DBFE5B1ECB31F27F00136C0A0EE5AEB7D546FAE73EF984BE49602E5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......e.........."!................`........................................`............@A...................................<.......x........................x...y.......................x...... ...............................................text............................... ..`.rdata..\...........................@..@.data...............................@....crthunk.............r..............@..@.tls.................t..............@...CPADinfo(............v..............@....rsrc...x............x..............@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4127200
Entropy (8bit):	6.577665867424953
Encrypted:	false
SSDEEP:
MD5:	3B4647BCB9FEB591C2C05D1A606ED988
SHA1:	B42C59F96FB069FD49009DFD94550A7764E6C97C
SHA-256:	35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
SHA-512:	00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\icudtl.dat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	10717680
Entropy (8bit):	6.282426578921538
Encrypted:	false
SSDEEP:
MD5:	74BDED81CE10A426DF54DA39CFA132FF
SHA1:	EB26BCC7D24BE42BD8CFBDED53BD62D605989BBF
SHA-256:	7BF96C193BEFBF23514401F8F6568076450ADE52DD1595B85E4DFCF3DE5F6FB9
SHA-512:	BD7B7B52D31803B2D4B1FD8CB76481931ED8ABB98D779B893D3965231177BDD33386461E1A820B384712013904DA094E3CD15EE24A679DDC766132677A8BE54A
Malicious:	false
Reputation:	unknown
Preview:	...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW..K..P...L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

C:\Program Files (x86)\BistroPortal\libEGL.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	372224
Entropy (8bit):	6.624539208005159
Encrypted:	false
SSDEEP:
MD5:	FE109AFAD5EE8AEB15F55CC0CE728608
SHA1:	E3B087D261AC7A7822F2E6B1C5D9B26CE973CA5A
SHA-256:	5CD7E15F9D43F95BC256F8CDE1957F936E81692A17659FFE7EF41FDCD2BC0FF7
SHA-512:	DBFC135EABF0A31C660DE92DE4AB1D22A2112F6C6C31CFBDD1A39C1386E4ED47197FCBFDD13670ED067E830F353A8C4228B24BBE330EAC0F467818B189960469
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......e.........."!.....P...Z...... 2....................................................@A........................0...h....,..(.......x.......................D;..`................................`.............. ...`............................text....O.......P.................. ..`.rdata.......`.......T..............@..@.data...X4...`.......N..............@....tls.................j..............@....rsrc...x............l..............@..@.reloc..D;.......<...r..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\libGLESv2.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6623744
Entropy (8bit):	6.830304670731726
Encrypted:	false
SSDEEP:
MD5:	2906EB7EF18FCECA8ABD673C4DD57EA1
SHA1:	A3EE1F221F4F83009DC6F05E9B9EFADF60BEC5C0
SHA-256:	6619A86CDF911720BD23A6FE41BDA19BE0AF9F3A163E95C82DFD6CECD4E5AD4B
SHA-512:	89899014D0CD64F4829A3A1D08BB38E7D29F76920CDE407E4BD509FF095BA118517D5E0587189A346D51FE44A4383595AB244BBA25CC292B98E942550DB3F6A6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......e.........."!.....^L..........;A.......................................e...........@A........................).].......^.d.....a.......................a.p....b]......................a].....XqL...............^.<...`.].@....................text....]L......^L................. ..`.rdata..d....pL......bL.............@..@.data...0....._..8....^.............@....tls..........a......,a.............@....rsrc.........a.......a.............@..@.reloc..p.....a......4a.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\libcef.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	184750080
Entropy (8bit):	7.0222915284389185
Encrypted:	false
SSDEEP:
MD5:	B04B64D4CE9A70D2F72537A2C52AF447
SHA1:	5599E7E9FBE84AA5EFBD78F11D4576F9A0B98FF4
SHA-256:	5F8145E7A626A5DC2BDA3B29262D9147DAFC9BF8227FC69F09E013C2C91669D1
SHA-512:	E9FC6503BCEB167ACAFF72723D26DFA305EFEB884D2155A41F884C8C1369E6551F8CF5D065B33007C6C68D490D7341484397AA70FA047E7D06742FB46D3B0764
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 1%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......e.........."!......`..j................................................Y...........@A................................H..h....0.. C......................8.\.........................P.......8.`.....................h.......................text.....`.......`................. ..`.rdata....:...`...:...`.............@..@.data....p_..`...l...@..............@....rodata.@........................... ..`.tls................................@...CPADinfo(...........................@...malloc_h............................ ..`prot......... ......................@..@.rsrc... C...0...D..................@..@.reloc..8.\.......\.................@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\locales\af.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	505719
Entropy (8bit):	5.406070117844225
Encrypted:	false
SSDEEP:
MD5:	305378FA2FF19489D7C92E38ECB00D15
SHA1:	AD58D051630F7F5CAE49A476E5853526EEA62DB1
SHA-256:	3E213750DB54BA51437DE9A1F4C65ECE0ECA9892C1A4EF466DF81801AA121200
SHA-512:	48982F2B762AFD5BB975D5039688705549A6C15BC82DC2FF0D7D6A6F5164E76C2CF8911E1F77DE004604B35C331F4E1D635855453DED45CCAE4FE4A09A7B6538
Malicious:	false
Reputation:	unknown
Preview:	........E&/.e.l...h.t...i.\|...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.%...}.7.....?.....D.....L.....T.....\.....c.....j.....q.....r.....s.....x.............................;.......................o...................................*.....?.................:.....S.......................).............................x.........................................................................................'.................6.....L...........4.....}.................).....F.....W.............................d.......................+.......................!.....s.......................O.....w.......................?.....H.........................................B.....Y.......................4.............................r.......................j.................2.............................`.......................`...................................R ....f ..... ....?!....~!.....!....."....d"....."....."....."....;#...._#....m#.....#.....$....F$

C:\Program Files (x86)\BistroPortal\locales\am.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	818534
Entropy (8bit):	4.910188188750002
Encrypted:	false
SSDEEP:
MD5:	079E3292162EAC768212DEC07942B372
SHA1:	EE9A5E1189AAE8AF3EC281B49BB1F53BB97BAE48
SHA-256:	D5A439941C175F00848E49829CAF117C61F1385369EFE3A0983AB0269D0A7FFE
SHA-512:	7E0B4F6898EC682287C32B99A3A9B487024ADEF53B0ACF591353A014B735902D8764DF7879F9CFD8FA6F8EEA0ACAEC7C9A873BD83478300EC836C6E70E60D1F8
Malicious:	false
Reputation:	unknown
Preview:	........_&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.4...w.A...y.G...z.V...\|.\...}.n.....v.....{............................................................................./.................t...........U.............................I.......................c.................t...........<.....O...........H.................F.................G................<.....q...................................<.................a...........R.....q.....L.......................:.......................Z...................................".....5........................ ..... ....O!.....!.....!....R"....."....1#....G#.....#...._$.....$.....$....L%.....%.....&....&&.....&.....'.....(....((.....(.....)....U)....\|).........t..........*....i+.....+....#,....<,.....,....u-.....-....%............/....@/....b/...../.....0.....0.....0.....1....!2.....2.....2....{3....@4.....4.....4.....5....Y6.....6.....7.....7....r8.....8.....9....`9.....9.....9.....9.....:....P;.....;

C:\Program Files (x86)\BistroPortal\locales\ar.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	899367
Entropy (8bit):	4.9282978533371455
Encrypted:	false
SSDEEP:
MD5:	658885F79FB9AA70871295B232C4326A
SHA1:	DFA0B9ED4172BE790DE734BC8636290E1DBC7329
SHA-256:	E954F9B353A9DB716F0F4E6D329340E4DB7B4104E120D8E38540C56FBD8F86C9
SHA-512:	E03943F73B4F44E532D1DA00199DE9BBA905FD407E4DC2261665287C9E308687E60916BD1458A2A97C578E5EA5FD7AF891D9B3B33D307732BD700D41CDF75F89
Malicious:	false
Reputation:	unknown
Preview:	........ &T.e."...h....i.5...j.A...k.P...l.[...n.c...o.h...p.u...q.{...r.....s.....t.....v.....w.....y.....z.....\|.....}...........................................#..........,.....1.....J.....g.............................W.....{.......................-...................................~.......................'.....m.................w.................`...........D...........D...........V.....\|.....[.....+.................o...........c...........2...........m.................\|...........[...........i.................Z.............................#.....c...........3 ..... ....]!....{!.....!....z"....."....."....p#.....$....Z$....~$.....%.....%.....%.....%...._&.....&....+'....@'.....'....w(.....(.....(....y).....)....+....Q.....*....L+.....+....+,.....,...."-....@-.....-....c.................h/...../...../.....0.....0....+1....p1.....1....!2.....2.....2.....2.....3.....4.....5.....5....o6.....6....M7.....7.....8.....8.....8.....8....O9.....9.....9.....9.....:....S;.....;.....;....g<

C:\Program Files (x86)\BistroPortal\locales\bg.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	933709
Entropy (8bit):	4.680997563665144
Encrypted:	false
SSDEEP:
MD5:	391D84A3DF1DAAB40AB2379E1F34A25C
SHA1:	62D47FACBE09DC1D6EF995F4F108414E958C0F5A
SHA-256:	74ED9BD6F6A26E4B2924E18762C65CA93023225584CBC48C849516507056F085
SHA-512:	8BC1831B74E5E02BCF8A24E8E20BBEE2FC00EC6466CEEA3A4675007F729188B40DF5DFED29B51599BB8E761A504FCBEE78F5219D9A07286E44371F63F09C5C6C
Malicious:	false
Reputation:	unknown
Preview:	........F&..e.n...h.v...i.~...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.!...\|.'...}.9.....A.....F.....N.....V.....^.....e.....l.....s.....t.....u.....z.........................................w................./...............................................s...........:...........e.................j...........B.....h.....T...........t.............................R.....<.............................0.......................q...........-.....@........................ ....)!....h!.....!....6".....".....#....A#.....#....f$.....$.....$.....%....#&....}&.....&....L'.....'.... (....?(.....(....R).....).....)....K..........+....-+.....+....`,.....,.....,.....-..........a/...../....=0.....0.....1....;1.....1....C2.....2.....2.....3....[4.....4.....4.....5.....6.....7.....7....08.....8.....8....%9.....9.....:.....:.....;.....<.....<.....=....T=....D>.....?.....?.....?.....@.....A.....B....eB....0C.....C....#D....[D.....D.....E.....E.....E.....F.....G....LH

C:\Program Files (x86)\BistroPortal\locales\bn.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1201192
Entropy (8bit):	4.2960186773195055
Encrypted:	false
SSDEEP:
MD5:	14CEFD7CF2DCD18E9307EF6CA1F8EF71
SHA1:	DE840E8AAB095F0F8284920E9CA3BB0672EDFCD3
SHA-256:	D10667C92482588F1BD3A935694E3782BABD49216971549B1EA5F480B97D0621
SHA-512:	21854538E6D433CA520F5B07F133E216CADE72CC8AB5538038B7E91AD595F6D4C98021FA74FC19AF088E368BDD42C9ACC87899793DF9286A415F4CC76931EC5E
Malicious:	false
Reputation:	unknown
Preview:	........D&0.e.j...h.r...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.'...\|.-...}.?.....G.....L.....T.....\.....a.....i.....p.....w.....~.........................................7.....a.....k.....'.....c.....X...../.................-.....'...........$.................f...........b.....%.................\|.....%............................./...........{.....R...........8.....'...........{...........w.....).............................; ....m .....!....."..../#.....#....L$.....$....%....]%.....&.....&.....&.....&.....'....&(....Y(....\|(....\).........u.........q+.....,....m,.....,....Q-.....-....E.....k....../...../...../...."0.....0....t1.....1.....1.....3....)4.....4....<5....66.....7.....7.....7...._8.....8....*9....Z9....(:.....:....U;.....;....i<....B=.....=....Q>.....?.....?.....?.....@.....A.....A.....B....CB....FC.....C.....D.....D.....F....[G....NH.....H.....I.....J...._K.....K.....L....cM.....M.....N.....N.....O.....P....DP....JQ.....R

C:\Program Files (x86)\BistroPortal\locales\ca.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	576806
Entropy (8bit):	5.388951450563665
Encrypted:	false
SSDEEP:
MD5:	EF1FDB32DC585CC322001268C2AE2E16
SHA1:	A5F7F8B3F53958DFCB81DA619C037EF409F13843
SHA-256:	3EA9D9FB89246BE49FC50E6352CAC01E0BD8C09F893C848A5917A4EDA94DE152
SHA-512:	84CD87E1B097F36089A62E7A013EC8866B81FD462619AA244E323AD91F0B4F15DB71177C42F95B0AABBDD08690648B684534EA4BAB51709C5AD578E7D615E226
Malicious:	false
Reputation:	unknown
Preview:	........D&0.e.j...h.r...i.z...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.#...}.5.....=.....B.....J.....R.....Z.....a.....h.....o.....p.....q.....s...........................................................y.................n...........R.....q...........4.....l.................8.....k.....~.........../.....b.....s...........].................R...................................B.....V.................G.....[...........9.....~...........5.................?................. .....<.............................j.......................j.......................y.......................f.......................?.......................".....z.................B.......................w.......................r.................:.......................X............ ....> ..... ..... .....!.....!....{!.....!.....!.....".....".....".....#....6#.....#....[$.....$.....$....h%.....%.....&....>&.....&.....'....@'....`'.....'.....'....!(....4(.....(.....)....L)....h)

C:\Program Files (x86)\BistroPortal\locales\cs.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	585711
Entropy (8bit):	5.837363014724828
Encrypted:	false
SSDEEP:
MD5:	69D49B2AE2F0154A389654F1A813BE68
SHA1:	B24994D400F7FC56C8A059BD6213F80B182F5C89
SHA-256:	1EF829A86F8D3153B89A5615DFB1EB907944B3963DE99B717B6C3545B9CE692F
SHA-512:	49DE7C42F75BC17B1BE21DCE7D8325B4C765A054DBA2519A6F06561881142AB519230E8B0C951FC59815FFCF62C82FA6F8ED008BF145D34D97B35B5CB76287AB
Malicious:	false
Reputation:	unknown
Preview:	........6&>.e.N...h.V...i.^...j.j...k.y...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.....}.......!.....&...........6.....>.....E.....L.....S.....T.....U.....W.....g.....y.................<.........../.....M.................F.....U...........X.................>.......................c......................._.......................b.............................0.....y...................................6......................._................./................m.................9.....V.....m.................>.....P.......................(.......................B.................:.....L.................!.......................0.....C.................L.....`...........U.......................H.....c.....w.................9.....X.................K.....a...........A.................. ...._ ....z ..... .....!....q!.....!.....!....1"....."....."....."....\#.....#.....$....$.....$....<%.....%.....%.....&.....&.....&.....&....$'.....'.....'.....'....((.....(.....(

C:\Program Files (x86)\BistroPortal\locales\da.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	533503
Entropy (8bit):	5.442218672805516
Encrypted:	false
SSDEEP:
MD5:	F245E8A82707C8F1F92A7E20168974B4
SHA1:	A1B1A72DE96C513A79B3A862C860EA95AD5CC826
SHA-256:	F4BEE57359E2E6CBAF1E9F9BBE8E5CD09FB86AB4B6E8B824F5AC231AB0580746
SHA-512:	01DA28C613AAB1B5AFD6B2B2FEC1DF82F04E5306771FCD5F64710CBD67D14F3788C6FCA0DBBF4F2F2BB0F72FD4097792D072CFDEE543420D5673EF3396C66AA4
Malicious:	false
Reputation:	unknown
Preview:	........K&).e.x...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.%...z.4...\|.:...}.L.....T.....Y.....a.....i.....q.....x...........................................................F.......................{...........*.....B...........N...............................................z.......................b.......................c.................&.......................a................. .................-.....A...........J.................G.................E.................".....4.............................[.......................F.......................L.......................E.......................).............................m.........................................^.......................B.............................s.........................................X.......................X ..... ..... .....!....p!.....!.....!....."....l"....."....$#....2#.....#....C$....y$.....$.....%....t%.....%.....%.....%....N&....j&....w&.....&....9'....p'

C:\Program Files (x86)\BistroPortal\locales\de.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	574599
Entropy (8bit):	5.484036386154566
Encrypted:	false
SSDEEP:
MD5:	4391AF0B2214F3533754F72B7C9BF6CC
SHA1:	916FB392A1A16FABB09497052708327B99B8009B
SHA-256:	3D23FBE8C05F3673309FAC0B3EB25ECB58D9DF044C4CDDD4CDED6A18CCEEF07E
SHA-512:	24DEA182C9FE9B9E7201BF127F68473454A655034D95F38534FBC3ED71089135AC0F86135FBAAFBD88309BFFD1A1D5DD018567ABABCEB1EA52C0953EC387BCDF
Malicious:	false
Reputation:	unknown
Preview:	.........%..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.0...w.=...y.C...z.R...\|.X...}.j.....r.....w.........................................................................................p.................].................2................v...................................G.......................r.................0...........6.....m...............................................>.....O...........Q.................8.................8...........w.................\.......................m.........................................)...........6.....y.................~.................5.......................^...................................A.....S.............................Y.................. ....S ..... ..... ..... ....Q!.....!.....!.....!.....".....#....D#....x#.....#....E$....c$....z$.....$...._%.....%.....%....&.....&.....&.....&....l'.....'....D(....N(.....(....k).....).....)....G...................c+.....+.....+.....,.....,.....-....B-

C:\Program Files (x86)\BistroPortal\locales\el.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1023482
Entropy (8bit):	4.763987537107214
Encrypted:	false
SSDEEP:
MD5:	CAFE81C476214BDB7460528DDE620233
SHA1:	7115070ED4FCE96EBF041664A479DDB8D5DA88A1
SHA-256:	6A27A089066FA780EBFACEAEEA3CC6A916BC64CE62E6ECE7F857EBF7ED69897C
SHA-512:	BC4997EEB34F507E96024B753E06E3491AB91474F13B7281CAFC966C9C646082D3E319817A0474583D1275E8B170F37ACE82223F5992E9A688F5C5038AC1F38A
Malicious:	false
Reputation:	unknown
Preview:	........G&-.e.p...h.x...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.!...\|.'...}.9.....A.....F.....N.....V.....^.....e.....l.....s.....t.....u.....w.......................6.....].....;...........'....."...........~.......................<.....n...........'.......................3.................O.................N.................<.....u.....}.....w...........F.................W.....r.....Y.............................^.................H.....@ ..... ....-!.....!.....".....".....#.....#....d$.....$.....$....r%.... &....`&.....&....w'....Q(.....(.....(.....)....}..........+.....+.....,.....-....<-.....-.........../....2/...../.....0.....1....(1....32....;3.....3.....4.....4.....5.....6....:6.....6....c7.....7.....7....u8.....9....c9.....9....}:....=;.....;.....<.....<....`=.....=.....=.....>....P?.....?.....?.....@....{A.....B....4B....^C....yD..../E....hE....iF....PG.....G.....H.....I.....J.....J.....J.....K....ML.....L.....L.....M.....N....^O

C:\Program Files (x86)\BistroPortal\locales\en-GB.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	462067
Entropy (8bit):	5.512738069529928
Encrypted:	false
SSDEEP:
MD5:	2C846E20BFC306B063651D8A21C23981
SHA1:	A4D79FFF3F99A5F91ECC9B402A44AF8E74418BC0
SHA-256:	1ABBA98CBE0303AEFBE09B91F621892AA5EF0B8E15F9F2DC23C78D6ACD5A676B
SHA-512:	73E44F1EEE26EEA3B84F8C5C01F092BC039D5D1F7917A9789C3ACC46996CB4CF8787B460ECECBE6376B7CC10A056EA73ADAEE475112764A32F6971697E9BCDF4
Malicious:	false
Reputation:	unknown
Preview:	.........&..e.:...h.B...i.P...j.\...k.k...l.v...n.~...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.....}................... .....(.....0.....7.....>.....E.....F.....G.....L.....Y.....h.....x.................\.......................Z.......................[.......................R.......................(.....Q....._....................... .....q.......................T.......................J.......................&.....m.......................<.....h.....s...........<.....~.......................#.....2.....p.............................S.....t.................(.....Z.....m.................1.....=.............................G.............................L.....u.................9.....v.......................;.....Q.............................Y.......................(.....o.......................F.....a.....p.................H.....X.................5.....M........... .....h.....v...........6.....m.................,.....X.....g.................. ...." ....} ..... .....

C:\Program Files (x86)\BistroPortal\locales\en-US.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	466463
Entropy (8bit):	5.505689631415889
Encrypted:	false
SSDEEP:
MD5:	A8D060AA17ED42B6B2C4A9FCBAB8A7E1
SHA1:	16E4E544ECA024F8B5A70B4F3CA339A7A0A51EBF
SHA-256:	55E4AE861AA1CACB09DB070A4BE0E9DD9A24D2D45E4168824364307120A906B2
SHA-512:	8F3820E3C5ACA560344A253D068936BDB797D07EB22711020D287A949C97D7A98879FF9FF5A4FB2F3FE804BF502300B6F4C92918D973BEF351D587483BC43723
Malicious:	false
Reputation:	unknown
Preview:	.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.)...t.2...v.G...w.T...y.Z...z.i...\|.o...}.................................................................................................o...............................................y.................#.....\|.......................W............................._.......................%.....J.....a.................I.....a.................3.....A............................._.......................I.......................<.....s.............................5.....?.............................E.......................&.....o.......................6....._.....j.......................).....r.......................L.......................G.............................E.....e.....z.................-.....<.......................;.............................:............................._.........................................@.......................A........................ ....I ....k ....{ ..... ....#!....T!

C:\Program Files (x86)\BistroPortal\locales\es-419.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	563241
Entropy (8bit):	5.3635983124026
Encrypted:	false
SSDEEP:
MD5:	E100B41F2F208F94E214FEDED131F16C
SHA1:	2414A67E055C3F015303B75038B8AEAB4105D7CC
SHA-256:	DE7C8A29C6333EF7423AE2E4E515BBA7A4ED849DDD47F4886ED26B6A84535177
SHA-512:	FB915E17389417B0F96B320C596AD40E6F44DA4D26BB5262774DDD988CB558BDDD0C6CB0F4FE0700E5D2E7A26E2AE0727987010D6FE33AAD8DE047618749086B
Malicious:	false
Reputation:	unknown
Preview:	........M&'.e.\|...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.!...z.0...\|.6...}.H.....P.....U.....].....e.....m.....t.....{.....................................................f...........Z.....u...........M.................>.................9...........&.....h.................&.....P.....c........... .....H.....Y...........S.................R.................0.................R.....e...........:.....x.................{.................v...........N.....u.................;.....V................./.....>.................6.....L...........).....n.................E.......................;.....l.....w........... .....P.....Z...........(.....h.....x...........k.................=.......................G.........................................V ..... .....!....N!.....!.....!....#"....="....."....."....3#....L#.....#.....$....e$.....$.....%.....%.....%.....&.....&.....'....^'.....'.....(....r(.....(.....(.....)....c).....).....)....................

C:\Program Files (x86)\BistroPortal\locales\es.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	562061
Entropy (8bit):	5.3435019760601135
Encrypted:	false
SSDEEP:
MD5:	B1845EDF91FFDF33AA2F0A1FCBCF7933
SHA1:	D5C21080D0F6CFAAB05D38FD1E09E85E1473CD31
SHA-256:	E7747CBDE421C88B1F9FC4A23FBEF466BC73CAAE123B5E73C9FC7C3D50307E29
SHA-512:	6370BC7D7752D3B4240BFE479E4ED3FC20DC463920B0E8A9E3FCC91465F6DEDD0232635109C5D78531855D6DEFDAA04131B2CF8792E92B4CAEB3580C186502A7
Malicious:	false
Reputation:	unknown
Preview:	........S&!.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.&...y.,...z.;...\|.A...}.S.....[.....`.....h.....p.....x.................................................................w...........o.................l.................X...........H.....b...........E.......................W.......................X.....................................................8.....V.................q.................R................."...................................S.....x...........-.....`.....v...........".....J.....Y.................R.....h...........4.....g.....z.........../.....c.....o.................M.....X.................0.....:.................'.....7...........%.....l.................<.....h.................6.....].....\|...........c.................# ..... ..... .....!....u!.....!.....!.....!....i".....".....".....#.....#.....#.... $....:$.....$....N%.....%.....%....Q&.....&.....'....E'.....'....((....i(....}(.....(....")....H)....[).....)....,....l

C:\Program Files (x86)\BistroPortal\locales\et.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512126
Entropy (8bit):	5.450847414764412
Encrypted:	false
SSDEEP:
MD5:	6CA350436544813A70C42C605F838DDA
SHA1:	DC482D4B35F93DC3BCB6F9E2FF05204D16FD8D78
SHA-256:	0F1C65CF3C19A9E267B2AA850127ACC5740BC84D7C6AC81DBA275B0D07D16842
SHA-512:	2CAD1D7E2611FBF3D57BEF2FD8CEC62ECCE3C590A4F2EF02CE54597672E5C2359C7DA03EA8CEAABB203C091B87EA1F665647DE595FCD660B5EC882D37EFEAD98
Malicious:	false
Reputation:	unknown
Preview:	........\&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.4...w.A...y.G...z.V...\|.\...}.n.....v.....{...................................................................................w...........n.................X.......................}.................-.......................-...............................................!.......................1.......................[......................._.......................o.................%................._.....v...........;.....].....x...........!.....D.....P................./.....?.................G.....R.................S.....a.................K.....S.................F.....U.................H.....P...........8.....s.................9.....X.....n...........,.....P.....s........... .....X.....e...........-.....a.................0.....J.....[............ ....G ...._ ..... ....+!....c!....~!.....!....y"....."....."....g#.....#....-$....R$.....$.....%....d%....q%.....%.....&....-&....A&.....&.....'....='

C:\Program Files (x86)\BistroPortal\locales\fa.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	830323
Entropy (8bit):	5.052749921407986
Encrypted:	false
SSDEEP:
MD5:	419578CFF63A3B19D445BD76D1B4EF31
SHA1:	3569545DA984115842F3DE55E9EB5EFC1F12AC36
SHA-256:	9951C60765DC6EB956CF7A88466DFEC084EB470AE354617E76FFDABC9504B4B5
SHA-512:	017952F1A74020B255A51133027AA642E06D694615736BAE6D175D29767E1903244A2C4E7AA473B8978D06B9611F57A240A68EEE98837CB42FB542397F7D137F
Malicious:	false
Reputation:	unknown
Preview:	.........%w.e.....h.....i.....j.....k.....l.....n.....o."...p./...q.5...r.A...s.R...t.[...v.p...w.}...y.....z.....\|.....}.........................................................................!.....K.....r.....W.....(.................\|.....-.................}.....=.......................f.......................+.....q.............................$...........]......................./.....{...........9...........%.....A...................................c...............................................7.....k...................................m...........C.....Z.............................. .... !....g!....~!.....!....."....."....."....b#.....#....2$....T$.....$....z%.....%.....%....z&....)'.....'.....'....,(.....(.....(.....).....)....H..........*....]+.....+....J,....j,.....-.....-..........U...........K/....p/...../....E0.....0....A1....c1.....2.....2.....2.....3.....4.....4.....5.....5.....6.....7.....7.....7....u8.....9....k9.....9.....:.....:.....:.....:.....;....'<....t<.....<

C:\Program Files (x86)\BistroPortal\locales\fi.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	520030
Entropy (8bit):	5.422012340902499
Encrypted:	false
SSDEEP:
MD5:	8606B0214820456FB8912C72160F325B
SHA1:	57911D980F14356E49F7AE3B1998FE14E3009730
SHA-256:	85DE77D98D7A8D64A8F5A2CD23DA8298377DBFEF0EABE19DEC462CB9C54830BA
SHA-512:	2826D34DDEED0AFCEF72DC72375F30EF24E35A212066A7D2A2FEB5DE19B11B35A8B616A5F22AB56B10D8C658A3A28BC0A43F3FDAC16863BB6CB1AB40578E100C
Malicious:	false
Reputation:	unknown
Preview:	.........%..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.+...s.<...t.E...v.Z...w.g...y.m...z.\|...\|.....}...........................................................................................$...........).....~.................W.......................z.................3.......................=.............................d.......................@.....f.................c.......................q.......................s.......................t.................<.......................e.......................?............................._.......................7.....a.....k.................J.....W....................................................h.......................].................,.....z.......................G.......................=.......................;.......................E.............................b.......................Z.................3............ ..... ..... ..... .....!.....!.....!.....!....."...."....l"....."....."....."....3#.....#.....#

C:\Program Files (x86)\BistroPortal\locales\fil.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	587684
Entropy (8bit):	5.1968721814732275
Encrypted:	false
SSDEEP:
MD5:	C3809AB2DC946EC1C206B4F6B6B360FA
SHA1:	F02F760D0A5E2947E0A303FE74BA3A1107DB76EB
SHA-256:	742AD7B51E0D60D0F3DFA9AE5B9BD0C89ED65C7786B78D989976D936BBF00833
SHA-512:	D513D560B80B29DED6DFAB0535999DA08EC78FE5661928298B1AA4896A477BB7B7890AF18E4A1E44C0009CC65489A0C041F3CD42DC65C9E678DDC29D53C17DF9
Malicious:	false
Reputation:	unknown
Preview:	.........&..e.r...h.z...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.$...z.3...\|.9...}.K.....S.....X.....`.....h.....p.....w.....~.....................................................}...........l...............................................p...................................J.......................W...................................K.....z.........................................=.....S...........=.....z...............................................t.................U.......................K.....s.................4.....^.....m...........J.......................g.......................o.......................p.......................r................./.................................... ..../ ....~ ..... ..... .....!....n!.....!.....!.....".....".....#....P#.....#.....#....N$....x$.....$.....%....p%.....%.....%....L&.....&.....'....#'.....'....W(.....(.....(....f).....)....5....f.....*....F+....\|+.....+.....+....L,....t,.....,.....-.....-.....-

C:\Program Files (x86)\BistroPortal\locales\fr.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	609324
Entropy (8bit):	5.375226452388306
Encrypted:	false
SSDEEP:
MD5:	F9736FDCD4A687975065DCE1A8A4165E
SHA1:	D61919134AF14D173D9924E8C4FE6FD724C382E6
SHA-256:	90433F513853EB1679B8092E3BF6118468487CBC93263EACCAA6C3B3436134F5
SHA-512:	8690F54F09B2B41FDDF5D8E19C390228CDF6478741B498D177209427FDE8FA135E954FA256972F2969E3189150B756D408EABDD9E54EE8857DA381D43FC0E458
Malicious:	false
Reputation:	unknown
Preview:	........4&@.e.J...h.R...i.c...j.o...k.~...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.....}.......&.....+.....3.....;.....C.....J.....Q.....X.....Y.....Z.....\.....l.....z.................@...........`.................i.................Q...........6.....R...........-.......................^.......................n.................I.................$.................R.....v...........T.......................}.................B.............................7.......................x.......................r.......................x.................(.......................A.......................D.......................1..............................................U...........9.....P.................D.....b.......................8............ ....> ....Z ..... ....e!.....!.....!....A"....."....."....."....A#.....#.....#.....$.....$.....$....@%....`%.....%....^&.....&.....&....L'.....'.....'....$(.....(..../)....\|).....).....)....D....q..........+....q+.....+

C:\Program Files (x86)\BistroPortal\locales\gu.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1185706
Entropy (8bit):	4.334788643266702
Encrypted:	false
SSDEEP:
MD5:	68B6FF1C3EC958BEA375D9E262FD1D50
SHA1:	3316616D90525476F19890674B647C81C954A6D6
SHA-256:	35DD5AF2E398F80538D1BDE5701C17F4DEA6FF38A9B54F3DBF2E35F0BE989DD8
SHA-512:	694D234CC972EB6AEA2D5E0C75392DA4DCAE8DF8BA702DAAAA2FD87F6A71FDF7B5494706CB74947ACD3553E0BC7B29E9BA70A21903C48C94CF232CD8BCEC1158
Malicious:	false
Reputation:	unknown
Preview:	........L&(.e.z...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w....y.0...z.?...\|.E...}.W....._.....d.....l.....t.....\|...........................................................B.....~.....{.....L...........{.....<.................(.............................}.......................c.............................x...........{.....7.............................r.................^.............................'.....S.....P.....K.................0 ....>!.....!....&"....."....P#.....#.....#....l$....%....a%.....%....1&.....&....!'....:'.....(.....(.....)....J)..............!+....C+.....+.....,.....,.....-.....-...._................../....50.....0.....0.....1.....2....x3.....3....g4.....5....n5.....5.....6.....6.....6.....6.....7....~8.....9....89....C:.....;.....;.....;.....<....U=.....=.....=.....>....s?.....?.....@.....A.....A....OB.....B.....C.....D.....E.....E.....F.....G....XH.....H.....I....dJ.....J.....K.....K.....L.....L.....M....5N.....O.....O

C:\Program Files (x86)\BistroPortal\locales\he.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	731788
Entropy (8bit):	4.643704365072738
Encrypted:	false
SSDEEP:
MD5:	FF2761F7A8750DABDD020DB198B59C81
SHA1:	608BB4FA80616737DFEB3A566C1C09FF39331C4C
SHA-256:	E8C3B8DE967CE2BE8501CECAF34E874349D4F5DBC0572BDED470D600EC9B9B96
SHA-512:	46B36D4E9B0A5ABCB0F9A713009933E06B971CFFFFEEADE6A8DFCE789783695AF5A39BE76181516E42831FDB9954889016942AE36DE599F9B0F2E6D250E8BDCB
Malicious:	false
Reputation:	unknown
Preview:	........!&S.e.$...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...q.....r.....s.....t.....v.....w.....y.....z.....\|.....}.....................................$.....+.....2.....3.....4.....6.....M.....f.................a.......................K................."...........q.................v...........E.....g...........\.................).......................y...........!.....Q...........h.................x...........W.....v...........m.................U.................5.......................).................:.....g...........Q.................-...................................N.....a...........W.................&.......................W.............................. ....@ ....S ..... ....z!.....!.....!....k"....."....."....##.....#.....#...."$....F$.....$....=%.....%.....%....K&.....&.....'....C'.....'.....(....,(....E(.....(....()....Y)....r)...............*.....+.....+.....,.....-....(-.....-....P.................y/...../....F0....m0.....0....Y1.....1.....1....b2.....2....O3

C:\Program Files (x86)\BistroPortal\locales\hi.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1259021
Entropy (8bit):	4.306748845411917
Encrypted:	false
SSDEEP:
MD5:	5CAB306E80E33E84D2BBD0C5778F679D
SHA1:	81955B19004853685B8C9422A8C1DDAE0CDF1EBC
SHA-256:	C085F7682AA90E571C7CAB430D9C993DF7220C4BA7BEF6CA9535442E7BA47345
SHA-512:	69EC641DAE148402E76F627B96B699DE3BE4FF115624CD87135E8A1F0AEB92B7D3F67CAEB9B5142FB739C9D84BD6D56BF1685084495CB7DFA41B27A9ADFC8DBA
Malicious:	false
Reputation:	unknown
Preview:	.........&c.e.....h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...q.c...r.o...s.....t.....v.....w.....y.....z.....\|.....}.........................................................................8.....].....................................................M...............................................l...........n...........\|...........d..........._...........i...........l.............................j.....D...........t.................=.............................j............ .....!.....".....".....#...._$.....$.....$.....%....H&.....&.....&....Y'.....'....3(....L(....#).....)....H....y....8+.....+....J,....i,.....-.....-..........5............/...../...../.....0....h1.....1.....1.....2.....3....r4.....4....^5.....6....V6.....6.....7.....7.....7.....7.....8....T9.....9.....:.....:.....;....'<.....<....5=.....=.....>....C>....7?.....@.....@.....@.....A.....B....(C....`C.....D.....E.....F.....G.....H.....H....qI.....I.....J.....K....dL.....L.....M....lN.....N.... O.....P.....P....jQ

C:\Program Files (x86)\BistroPortal\locales\hr.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	565274
Entropy (8bit):	5.505980202633742
Encrypted:	false
SSDEEP:
MD5:	8C97405A7104C7E817EFB8C24040EFF0
SHA1:	766A990AD2ACC123AA07BE4DA00713FF2A3DBA71
SHA-256:	23ED11C02FCF848AFBD0E0C1301F9D3B9B1267768A14BEA7233838A3705BBA72
SHA-512:	F9F011A7309EC20ACD0073CAB572980F8BF9C21745CDCA7CE2F1AB0ECC7B9AC9A0EC4DDE8CB4CDA7E2EE7408077221DAEABC980CACF61F849CBBEA0F8A75160D
Malicious:	false
Reputation:	unknown
Preview:	........g&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.,...t.5...v.J...w.W...y.]...z.l...\|.r...}.......................................................................................................%.......................t.................E.................$.................4.....J.................6.....F.......................$.................).....N...........K.................&.......................M.......................o.................I...........b.................G.......................%.....r.......................7.....X.....h...........+.....b.....w...........&.....T.....c.................f.....{...........#.....N.....^.................6.....F...........6.......................<.....^.....{...........".....A.....a.................7.....N...........-.....s............ ....O ....t ..... ..... ....W!.....!.....!....)"....."....."....."....{#.....#....V$....h$.....$....P%.....%.....%.....&....u&.....&.....&.....'....R'....p'.....'.....'....^(.....(

C:\Program Files (x86)\BistroPortal\locales\hu.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	609694
Entropy (8bit):	5.6340281443356455
Encrypted:	false
SSDEEP:
MD5:	2DF6993C9ADE7FFE81A32110EA8AF59C
SHA1:	D41578AA452BA014855718649C9BD0F4BE4F3FDA
SHA-256:	7745DBDB744018B919B278BBF177E2BCC1ACE045EF89F1F12385D3C3EA199644
SHA-512:	3EE3F4426CA32CCE7E4EF5838CA31CD9623F2483FD0D3EC2F27BC5C2616FF6D79B407BB77CED93BD0AAF28712C553D67E30879B5C6EDC28000C9C2733F59F21B
Malicious:	false
Reputation:	unknown
Preview:	........%&O.e.,...h.4...i.E...j.O...k.^...l.i...n.q...o.v...p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.....}...............................#..........1.....8.....9.....:.....?.....O.....e.....z...........<...........].....{...........r.................N...........4.....N...........F.....\|.................o.......................}.................c.................F...........m.................[.................".................K.....[...........^.................S...........?.....^...........R.....~.................s.........................................Y...........5.....L...........V.................&.......................q...........?.....T...........Z.................+............ ....& ..... .....!....1!....M!.....!....."....D"....m"....."....4#....s#.....#.....$.....$.....$.....%....s%.....%.....%.....%....i&.....&.....&.....'.....'.....'....K(....l(.....(.....)...................C+.....+.....+....[,.....,...."-....>-.....-..........=.....Y...........J/...../

C:\Program Files (x86)\BistroPortal\locales\id.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	503023
Entropy (8bit):	5.37562340533888
Encrypted:	false
SSDEEP:
MD5:	B477ACE2F99EFEED02CC9B69C7806AC1
SHA1:	C5C31507ADCAAF1D9341B340FE985A9B9F37ED2E
SHA-256:	A15956FC814A58921B128A7501A14B1B46A3A6A91F2C9585EBE03684B4633D04
SHA-512:	7D0C1DAFA726642774597EE884D5E2AD4565B77D33E27D8E353341F41D7879B10519DA191205F8ED5A21C41215EF7FF26BB2CA680BE2B8D0B4FE4F410EB42E07
Malicious:	false
Reputation:	unknown
Preview:	........;&9.e.X...h.`...i.q...j.}...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.....}.,.....4.....9.....A.....I.....Q.....X....._.....f.....g.....h.....j.....x.......................".......................B.......................3.......................O.......................R.......................0.....t.......................k.................".....v.......................b.......................A.....n.....{...........A.....\|.................j.......................G.....b.....s.................+.....7.............................^.......................E....................... .....n.......................G.....t.......................`.....m...........!.....W.....i.............................l.......................D.......................%.....n.......................E....._.....m.................M.....\.................T.....m...........e.................;.......................N ..... ..... ..... ....$!....e!.....!.....!.....!....S"....."

C:\Program Files (x86)\BistroPortal\locales\it.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	560896
Entropy (8bit):	5.2718506554077775
Encrypted:	false
SSDEEP:
MD5:	C75455595E050C22C3CC2D246F4C0723
SHA1:	9CC815AB7F55959A2713BEEBD3A4B2BBF373F982
SHA-256:	569E35D401CA6CBC02665C797AFB3A8D74B9E8AD5436BABC4F0ADF6633984ED8
SHA-512:	292D22EF305CF382D0FC8040A8DF6B3682F044E4CE4E0D15FC22F0996EAE145D423C4D221884510635042835544D2183E975A738B468627F21A0D237C512437A
Malicious:	false
Reputation:	unknown
Preview:	........J&*.e.v...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.#...z.2...\|.8...}.J.....R.....W....._.....g.....o.....v.....}.....................................................k...........Y.....u...........:.....\|...............................................I.....r.................1.....?...............................................X...........P.................:.......................[.......................x...........!.....:...........4.......................U.......................9.....c.....q.................).....4.................>.....P.................,.....7.............................Z.......................3.......................<.......................h.......................7.....l.......................F.....r.................c.................E....................... ....^ ..... ..... ....,!.....!.....!.....!.....".....#....y#.....#.....$.....$.....$.....%.....%.....%....9&....O&.....&.....&.....&.....'....~'.....'.....(

C:\Program Files (x86)\BistroPortal\locales\ja.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	680743
Entropy (8bit):	5.720303722188199
Encrypted:	false
SSDEEP:
MD5:	87FC19E8AE7FD3FDDBD57ED1F1920DA7
SHA1:	669D4379824525343F6A7395AB4288D5C0EED67A
SHA-256:	8F3866E348114DC523CE54C18F48BF584C45D88CFA1B551E77C5FF9AF3D98E16
SHA-512:	5F8CF01B8D08B85FD7F802F18069ADB091A07704685B356060EE2A0AD2100AABC3D1620B077306375E807A5359482946E12A87A79306066063A60083342C6735
Malicious:	false
Reputation:	unknown
Preview:	.........%..e.....h.....i.....j.....k.....l. ...m.(...o.=...p.J...q.P...v.\...w.i...y.o...z.~...\|.....}...........................................................................................-.....N.....o.........................................8.....P...........{.......................Z.................o.................).................$.....4...........0.....g...................................s.................&.................2.....A...........".....Y.....h...............................................0...........1.....r.........................................B.................>...................................^.....p...........[...............................................H.................H ..... ..... .....!.....!.....!..../"....P"....."....<#.....#.....#....D$.....$.....%....B%.....%.....%.....&....+&.....&....0'....p'.....'.....(....`(.....(.....(....X).....)....`....u.....+.....+.....+.....+.....,.....-....U-....v-.....-....d.................I/...../.....0....-0

C:\Program Files (x86)\BistroPortal\locales\kn.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1349791
Entropy (8bit):	4.246701146576986
Encrypted:	false
SSDEEP:
MD5:	88D997A61195BE55A448602D0DA5A18D
SHA1:	68DFDE9BAB97083318F71433A9C0DD6FD3E486D1
SHA-256:	DEDC68395D55245CE31307606C94A2B01041FEC0DF7F30DF932530D60A83EFFB
SHA-512:	4B73D0CBDBE023C13B829A707399A1672B3D8D23B36806B2E95FC386DF17D2388353355FC5FDDCBB84603BE16778792AD99ADE12D21100E4790F1AD59B31B85C
Malicious:	false
Reputation:	unknown
Preview:	........n&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.)...s.:...t.C...v.X...w.e...y.k...z.z...\|.....}...............................................................................A.................L.......................#.....+...........:.........................................?...........;...........2.....f.....S...................................S.................#...........[.....a.....5............ .....!.....!.....".....".....$....!%.....%....3&.....'.....(.....)....".........T+.....+.....+.....,...."-....u-.....-....7........... /....5/.....0.....0....Y1.....1....g2....!3.....3.....3....s4....$5.....5.....5.....6....R7.....7.....7.....8....x9.....9....":....D;....C<.....=....2=.....>.....>....3?.....?.... @.....@.....@.....A.....A.....B.....C....BC....jD....2E.....E....GF..../G.....G....4H.....H.....I....\|J.....K....[K.....L....lM....6N.....N.....P....nQ....lR.....R.....T.....U.....U....NV.....W....kX.....Y....^Y....+Z.....Z....>[....z[.....\.....]....?^

C:\Program Files (x86)\BistroPortal\locales\ko.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	572474
Entropy (8bit):	6.075968450636386
Encrypted:	false
SSDEEP:
MD5:	C45F87E32B4D8BBCEB0BE70422268CAD
SHA1:	A86652B06EC8AD497EC3B26058DE43719EC19489
SHA-256:	979C49A8C189CEF8661CB8786318E8DFC34537F910088A2F6FA061FF2DB8F96B
SHA-512:	F0DE6E171FC290936F9A3F6A22198AE31C3BB7E5C5435E0E5D26C2E46C275113E569A62C0CD2BA3389DE1FB8317410B2D41AA094C25663DFBFEBEC95189077B8
Malicious:	false
Reputation:	unknown
Preview:	........]%..e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....y.+...z.:...\|.@...}.R.....Z....._.....g.....r.....z.................................................................e.................=.................W.....j...........N.......................x................./.......................4.......................C.......................T.......................m.......................a.......................`...................................Y.....p...........".....F.....].................(.....8.........................................5.....Q.................I.....Y........... .....T.....g...........#.....S.....c...........!.....R.....b...........W.......................b.......................].......................h.................-.......................R.............................p................. .....d.................3 ..... ..... .....!....u!.....!....."....%".....".....".....#..../#.....#.....#.....$.....$.....$.....$.....%.....%.....%

C:\Program Files (x86)\BistroPortal\locales\lt.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	613423
Entropy (8bit):	5.629647155704153
Encrypted:	false
SSDEEP:
MD5:	5A69D04EA22C01A30ABC898BEB1A0CD9
SHA1:	99FD743F3F7DAA7942E3C96AAB5514A4964B987D
SHA-256:	BA6FA852B9A29A01CF48F012EC8C25BCC9A8E50ECC88BF67445572C7A1226ACA
SHA-512:	46041D70460D842DC567233099399576474B62AD37A538506C94FFB33F47F5B743FBAD9EBFDAD0AA2CE1B4E42C7DDDEE61FB432FB71317FAF21EACB3AC2ED946
Malicious:	false
Reputation:	unknown
Preview:	........H&,.e.r...h.z...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.4...}.F.....N.....S.....[.....c.....k.....r.....y.....................................................Z...........H.....c...........y.................s...........M.....g...........^.................(.......................g...........#.....:...........4.....h...................................x...........(.....9...........'.....a.....q.............................z...........X.....v...........X.......................}.................2.......................k...........).....<...........0.....j.....y...........w.................C.......................y...........'.....5...........h.................L ..... ..... .....!.....!....."....W"....."....."....q#.....#.....#....Q$.....$.....%....A%.....%.....&....:&....M&.....&....t'.....'.....'....g(.....(.....)....R).....)...............+.....+.....,....L,....l,.....-.....-.....-.....-....N.......................n/...../....>0

C:\Program Files (x86)\BistroPortal\locales\lv.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	613107
Entropy (8bit):	5.627623887847645
Encrypted:	false
SSDEEP:
MD5:	E4CD6BD3FC9FBF169BB969125B6E6AF0
SHA1:	5BA3028F04450F5719A0BE874897155DDFBEC9A0
SHA-256:	3C0770264F6297F40299875236D3160B6D3899C89EE03B8F4640425574B5F047
SHA-512:	2F49361510A6F787B7D49A7D588D6C90B3AF20B97FE28945C7D67A71AC7B126B6A7F12E438C76092F5647B9588775BDD35DF6DCF1A9DEECE0D93F838E3BF22E9
Malicious:	false
Reputation:	unknown
Preview:	........k&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.#...s.4...t.=...v.R...w._...y.e...z.t...\|.z...}..........................................................................................."...........~.................k...........6.....I...........~.................j...........;.....Z...........9.....u.................u.................1.............................G........................................{...........A.....T...........x.................f...........\.....}...........H.....n.................Q.....z................._.........................................k...................................S.....b...........K.....~...................................d...... ....W ....o ..... ....2!....M!....b!.....!....a".....".....".....#.....#.....#.....#....L$.....$.....%....V%.....%....#&....C&....\&.....&....`'.....'.....'....,(.....(.....(.....).....)....^..............\+.....+.....,....=,.....,....8-....r-.....-.....-....T.....o............/...../...../

C:\Program Files (x86)\BistroPortal\locales\ml.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1403916
Entropy (8bit):	4.281209398992985
Encrypted:	false
SSDEEP:
MD5:	6F7D497FA095A87BA77985760C749D31
SHA1:	39B7644C52A3443BDEFD8A67D27ADE30876E9A67
SHA-256:	2475D2A29FEECCE37C67284BBCFDF52527FC9EB1EAC0CB81ADB307BD6073B7AA
SHA-512:	0668D8F63A5BEE629419E575955298C45DBA2F0084B1AA97F1BBD00CF59E6CEEF4061FAC1C4243BB0149DBCBB5B1A3BE0AEEED63BC9604C22AE8A49B6F5B8847
Malicious:	false
Reputation:	unknown
Preview:	........g&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.,...t.5...v.J...w.W...y.]...z.l...\|.r...}...............................................................................B.................4.....x.....a.......................u...........C.................................................................<.....-.........................................g.......................................... ..... .....!....."....S#.....#.....$.....%.....&.....&....\|(.....)..........+.....+.....,.....,.....-.....-.........../....0/...../.....0.....1....H1....2.....2....t3.....3.....4....)5.....5.....5.....6.....7.....8....78....#9.....9....u:.....:.....;....I<.....<.....<.....=.....?.....?....#@.....A.....A....?B....wB....<C.....C....0D....rD....NE.....F.....F.....F...."H.....I.....I....(J.....K.....K....4L....xL.....M.....N.....O....rO.....P....sQ....)R....qR.....S.....T.....U.....U.....W.....X.....X.....Y....KZ....F[.....[....9\....*].....^.....^.....^.....`.....a.....a

C:\Program Files (x86)\BistroPortal\locales\mr.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1157380
Entropy (8bit):	4.312323876145511
Encrypted:	false
SSDEEP:
MD5:	0980B8DA2385CAEB8DB47F031CF825BA
SHA1:	2932FD301339D5F1F970AF5B83C904A0FF54C6A4
SHA-256:	EEF4F77EA9BFDCA58FDD48C105F77C29E7E586B4F98374897B59FEE23261DD6E
SHA-512:	7E3C99BBD41FFB07DD511BFA2FB61DD272290FC179D41940CBA18814FE27D9593C1DE79B7C3704F0CA96EB793996BA255F0834A54D00E89510A3984C0D54B7BC
Malicious:	false
Reputation:	unknown
Preview:	........ &T.e."...h....i.D...j.P...k._...l.j...n.r...o.w...p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.....}...............................$.....+.....2.....9.....:.....;.....@.....b.......................G...........=.....y.................l.................5...........\.....b....._...................................H.................H.....h.....r.....P.................................................................. .....!.....!.....!.....".....$.....$.....%....t&.....'.....(.....(.....)..........*....)+.....+.....,.....,.....-.....-....l................../.....0.....1....J1....22.....3....q3.....3....d4....+5.....5.....5....h6....+7.....7.....7....t8....>9.....9.....9.....;....1<.....<....2=.....=.....>.....>.....?.....?....X@.....@.....@....\|A....BB.....B.....B.....D.....E.....E.....F.....G.....G....#H....gH.....I.....J....!K....bK.....L....qM....$N....WN.....O.....Q.....Q.....R....oS....yT.....U.....U.....V....nW.....W.....X.....X.....Y.....Z....6Z....W[....K\.....\

C:\Program Files (x86)\BistroPortal\locales\ms.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	527111
Entropy (8bit):	5.250047457813333
Encrypted:	false
SSDEEP:
MD5:	E027E7853B8B9DD24871456F14BB8744
SHA1:	189219A26B54B19FD8E88A37C06FDF8D12E6BB48
SHA-256:	4006F5341D8A954422383BE2D631DFC3916BEF0866B818F22E568666454B6A9A
SHA-512:	588E853E7D958A8BBB10DBF2F373B1E7AD501E0A4E074760617E5027EE1994B6B4257FF52E0D50D342CC085D68183799E7E3CE50D83C67CA4C05B0DB99463D1A
Malicious:	false
Reputation:	unknown
Preview:	........t&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q. ...r.,...s.=...t.F...v.[...w.h...y.n...z.}...\|.....}.......................................................................................................5.......................f.........................................O.......................i......................._.......................a...................................@.....X.................%...................................s...................................].....o.......................-.....y.......................K.......................1.......................>.......................7.......................'.............................x.................%.......................H.......................0.....z.......................W.......................@.....u................. .....8.....D.................6.....E............ ....S ....l ..... ....c!.....!.....!....5"....."....."....."....M#.....#.....#.....#....)$....q$.....$.....$.....$....Q%....~%

C:\Program Files (x86)\BistroPortal\locales\nb.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	511040
Entropy (8bit):	5.42479614368544
Encrypted:	false
SSDEEP:
MD5:	11586465E13CC391D0477FBE47EC45E9
SHA1:	0D28FFD0F71C6FF7AAD3FB7CE78371A23E9B5B3E
SHA-256:	C9E6BA8B6C6E28F22C4FAB5A4DADB29A6BF241A4D0D76A7DB5D56B112F65DA41
SHA-512:	64CADE448A8D26D7D7A6D30B951FBDAE2CF9E7F803967A9C7F1EE29DF262B845F60266CCF2142673DA9EC3CD445E29D44DD2EA7D820FBC71DC75AFF6D1B14680
Malicious:	false
Reputation:	unknown
Preview:	........O&%.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v. ...w.-...y.3...z.B...\|.H...}.Z.....b.....g.....o.....w.......................................................................t...........g.....\|...........E.....~...................................q.......................r.......................`.......................a...................................2.....U...........b.................<.......................x...........=.....W...........w.................6.............................W.....\|.................:....._.....o...........6.....n.................B.....p.................H.....z.................=.....f.....v...........4.....b.....p...........Z.......................h.......................L.....k.................1.....S.....e...........R.................# ....\| ..... ..... ....)!.....!.....!.....!....>"....."....."....."....L#.....#.....#.....$.....$.....%...._%.....%.....%....P&....\|&.....&.....&....+'....H'....V'.....'.... (....O(

C:\Program Files (x86)\BistroPortal\locales\nl.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	528559
Entropy (8bit):	5.359276347541212
Encrypted:	false
SSDEEP:
MD5:	A78342F05AE43C5700A4BAB660C8AF5D
SHA1:	5AF055F4173A1B480A83E3BD5A40D39285BEF4DF
SHA-256:	C7AAC0884458115EBB5B9B84F5197B7C25CE68FFC150A24A6A68B6B04E604AA5
SHA-512:	26CCE44EFB82D9F9FBFCEE5E16652F83CDAD764716875BC4A4083A22F8DC9093B183E5C82BCC6B1CD0C6CE058CD19D235AA1C743C5ECE834C489AC468AD87C2F
Malicious:	false
Reputation:	unknown
Preview:	........>&6.e.^...h.f...i.w...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|. ...}.2.....:.....?.....G.....O.....W.....^.....e.....l.....m.....n.....p.....\|.......................=...................................(.....<...........#.....h.....~...........K.......................C.....l.....{...........'.....O.....]...........5.....l.................e.......................z.................%.......................G...................................O.....h.................+.....?.............................a.......................P.......................R.......................7.............................i.......................^.......................}.................6.......................'.....r.......................`.......................l.................*.....q.......................g.................+ ....\| ..... ..... ....b!.....!....8"....I"....."....7#....y#.....#.....$....i$.....$.....$.....%....R%....v%.....%.....%....H&....v&

C:\Program Files (x86)\BistroPortal\locales\pl.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	590384
Entropy (8bit):	5.76022190179785
Encrypted:	false
SSDEEP:
MD5:	827893A75C44CDD33EC9A971784B23B2
SHA1:	AE83987940A763FDD35DF06236C92CF9263BC12D
SHA-256:	6FED6867972984C9CAA70F3C752AB20B72EF644E9858587311E864BF84644EB7
SHA-512:	F085D74C7F8ADD5DF25141F4A8347531C775DAE23552269599CAD661E02D618C6C8358DEC2E9FBED8ABF8F962D375E293A0B62AEFF15C4C3C8DA13AA48F4CC74
Malicious:	false
Reputation:	unknown
Preview:	........Q&#.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.)...y./...z.>...\|.D...}.V.....^.....c.....k.....s.....{.................................................................z...........u................._.................>.................&......................@.................!.....5.................4.....F.................S.....y...........o.................L.......................b...................................R.....n.............................[.............................g.......................-.....N.....\...........%.....^.....r...........-.....`.....r...........'.....X.....h.................?.....O.................?.....P...........:.......................9.....V.....m.................7.....].................M.....b...........4.................. ....M ....k ..... ..... ....5!....[!....w!.....!....T"....."....."....6#.....#.....#.....$.....$.....%....I%....t%.....%.....&....[&....l&.....&.....&.....'....'.....'.....(....@(

C:\Program Files (x86)\BistroPortal\locales\pt-BR.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	553708
Entropy (8bit):	5.417194504645817
Encrypted:	false
SSDEEP:
MD5:	7C98581A10A5C3A8945449ED5FC76FD5
SHA1:	C577BC8B8E7D328B341D3802179E7C5CAB08520D
SHA-256:	5A01AEB9445671D063992488B5016FF7507E8C4A145F95C02BA4E8497042A36F
SHA-512:	795E9F1F4F02EDF70F1DEF42B4D71375AB5F239E501B7016B9FE23C795660D0E2827589FEF8B9E7540629E28B661AF396F15EC55DB3A8383E7D6DD8FD175D562
Malicious:	false
Reputation:	unknown
Preview:	........T& .e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.$...w.1...y.7...z.F...\|.L...}.^.....f.....k.....s.....{...................................................................................n.................Q.................-.................6.................5.....J.......................*.......................".................\...................................\.........................................2........... .....m...................................W.......................7.......................5.......................8.......................;.............................q.......................K.....y.................@.....x...................................B.............................].................4....._.....w...........p............ ....T ....y ..... ..... ....8!...._!....r!.....!....B"....."....."....,#.....#.....$.....$.....$.....%....a%.....%.....%....>&....f&....y&.....&.....'....<'....Q'.....'....)(....f(.....(.....(

C:\Program Files (x86)\BistroPortal\locales\pt-PT.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	558097
Entropy (8bit):	5.390828272818456
Encrypted:	false
SSDEEP:
MD5:	B4FF86FC5AD96BCC3D4170B1E9FFE508
SHA1:	70ACEE277D74F7198FD89A85BB8FBA9491D995F3
SHA-256:	36DFF552701125A2090872570B0E8CCF2408BAB351955BF2633FAF95BDF18F7B
SHA-512:	604538D924A160D89276279988A0E6FBA26C904E09E30D9BB495C9EB1D43519993EBD51841E172BA7D56F841133199A0611C9907B03E03AEED90B849211B29D0
Malicious:	false
Reputation:	unknown
Preview:	........k&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.#...s.4...t.=...v.R...w._...y.e...z.t...\|.z...}.......................................................................................................,.......................p.................Y...........9.....T...........?.......................J.....t.................+.....X.....j...........X.................>.......................x.........../.....<.................;.....K.................i.....~...........t.................I.......................4.......................,.......................<.......................D......................./.............................^.......................L.......................o.................,.............................D.....^.....o...........3.....`.....z...........S................." ....i ..... ..... .....!....S!.....!.....!....."...._"....."....."....M#.....#....($....@$.....$....0%....w%.....%.....&....~&.....&.....&....$'....r'.....'.....'.....(....z(.....(

C:\Program Files (x86)\BistroPortal\locales\ro.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	577101
Entropy (8bit):	5.447647583972153
Encrypted:	false
SSDEEP:
MD5:	429453C95F44892282B3E8950D767BCA
SHA1:	6F6509C120CC0B98F5A0F2FD6D3258507129CD0D
SHA-256:	E5A2C82A3759525F26C8A501700B657E3E8924CE131523AC1F4143DCD0C504F2
SHA-512:	BA66B49C010252ACEC7629571B5E8F80439637DFF10CA83AAD5B130A9AB48E7348BD9F102ED3C16E2F764F4119FC4C610BAFDA8C6E40BA6A22CD4D2541EF047F
Malicious:	false
Reputation:	unknown
Preview:	........Q&#.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.)...y./...z.>...\|.D...}.V.....^.....c.....k.....s.....{.................................................................a...........?.....Y.................S.....g...........n................._.................).............................b.......................q.................9...........'.....l.................n.................6.......................M...................................n.................;.....Y.....v.................1.....E.............................{.......................x.......................e.......................?.............................s.................9.......................m.......................=.......................<.......................W.................B........................ ..... ..... ....!!....<!.....!....."....@"....U"....."....R#.....#.....#....G$.....$.....$.....%.....%.....%....,&....D&.....&.....&.....'.....'.....'.....(....Y(

C:\Program Files (x86)\BistroPortal\locales\ru.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	945241
Entropy (8bit):	4.847298642890013
Encrypted:	false
SSDEEP:
MD5:	37252BFE5EC58325DDC455661203A1D9
SHA1:	1AB4F6A760ACD8E2517BEE42881750ACFC970A93
SHA-256:	7BBF682BB72A59E55ECD1807631C1078E89DDED57AFBF27092F5498C0517DAF9
SHA-512:	F4E3D37A64386E535FECCD6A38143E5417A5FED8E8C35313FAD2796091956481C4BFDA4FAE63516C462F5014558C5F9859EA3C245884409059F3F664AB727FE8
Malicious:	false
Reputation:	unknown
Preview:	.........%..e.$...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...q.....r.....s.....t.....v.....w.....y.....z.....\|.....}.....................................$.....+.....2.....3.....4.....6.....S.....p.................p.....0...............................................C.............................F.........../...........7.....Z.................P.....g.......................I.....<.......................y...........^...........:.................@.................".....O.....S.....M......................./.....\...................................^...................................W.....\|....." ..... ..... ....!!.....!....$"...._"....v"....."....s#.....#.....#....A$.....$.....$.....%.....&.....&....^'.....'.....(.....(.....(.....(....S).....).....).....)....{*.....+.....+.....+.....,....--.....-.....-....{............/...../...../....F0.....0.....0.....1.....1....l2.....2....i3....!4.....4.....4.....5.....6.....7....k7.....8.....8.....8.....8....w9.....9....%:....>:.....;.....;....3<

C:\Program Files (x86)\BistroPortal\locales\sk.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	594543
Entropy (8bit):	5.807775521081244
Encrypted:	false
SSDEEP:
MD5:	151C68194B1DD25B921C6B3E0BD8970E
SHA1:	36B7A5A7D2E1FE99EC9D292F58AC0C6E66720E6C
SHA-256:	FE2FA256B7632868199FEA85A9F03238D98F1A2519F510F32583DF26B10D75C0
SHA-512:	659A70116349EBFAC2B34683D5A28B19D26666AA44D724BD4649441FA7ED74A087FD09EB790750931FCF2BF8F15A88CF9CF3B9A5DAD8461ACCEBE0828FF54C5F
Malicious:	false
Reputation:	unknown
Preview:	........S&!.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.%...w.2...y.8...z.G...\|.M...}._.....g.....l.....t.....\|.............................................................................5.................9...................................W.....q...........B.....{.................a.......................\.......................r.................g...........3.....V...........M.........................................W.................(...........M.......................o.......................e.......................^.......................w.................5.......................J.......................[.......................z...........(.....;...........U.......................X.....s.................<.....X.....m...........7 ....o ..... .....!....\|!.....!.....!....Q"....."....."....."....U#.....#.....#.....#....u$.....$...."%....<%.....%....w&.....&.....&....r'.....'.....(....;(.....(.....)....;)....O).....).....).... ....4.....*....++....m+

C:\Program Files (x86)\BistroPortal\locales\sl.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	570781
Entropy (8bit):	5.4772434286011995
Encrypted:	false
SSDEEP:
MD5:	9216DB464601FEA48DB43A11E8EC1C2A
SHA1:	D6336335193A961E3A41163ACE20584542064040
SHA-256:	586B6955D0FFE670D6EA395C5CA892E30A50F19CF46D14E2E0BF96241C42C2D3
SHA-512:	9F92694ACBF76F135CB1572FA09AA3AA98C2B6E8A84E992DF57331F6CEC1300882B79EE1D6046E9D7DB541E682A33762586A720C72CC693C0CB25AA1829E029A
Malicious:	false
Reputation:	unknown
Preview:	........;&9.e.X...h.`...i.q...j.{...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.....}.*.....2.....7.....?.....G.....O.....V.....].....d.....e.....f.....h.....z.......................=.................8.................?.....P...........\.................0.......................5.......................'.......................9.......................y...........$.....E...........#.....].....s...........G.....~...................................}...........N.....t...........#.....:.....R.................'.....7......................./.................N.....b...........).....\.....m...........S.......................e.......................i.........................................<.......................$.....v.......................q.................B.................. ....s ..... ..... ..... ....l!.....!....."....."....."....."....&#....>#.....#.....$.....$.....%.....%....H&.....&.....&....G'.....'.....'.....'....C(.....(.....(.....(....5).....).....)

C:\Program Files (x86)\BistroPortal\locales\sr.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	877062
Entropy (8bit):	4.784566419222159
Encrypted:	false
SSDEEP:
MD5:	1E1586BDE8F9AB983B44F3545207A4A7
SHA1:	32D0CD4F82F0608EFE5663EA3E015BEE02F100F9
SHA-256:	8787F0197145F7DEA0913C681E7210971C2F445820B18D2BD46755EDB1F6BFBA
SHA-512:	9995FE839F8907FB8899526B3999D3BCC672C6BD1AF48AF717C2724D0F56716A6B9ADB41EDEAF3B6635E370ABB78EA20707DB594AFFAB21609DB9CAFFFD1B4A9
Malicious:	false
Reputation:	unknown
Preview:	........^&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...\|.`...}.r.....z.............................................................................".....W.....D.......................}.............................s...........;.................,.....a.........................................L.....c.....5...........$....._....._.............................E.......................%.......................I.........................................N.............................. ....V ....y .....!....v!.....!.....!.....".....#.....#.....#....a$.....$....6%....W%.....%....p&.....&.....&....r'.....'....5(....V(.....(.....).....).....).....*....s+.....+.....,.....,.....-....U-....}-............................./....>0.....0.....0....x1.....2....k2.....2....^3.....3.....4....04.....4....~5.....5.....6.....6...._7.....7.....8.....8.....9....c:.....:....o;.....<.....<.....<.....=.....>....k>.....>.....?.....?.....?.....?.....@....UA.....A

C:\Program Files (x86)\BistroPortal\locales\sv.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	514900
Entropy (8bit):	5.534632365859153
Encrypted:	false
SSDEEP:
MD5:	B91584A15FAFAF0F8F4BEE8AA2A89392
SHA1:	CA74D0170ADDC3D1F2575F78E74EAA829AD4D61E
SHA-256:	FB5FCA3F1070AC66D74ECDBF6EC8019EF83BE19440200EFE704A919561478E79
SHA-512:	2873ED796A42BDE07353F1E93F408A70A1AEE627B48EBC233F43F57E4DFA711DBE856A66BF732EEF2B6539209A6F1EBC55AF4BC8B1F768EC388DCE820BE654B3
Malicious:	false
Reputation:	unknown
Preview:	.........&[.e.....h.....i.-...j.9...k.H...l.S...n.[...o.`...p.m...q.s...r.....s.....t.....v.....w.....y.....z.....\|.....}.................................................".....#.....$.....&.....7.....I.....].....q...........v.................=.......................y...........F....._.........../.....h.................:.....i.....y...........9.....j.....z...........^.................0.......................c.......................m.................,...........(.....s...........$.................1.............................^.......................;......................./.......................<.......................1.......................!.....~.......................\|.................#.......................8.............................a.......................2.....S.....e...........=.....z.................^.....}.................O ....w ..... ..... ....E!.....!.....!.....".....".....".....#.....#.....#....-$....S$.....$.....%....O%....b%.....%.....%.....&....(&.....&.....&.....'

C:\Program Files (x86)\BistroPortal\locales\sw.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	541877
Entropy (8bit):	5.337666353659303
Encrypted:	false
SSDEEP:
MD5:	F705479B21542EFB2D1D0949148D1162
SHA1:	971A551036BD84473B7160AE3A8A685FB18EF6D6
SHA-256:	1E8241C4E3CE461727E5BD517ADB16DBFF269D62BAE3C6CA3E71C451641BF013
SHA-512:	7461349D3ED81D22DCC3CE131B2E512AA57D8C6306C373872234092D9936C678FAE5301154EEE5FF2F8E8F6EE6119FFB9E6F56460C84C76A2E2535B18B0D89FD
Malicious:	false
Reputation:	unknown
Preview:	........K&).e.x...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.4...}.F.....N.....S.....[.....c.....k.....r.....y.....................................................Y...........(.....>.................L.....^...........Q.......................j.......................[.......................@.....o.....}...........J.....~...........,.......................y.................,....................... .................!.....5...........D.......................d.......................5.....X.....a.................!.....-.................[.....i.................N.....`...........$.....a.....l.................C.....P.................C.....L...........0.....v.................B.....n.................L.....}.................^.................*.......................\.......................7 ..... ..... ..... ....E!.....!.....!.....".....".....#....Y#....m#.....#....O$.....$.....$....8%.....%.....%.....&....j&.....&.....&.....'.....'.....'....?(

C:\Program Files (x86)\BistroPortal\locales\ta.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1400174
Entropy (8bit):	4.054412205591541
Encrypted:	false
SSDEEP:
MD5:	7C450BF31072DCF36BDE01C0D05BA41B
SHA1:	B96AB5CDD9BF314964D487D9AB611C3F63C53CAF
SHA-256:	D9A1509244F1020FA91F110B37AFE6A72CD26994ACDB73650B824613D12EAD68
SHA-512:	ADF2742C5E0AFA0C2953114123F61621D7FFBF3AFEE3B9D72CC6EEAEAA420AA2485C77F725EBD620377A1B4DB5FC421FD383D8968FB87DADD3ED7E5A3E496BE7
Malicious:	false
Reputation:	unknown
Preview:	........5&?.e.L...h.T...i.e...j.q...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.....}. .....(.....-.....5.....=.....E.....L.....S.....Z.....[.....\.....a.......................^...........Y...........H.............................L...........~.................I.............................s.................p.................6.....:...........%............................." ....8!.....!....."...._#.....$....%....[%.....&.....(.....(....3)..........+.....,....<-....?....../....\/...../.....0....m1.....1.....2.....2.....3....)4....]4.....5.....6....$7....p7....g8....X9.....9.....:.....:.....;....W<.....<....~=....n>.....>.....?.....@.....A....~A.....A.....C....^D....:E....~E....yF....aG.....G.....H.....H.....I.....J....jJ....?K....(L.....L....@M....iN....wO.....O.....P....WQ.....R....mR.....R.....S.....T.....U.....U....OW....bX....CY.....Y.....[....j].....^....._....h`....ua....4b.....b.....d....:e.....e....Kf....Og....<h.....h.....h.....j....]k.....k

C:\Program Files (x86)\BistroPortal\locales\te.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1289060
Entropy (8bit):	4.312124608985589
Encrypted:	false
SSDEEP:
MD5:	6D4D3E657FFCA020EFD136E111B5A804
SHA1:	D1BC975AF4167B19641434EE713895EFCCE370E9
SHA-256:	76482CE268988399926E39853CAB7AE284D11256415D74C47F78E9EC329716E5
SHA-512:	B128A8694D8FF663B7AE7750D0A59E1A833663893708889192BA42A28BF167AFCEACCD1455C41EFCBCD3C7E53DE9597EF25B5B678133FB83CF7171580E34A927
Malicious:	false
Reputation:	unknown
Preview:	........j&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.*...s.;...t.D...v.Y...w.f...y.l...z.{...\|.....}...............................................................................?.....\|...........n.......................C.....5......................................... .....9...................................&.....5...........}.............................e...........&...........R...........\| .....!....S!.....".....#.....$....Y$.....%.....&.....'....+(.....).....+.....+....K,....6-.....-....;.....p....../....^0.....0.....1.....2.....2....N3.....3.....4.....5....Z6.....6.....7.....8....<9.....9.....:....t;.....;....,<....K=.....>.....>.....>.....?.....@....FA.....A.....B.....C....vD.....D.....E....kF.....F.....G.....G....mH.....H.....H.....I....TJ.....K....MK.....L.....M....4N.....N.....O.....P.....P.....Q....nR....LS.....S.....T....hU.... V.....V.....W.....X....dZ.....[.....[....X]....i^....._....._.....`.....a....cb.....b.....c.....d.....d....-e.....f.....g....0h

C:\Program Files (x86)\BistroPortal\locales\th.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1083789
Entropy (8bit):	4.362162671759777
Encrypted:	false
SSDEEP:
MD5:	741FEEC71604E01CEFC9452ABD1607E0
SHA1:	EB2B2135D8C11746128C615B6EDC116D6E43CFCB
SHA-256:	28500B94569C2DF37B827D95E1D32ADCC9AC3844E062E025976342A9861F28AA
SHA-512:	C56EA9222692CCED5769B8BC87BCCA4EBE7BFD4F26FA8FD2BEEFB4047AAAAB0EAFEC418C6B2E07389023AADB936CE4B41C00BC6C501F01F34460BBC513D8673F
Malicious:	false
Reputation:	unknown
Preview:	........y%..e.....h.....i.....j.....k.....l.....o.....p.....q.....r.+...s.<...t.E...v.Z...w.g...y.m...z.\|...\|.....}.....................................................................................3.............................j...........q...........r.............................U...........i...........\...........~.............................P.....i...........G...........0.....'...........8...........W.......................q...........~...........y....."...............................................Q ..... ..... .....!....\".....".....".....#....F$.....$.....$.....%....N&.....&.....&.....'....n(.....(.....).....)...............+.....+....d,.....,.....,.....-...._..................0.....1.....1.....1.....2....<3.....3.....3....v4.....4....A5....x5.....6.....6.....6....-7....M8.....9.....9.....:.....:.....;....T;.....;....Y<.....<....B=....x=....w>.....>....{?.....?.....@.....A....JB....kB.....C.....D....oE.....E.....F....zG.....G....&H.....H....rI.....I.....I.....J.....K....PL

C:\Program Files (x86)\BistroPortal\locales\tr.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	553863
Entropy (8bit):	5.6055979524748505
Encrypted:	false
SSDEEP:
MD5:	4D33D1571AC15132F4031AA2E1614F58
SHA1:	AA09F2480FB950D6CF5C09CFD5E327F783FE4DD1
SHA-256:	9044D7F65DAB1D83B38E2563957F75C8CF20518A652069ED4AA0A2750B416DDE
SHA-512:	32E1C2A140C72F4AF3F0F97E9D7030CA1576B1817D14AEEB4957D910D129007F550C84785702CFEDD05D4266E9658B46639709EF566C036D660E6F20B655CC0B
Malicious:	false
Reputation:	unknown
Preview:	........{&..e.....h.....i.....j.....k.....l.....n.....o."...p./...q.5...r.A...s.R...t.[...v.p...w.}...y.....z.....\|.....}.....................................................................................+.....E...........h.................G...................................<.....W.................S.....f.................6.....E.................(.....:.................<.....^...........Q.......................v.......................m.................".......................m...........%.....=.................'.....C.................1.....B.................,.....<.................>.....K.................Q.....b...........#.....U.....b.................N.....Z.................S.....`...........e.................7.......................8.............................l.................+.......................I ..... ..... ..... ....0!.....!.....!.....!....H".....".....".....".....#....F$.....$.....$....^%.....%.....&....>&.....&....D'.....'.....'.....(....j(.....(.....(....$).....).....)

C:\Program Files (x86)\BistroPortal\locales\uk.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	943088
Entropy (8bit):	4.8813924327722695
Encrypted:	false
SSDEEP:
MD5:	4DFE248064586E469D5E802F2176A985
SHA1:	A6AE6E59421FD9C4428303D665C65AC97D0B28FF
SHA-256:	71C9BA90E54C09803DCDA706806E3A32680B47D116C3BA003232AB383BDD03B4
SHA-512:	3F6F2061155D9C0F70E5A37C29706C2F9ADAD098B41CFCF9E307FD99FA36F7D476D6AE669D7DB06213357485DB822BC50F1FD0435D85A51670B2E2540C7FDC5E
Malicious:	false
Reputation:	unknown
Preview:	.........%w.e.....h.....i.....j.....k.....l.....n.#...o.(...p.5...q.;...r.G...s.X...t.a...v.v...w.....y.....z.....\|.....}...............................................................................'.....Q...........w.....:.......................3.......................A.......................\.........................................L...........8.....M.........................................]...........K...........E.....k.......................(.......................3....."...........n...........6...................................N.....o...........n.................~ .....!....\|!.....!....8".....".....#....-#.....#....>$.....$.....$....0%.....%.....%.....&.....&....('....r'.....'.....(....V).....)....!.........3+....w+.....+.....,....o,.....,.....,....k-......................./....N0.....0....=1.....1....>2....r2.....2....F3.....3.....4....74.....5.....5.....6....@6....27.....8.....8.....8.....9....q:.....:....;;.....;....z<.....<.....<....{=.....=....7>....T>....(?.....?....D@

C:\Program Files (x86)\BistroPortal\locales\ur.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	823414
Entropy (8bit):	5.172276750394299
Encrypted:	false
SSDEEP:
MD5:	20370AF851A11AD3BD58CD33035CFEDA
SHA1:	024C466A4E9002311B8A8C498B489AC357AC3C61
SHA-256:	A911541F815F3488E2C6EE3E52ADA2A771BB14237982C84C0CB81DCEE994AFCC
SHA-512:	04F12FC7D040B4CBFCE6B3555D41BA94E8BB1F4A0E305A437785FC220EE1E19C9F65B8BAA028796AE958EDC5545EAC58118F6BE06AB4E455E8F8610DAB21827D
Malicious:	false
Reputation:	unknown
Preview:	........N&&.e.~...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y."...z.1...\|.7...}.I.....Q.....V.....^.....f.....n.....u.....\|.......................................................................D.......................4.................O...........7...........>.....b...........m.................p...........<....._...........k.......................>.............................r...........9...........5.....R.....%..........._...........i.....0.................d.................6...........!.....^.................i.................a...........5 ....S ..... ....r!.....!.....!....t"....."....;#....W#.....#....S$.....$.....$....>%.....%.....&....(&.....&.....'.....(....@(.....(....P).....).....)....F..........*.....+.....+.....,....O,....p,....7-.....-....3.....r....../....s/...../...../.....0.....1....Z1.....1....R2.....2....L3....}3....M4.....5.....5.....5.....6....97.....7.....7.....8....Y9.....9.....9.....:.....:....?;....l;.....<.....<.....<

C:\Program Files (x86)\BistroPortal\locales\vi.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	655895
Entropy (8bit):	5.7878217840814905
Encrypted:	false
SSDEEP:
MD5:	A59DB20DA040A181F48D953D26860967
SHA1:	484431EE751E4C14BFFED15F9E61DE130A69EEF7
SHA-256:	8934B10330C7231022CB9C710EF462AD41427E3D00FDDD4606B663EAE9961ABA
SHA-512:	7C9BE994F5CB86D2BC872DDC80630A3891FE02B36B9482F14EC6F0944B0EEB3670E4724581F946052EA3312B8D7B64CAC30FF43C6A88543008F7094E1401F2A4
Malicious:	false
Reputation:	unknown
Preview:	.........%u.e.....h.....i.....j.....k.....l.(...n.0...o.5...p.B...q.H...r.T...s.e...t.n...v.....w.....y.....z.....\|.....}.....................................................................................F.....e.................;.....W...........k.............................y...........%.......................`.......................U.............................&.....q...........c...........u.........../...................................i...........%.................2...........~...................................,.................6.....G...........'.....c.....t...........r.................<.......................Q.......................f.......................y...........).....;............ ..... .....!.....!.....!....5"....T"....."....)#....S#.....#....J$.....$.....$....I%.....%....E&.....&.....'....x'.....'.....'....](.....(.....)....).....)....$....y.........C+.....+....Y,....m,....2-.....-....0.....j...........S/...../...../.....0....t0.....0.....0....Y1.....1....A2....b2

C:\Program Files (x86)\BistroPortal\locales\zh-CN.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	473849
Entropy (8bit):	6.686931132266331
Encrypted:	false
SSDEEP:
MD5:	A31C3C11CB32F359B3BE69E62A29378D
SHA1:	396FBAD5177F600C228D05A07B47991DC2B34EC5
SHA-256:	473553A9877B1BEB5E07CA2EDCAFDE8260F218A1EF26FFCAFD1BC48F81811257
SHA-512:	E457DE0A1FD9331BC96FFF989D20D0A71094D289C7B68C20813915D479F30A5819ABB213EFAB68829DA8FD2C80D01D727DB07E68BDF6623D29B45420356A14DF
Malicious:	false
Reputation:	unknown
Preview:	.........%..e.x...h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....v.....w.....\|.....}......."..........5.....=.....L.....Q.....Y.....`.....g.....i.....n.....w.......................$.......................U.......................S.......................^.......................b.......................:.............................h.........................................5.......................&.....x.......................d.......................z.......................Y.....s................. .....F.....R.............................y...............................................a.......................F.............................p.................!.......................2.....{.......................W.....\|.................J.....n.................-.....a............................6........................................!.....A................r.................P.......................M ....s ..... ..... .....!....3!....C!.....!.....!....#"....5"....."

C:\Program Files (x86)\BistroPortal\locales\zh-TW.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	471122
Entropy (8bit):	6.697094283435565
Encrypted:	false
SSDEEP:
MD5:	11464F2E3AA0F389FFD34304B0B709BF
SHA1:	BA73E42B74182403FE98C0211A27D8488300D3C4
SHA-256:	CFA8E568E9FFCC04731D42880040D6FEAC75378320FA79B2D982C48C40E5D2B2
SHA-512:	13652EC1A34764C5CE9AFF44A30607B508727A15FC236F32B4E414DEEEF9F81EAA4B3DE4853595151E0B87CE46C2574A7C2A5C407D95CD97960F22D85793580D
Malicious:	false
Reputation:	unknown
Preview:	.........%..e.<...h.D...i.U...j.Y...k.h...l.s...n.{...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....\|.....}......................... .....'...........5.....7.....<.....E.....Q.....`.....o..........._.......................W.......................L.....~.................@.....m.................'.....P.....\.......................&.............................x.......................p.......................X.......................G.......................].......................c.............................a.......................,.....O.....^................./.....;.............................q.......................Y.......................1.......................".............................^.....x.................$.....>.................".....4.......................5.....{.......................6.......................!.....m.................*.......................e.......................w.......................A.............................N ....u ..... ..... ....@!

C:\Program Files (x86)\BistroPortal\resources.pak

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8295458
Entropy (8bit):	7.997373703205281
Encrypted:	true
SSDEEP:
MD5:	5955471C84EAAD269C23F8A22B71F781
SHA1:	D625FB0B12D132FEC9F91CBC7DB54887589F202E
SHA-256:	B8AE091D95E927A75A9B0A367A8EE9BC5FAE0A10427EB77CB3C3460097CD4F5E
SHA-512:	537FA6F414C7759E70AD6E70350571221BA69AFAF89427C7450ACF117E58A97FC7BEB2A1758CF05B2EF76A14AD50E762F01B1C65D1CCBC63E4D714AF445988DF
Malicious:	false
Reputation:	unknown
Preview:	............f..=..{..G..\|.tJ..~..M.....`....^b....X.....j...........a.....s.......................,.....G.....J.....L....1M....SV....iW.....X....LZ....[....b\....._....I.................%.................;.....................?.....?.....?D....?.....?....-?.....?I"../?.1..0?.A..1?5Q..2?.`..3?[p..4?....5?...6?...7?m...8?o...9?n...:?....;?,...<?....=?./..>?7L..??.b..@?.\|..A?...B?....C?x...D?8...E?t...F?x...G?....t@....u@....v@....w@.%..x@/)..y@8...~@.A...@.H...@.L...@jM...AjM...AzQ...A+S...A.W...A.a...A=p...A.....A@....A....Av....A....<A....=A....>AZ...?A....@A....AAl...BAk...CAo...DA&....A.....A.....A.....A\|....A.....A.....AC....A.....A.....A.....A....A.....A:....AW....A.....A.....A.....A.....A.!...A.#...A.&...Ap(...A.....A.5...A.6...AE9...A.A...A.D...A.F...A.G...A.K...A.M...A.Q...A3T...B\....B....B.....B.....B.....BI....B.....B\|...,B...-B.....B....D~....D.....D....D....D....D....D.....DI....DH...zIq....I.....I.....I.....I.....I.....I~....I.....I.....IR....I.....I.....I/.

C:\Program Files (x86)\BistroPortal\snapshot_blob.bin

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	314276
Entropy (8bit):	4.2132726447817275
Encrypted:	false
SSDEEP:
MD5:	CBA13F0A5EBE5D2D19F719E6852FCBDA
SHA1:	19F403863A8B9E39E04B9FE06C4056F1EB6C6354
SHA-256:	E5DA22C6DEA005A05919E5E9486E3A773A410D1BFC298140D896C661A1D5CAC0
SHA-512:	8837E8102FB77479A76EE3222ADC15514844FD35EB53E83A1A3BF41F16844E2CEC90579B9AA268F856AEECCED068970CCC5A0D27D7A9118A708AAD61BEA48820
Malicious:	false
Reputation:	unknown
Preview:	...........I[...12.3.219.10.....................................................xL..........%....L..`....`....`2...`b...`....`............B..............b........."..............B..............b...(Jb...+L.....@..F^.=..A.`.....(Jb.../P.....@..F^..`.....H...IDa........Db............D`.....9.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.....................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\v8_context_snapshot.bin

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	682739
Entropy (8bit):	5.139555956588132
Encrypted:	false
SSDEEP:
MD5:	E41092148E381DC2DE6E2A82DF54F857
SHA1:	4ECC22A7461367B411191C2D71624453C1EF8149
SHA-256:	EC605373BF61F9876012C5816A36B853E404DD7D2508F469599F8B499EC6A9B8
SHA-512:	4C07CCCCFFD794F3B829A24AB38BFC55CB03A248AB4AD2B3EE1539E0422318388EB8F3AC91443E490941C4BD2A2F122088467FD9E0E238C7CF3CEEE85B8F6220
Malicious:	false
Reputation:	unknown
Preview:	...........T%D12.3.219.10.....................................................@...[.........._...%.......`....`....`....`b...`....`............B..............b........."..............B..............b...(Jb...+L.....@..F^.=..A.`.....(Jb.../P.....@..F^..`.....H...IDa........Db............D`.....9.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.............................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\vk_swiftshader.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4533248
Entropy (8bit):	6.661563379540429
Encrypted:	false
SSDEEP:
MD5:	8ACDBC4BDD49F2E839CB7E762653FC49
SHA1:	18332F2CF72A9630174325737B0C11BA119A8C3D
SHA-256:	B9B1B23598210E2079FD49C0F0E7E046806B5440F4887113E0B77FC2803E0EC8
SHA-512:	1995E5A1CA590CA46CDEEFCD697C75ED5652EB3D8475F3D1DAF371C3EFEFE444527990FC17714648EBD4A96CD608D6E1A3EFF01BE1B9A9D16C824EC80F90E8BD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......e.........."!.....87.........`\2......................................@F...........@A.........................aA......A.P....0D......................@D. ....5A......................4A......P7.............T.A..............................text...067......87................. ..`.rdata...q...P7..r...<7.............@..@.data....N....A..x....A.............@....tls....5.... D......&C.............@....rsrc........0D......(C.............@..@.reloc.. ....@D.......C.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\BistroPortal\vulkan-1.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	830976
Entropy (8bit):	6.813774756640116
Encrypted:	false
SSDEEP:
MD5:	05729E4E09E0BAE966794B205C5DDBD0
SHA1:	20BD0602CA2731C800C07A176F65137E41E57F37
SHA-256:	0794B747F2C1FE1A70F7EE7B2BDB8009070C94B8E48E9DC32BE5326286BAC14E
SHA-512:	E31D11C325DDAB258C5960E121ED709399D0569E3278A0A263AC7A6C5680466799D1089BA5276682D2D09A0ED9676E4E2FC6275F47AA199C0604567BE87B3E4F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......e.........."!.........(.......(....................................... ............@A........................T...<!......P...........................................................P.......................................................text............................... ..`.rdata.............................@..@.data...l6...0......................@....tls.........p.......&..............@....rsrc................(..............@..@.reloc...............,..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BistroPortal\Amadeus Bistro Portal.lnk

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Apr 17 11:01:44 2024, mtime=Thu Apr 25 06:11:48 2024, atime=Wed Apr 17 11:01:44 2024, length=7439408, window=hidenormal
Category:	dropped
Size (bytes):	2087
Entropy (8bit):	3.629788894362065
Encrypted:	false
SSDEEP:
MD5:	9961D705A1DB67AA331D88B9660C7988
SHA1:	97F7CC4BCAA4F0064BE39B049E5683988BA51693
SHA-256:	E3145B5F77A85382C386F6D5E849C0FD0A0A8A08400676B004508AE35DC3713B
SHA-512:	5B52CE005984AB46373538AD914DFCE22677D157B1FDEBDF572B2AAD82DDDC791527C00DFB90E1096D1AA3522A0621AB4DA28E7854135D49359EAFA1036A41BD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. .........................0.q..........................P.O. .:i.....+00.../C:\.....................1......Xu9..PROGRA~2.........O.I.Xu9....................V......n..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....b.1......Xy9..BISTRO~1..J......Xu9.Xy9....(.....................1...B.i.s.t.r.o.P.o.r.t.a.l.....b.2.0.q..X6` .BPortal.exe.H......X6`.Xu9....).........................B.P.o.r.t.a.l...e.x.e.......^...............-.......]............Z......C:\Program Files (x86)\BistroPortal\BPortal.exe..7.A.m.a.d.e.u.s. .L.e.i.s.u.r.e. .I.T. .G.m.b.H.s. .A.m.a.d.e.u.s. .B.i.s.t.r.o. .P.o.r.t.a.l. .s.t.a.r.t.e.n...>.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.i.s.t.r.o.P.o.r.t.a.l.\.B.P.o.r.t.a.l...e.x.e.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.i.s.t.r.o.P.o.r.t.a.l.\.F.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.3.B.C.9.E.F.4.-.5.C.6.C.-.4.9.2.0.-.A.1.5.1.-.2.4.C.B.A.A.B.A.0.2.5.A.}.\

C:\Users\Public\Desktop\Amadeus Bistro Portal.lnk

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Apr 17 11:01:44 2024, mtime=Thu Apr 25 06:11:40 2024, atime=Wed Apr 17 11:01:44 2024, length=7439408, window=hidenormal
Category:	dropped
Size (bytes):	2069
Entropy (8bit):	3.626374500347329
Encrypted:	false
SSDEEP:
MD5:	954DADBC2931251346416891AA40C210
SHA1:	30DD57311593CAC1C1F246958CAF4708444157B5
SHA-256:	F25B96612E5B1F110896F9C4BE8883410C097AB670A53AC405FF3BFDBAD02EB5
SHA-512:	6991FC4EF20E0BA3D96ED99C6BC0DB943E2C9F0AA88CFBA5F990FAC12D096189FF11AE47383C35F2F0001F8A36A7257FE79A8565EEB233F89DACB98A2B522414
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...........hZ.............0.q..........................P.O. .:i.....+00.../C:\.....................1......Xu9..PROGRA~2.........O.I.Xu9....................V......n..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....b.1......Xy9..BISTRO~1..J......Xu9.Xy9....(......................?..B.i.s.t.r.o.P.o.r.t.a.l.....b.2.0.q..X6` .BPortal.exe.H......X6`.Xu9....).........................B.P.o.r.t.a.l...e.x.e.......^...............-.......]............Z......C:\Program Files (x86)\BistroPortal\BPortal.exe..7.A.m.a.d.e.u.s. .L.e.i.s.u.r.e. .I.T. .G.m.b.H.s. .A.m.a.d.e.u.s. .B.i.s.t.r.o. .P.o.r.t.a.l. .s.t.a.r.t.e.n...5.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.i.s.t.r.o.P.o.r.t.a.l.\.B.P.o.r.t.a.l...e.x.e.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.i.s.t.r.o.P.o.r.t.a.l.\.F.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.3.B.C.9.E.F.4.-.5.C.6.C.-.4.9.2.0.-.A.1.5.1.-.2.4.C.B.A.A.B.A.0.2.5.A.}.\.B.i.s.t.r.o.I.c.o

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9893635497759967
Encrypted:	false
SSDEEP:
MD5:	50CAA3D73F39D65220D21576461B82AA
SHA1:	5A763CD7E277685012CF38B210CD61C73A5C8D57
SHA-256:	323B8F051EACDD8EBECF634747E24564F43984B487851CC17195B080E93B0E71
SHA-512:	DEDF1C4CC9843A9A94E3F3E62230554D1830B7B5236EFB430EE2CC8F088CAAF77E216EE773F16E2B0677154435E01FA36FD0374155A14F0E0587A59BBE212422
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,..... .....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X49....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X@9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.005403580279208
Encrypted:	false
SSDEEP:
MD5:	DFF6B1745AC522E94F6AA687CA0F9A01
SHA1:	28711D0D84C9B7B9B203CEE00069E6E53548EA67
SHA-256:	C57B48BBAAEB68DB8EB44646F9B1F8151D6D7C5F664699206B3B66B3C764A7E4
SHA-512:	7B08A7570DA536FC503431FE45DE4F59BC79D8F2563A9894101E22B6CD8A2E4B3F575F47C81E879A908439C7C896B2F81F6827BD729F7472BC8309A501C2F69E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....b......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X49....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X@9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011035180845432
Encrypted:	false
SSDEEP:
MD5:	78DCBA59DDDAA206FC67FD0D91F51AE9
SHA1:	3FCB6B7DB3DD993D46619FC0BF3929816204FAC2
SHA-256:	26893A017900E965D85A13F5B24AF59E7C00A50D19B86FC32C3EB6328A2FD6C2
SHA-512:	64D5FC781FA2B64084450F90D529580E17DC04C3AC785FF205041EE49FF9C0228590582F9C5DC5F2E142F396C08EC1095318F9CA0DC7BAB057C7A74EC729D8C7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X49....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.004005528673931
Encrypted:	false
SSDEEP:
MD5:	13E3B33A7A1A34EDD932329455BAD450
SHA1:	DE122D54FC8D33F0CA09A85083E6A2C2440C6637
SHA-256:	0BB66EBAB924163A2DE4BB50CDC05DFB5D57CFF02B5D928BB54FE827A7878255
SHA-512:	07A7596A0795F0D4AC8506DFABFE992CB56BAC168B2435A9FFE4BDD74B125B40DD2CD1F891209C69385A84ED1B2AF2BEBFFEB4AD6F29145B039CFE9706877BB6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....X.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X49....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X@9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9922414284624
Encrypted:	false
SSDEEP:
MD5:	17B974A838EBC7277241266BFEB34752
SHA1:	5C2A34A1F6E544975D2FFCAB65E9DF851519605F
SHA-256:	CA5017CE86DC182A61F37E0AF78BE09F5861DB3906DD77C8D84F7154E4453721
SHA-512:	2D100D699BCB5FE9E1F07D2606031C32CD82C1201428BB65C9640B562D8494AF582CB9267BE3471D6A52EE219E10978D4E7417C6D917163F09D13B10E0A8425E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X49....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X@9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 06:09:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.000243250166988
Encrypted:	false
SSDEEP:
MD5:	523D37907AAB2A05342313BE2021F2A7
SHA1:	9EB529DD0197900031C4563D6A28740F2405EF00
SHA-256:	CEFFD3FEE5E59AEA3E11811349B2165D9ADFBAC391C766B68F3C88BA1A59C470
SHA-512:	A577B91E7D56C7DB47FEF0E70144D5C50E13241CAD0370113C7861D7E545D9E575E30E5489154C9056473F54056ACE13CB062EE2DD39ABB1F3137A18D71CACA0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....m.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X49....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X@9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\BistroPortal_9.10.102_setup_de.msi (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Amadeus Bistro Portal, Author: Amadeus Leisure IT GmbH, Keywords: Installer, Comments: This installer database contains the logic and data required to install Amadeus Bistro Portal., Template: Intel;1031, Revision Number: {7DE516CC-454E-46AF-B433-9115142FC1B5}, Create Time/Date: Thu Apr 18 09:32:18 2024, Last Saved Time/Date: Thu Apr 18 09:32:18 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	FDBC4B17C9AB9E4A817383A7F6AECCD3
SHA1:	3E0BA6D95DCCBB2E545F38F04325AB889AEE06C4
SHA-256:	2D501E35F33C6F288535F3551E73AE94752502AEF678C92620D0225713E5B291
SHA-512:	71D26072D7343989AB3964D7550CB9A3B999F1587D704D6C0BB83A72831145984AE53D046900F0D77DA0CED9651E7F1EE08CDE418D496D5239152E705AC389A1
Malicious:	false
Reputation:	unknown
Preview:	......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X...\...`..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\Unconfirmed 365049.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Amadeus Bistro Portal, Author: Amadeus Leisure IT GmbH, Keywords: Installer, Comments: This installer database contains the logic and data required to install Amadeus Bistro Portal., Template: Intel;1031, Revision Number: {7DE516CC-454E-46AF-B433-9115142FC1B5}, Create Time/Date: Thu Apr 18 09:32:18 2024, Last Saved Time/Date: Thu Apr 18 09:32:18 2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Category:	dropped
Size (bytes):	103907328
Entropy (8bit):	7.996202747001674
Encrypted:	true
SSDEEP:
MD5:	FDBC4B17C9AB9E4A817383A7F6AECCD3
SHA1:	3E0BA6D95DCCBB2E545F38F04325AB889AEE06C4
SHA-256:	2D501E35F33C6F288535F3551E73AE94752502AEF678C92620D0225713E5B291
SHA-512:	71D26072D7343989AB3964D7550CB9A3B999F1587D704D6C0BB83A72831145984AE53D046900F0D77DA0CED9651E7F1EE08CDE418D496D5239152E705AC389A1
Malicious:	false
Reputation:	unknown
Preview:	......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X...\...`..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\e7b29052-a764-44ea-82c4-1af9067154bd.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Composite Document File V2 Document, Can't read SAT
Category:	dropped
Size (bytes):	47942
Entropy (8bit):	6.704152646960082
Encrypted:	false
SSDEEP:
MD5:	E7A7BEFF3532B2972B17C9FB9BD22D76
SHA1:	74DF82A47EC441BD70535BCBFD6A36987C3F3571
SHA-256:	F0EF0D400CFC99B37B4E3CA7139E20A7DCB8A807CC0B01866D5F855F151D5AB9
SHA-512:	A1A66B83E26EF9613006C12AFDF130E596751B69B2D901F826D6D2A8E07ED14BA3067270E2EDD421F092F3939ACCAA1427B5FE587958939EBB42B66EF79C5F5E
Malicious:	false
Reputation:	unknown
Preview:	......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X...\...`..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI27EA.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	216496
Entropy (8bit):	6.646208142644182
Encrypted:	false
SSDEEP:
MD5:	A3AE5D86ECF38DB9427359EA37A5F646
SHA1:	EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
SHA-256:	C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
SHA-512:	96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIFDAA.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	262312
Entropy (8bit):	6.697264326485395
Encrypted:	false
SSDEEP:
MD5:	D7D2901C600626B8272DFF9EB422CD12
SHA1:	58BF2760E863E38F13A61A42EC962688ED44F566
SHA-256:	22EA9DAFEA41435EA8EA5C08FD611296F400E8959264A835C063D221B8679E6B
SHA-512:	FFB0ACE3B0E166E019B3060C5DD81E361E57F0CFD10827077738FB97C6220F9A91946FF5B5AB625D76B931121D48468D0E8280D7DBFB72AF95200B464EE637CA
Malicious:	false
Reputation:	unknown
Preview:	...@IXOS.@.....@uI.X.@.....@.....@.....@.....@.....@......&.{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}..Amadeus Bistro Portal".BistroPortal_9.10.102_setup_de.msi.@.....@f....@.....@......BistroIcon..&.{7DE516CC-454E-46AF-B433-9115142FC1B5}.....@.....@.....@.....@.......@.....@.....@.......@......Amadeus Bistro Portal......Rollback$.R.o.l.l.b.a.c.k. .f...r. .A.k.t.i.o.n. .w.i.r.d. .a.u.s.g.e.f...h.r.t.:...[1]..RollbackCleanup!.Sicherungsdateien werden entfernt..Datei: [1]...@.......@........ProcessComponents*.Komponentenregistrierung wird aktualisiert...@:....@.....@.]....&.{090A79DC-AF6D-4DCD-9E92-FC2DD850A4C8}/.C:\Program Files (x86)\BistroPortal\BPortal.exe.@.......@.....@.....@......&.{9C6EDE0A-0D88-4FA3-BB23-76937706E827}:.C:\Program Files (x86)\BistroPortal\chrome_100_percent.pak.@.......@.....@.....@......&.{B66B66F1-C77B-4BB1-811F-6706942BC69D}2.01:\Software\Amadeus Leisure IT GmbH\BistroPortal\.@.......@.....@.....@......&.{A210D754-E792-5042-9E24-73DB0FA1E5A2}2.C:\Program Files (x

C:\Windows\Installer\SourceHash{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1750688931498123
Encrypted:	false
SSDEEP:
MD5:	168FB59428DACAACFD9665E6386354AD
SHA1:	4BC00D33FBA22D6527D1468C78BB103FE326C1D8
SHA-256:	A38330CCC5EF2DF79ABD5249E53574EDE84B9D74BD46015EAE8F409DCD01AC58
SHA-512:	26614E690CEB1121BE520F3626E75F7FFE2CC637A90A7B8ADB3EE916C31C8BC056A174B78786828DAD82E765ED6F99F0103295493F8333894E2412CBDB7FDB5C
Malicious:	false
Reputation:	unknown
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\{E3BC9EF4-5C6C-4920-A151-24CBAABA025A}\BistroIcon

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 5 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
Category:	dropped
Size (bytes):	24302
Entropy (8bit):	6.233079555263414
Encrypted:	false
SSDEEP:
MD5:	F57B6A07EC5436F86104B2D57F106B12
SHA1:	3D526286F864D070B5AFDDBA1F527117DAD9B40B
SHA-256:	B859A888E39D05F919F2AA207573E6F1AF07F14986C9613972CF66E18BF8610A
SHA-512:	06EE5DE57E2AA49F81C98FBB6B75F7341C752F9334C02831C3D4B3597A12C396904AACC2BA7525F2963E409605F23FCB89C31A3A7480DB4B62932E55BAB6DDA1
Malicious:	false
Reputation:	unknown
Preview:	..............h...V... ..............00..........f...@@......(............. ..+..63..(....... ................................^...`...`...b...g...i...j...n...}1..~3..8..9..7..P..k..p..k..r..u..v..u..~....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	454234
Entropy (8bit):	5.356173806951392
Encrypted:	false
SSDEEP:
MD5:	2CA1831D4B57A9DE3C1A684145EB0C48
SHA1:	4DB1EFB816907C6954A71D96AFEA8EDA512CE829
SHA-256:	5DEDB9D3FABB9A07C6295EA1ACD1730335CEDEA772BFA44717BCA7359E541983
SHA-512:	C2EE629A13C652A4872EB2D747554EA868ECB1273D7BCD4A5ECA6849D0B11F81559977797D9C6700B2A7A4E7938B7E8F318B279F6B4DD953898D11AD80E16D3F
Malicious:	false
Reputation:	unknown
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF2F8BE6BDDAAD0D12.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Reputation:	unknown
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF425179CC499F46DB.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07918479107267518
Encrypted:	false
SSDEEP:
MD5:	33095FF492614AABC8056FD7F431915C
SHA1:	80A1DD7E6CC439141A3164A2116493904647668F
SHA-256:	974557A1F5E6620F5EE50EFE538CA38E65E5EA51F4F786E1C7CB05C4FD524486
SHA-512:	B86845123F126BD2CF550C3F7174003ABFE5351EE8023D205162C73A9291738D90EB2508A51BD3485B16A099F3201F1D6CB94998ABDC951D8251B6A3360AB624
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF589E67984BA26261.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.14886267819942273
Encrypted:	false
SSDEEP:
MD5:	73EB42659EB2ED169CD7D5525C5812BE
SHA1:	FA396BA6A4CE31A5765BEE604B2A3FA7544C42E7
SHA-256:	A24A313EABE6DDB1A6089A0D9F604DC2E949933EC2EA39BE01B3962648D2E2E4
SHA-512:	9F773AE9938A0946A5B7AE50A8A7BE3A558AAC3EB65D11D72C418C08815D366BA1FAFB0FA1030A4EEB954F7C9A369D67C60EC23E3A9C02E7125462FFE4035728
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF7FFB6D8BB0475148.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2764586799648674
Encrypted:	false
SSDEEP:
MD5:	5E29B5186352D3EB33417753BE5D2AC9
SHA1:	3E102C0AB27618030FF3BB852DEF2777D7E645F7
SHA-256:	344BA8C2807AD764CD5F564A6CFDC9D90AC42AC744ABAE02C6615C63A79EEF11
SHA-512:	93490EB8A0DE9DA05B344398F2B35A3B0AF94824561B7853A5F853D9E23FC03BEA8E581F251D4238A6A9CB460377F7C786F75753F0A227B9DE578F1AA497C835
Malicious:	false
Reputation:	unknown
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF937DDAE1C8A256A4.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.596052621338984
Encrypted:	false
SSDEEP:
MD5:	20EFD6A9C83EF63677075C973DDF485E
SHA1:	9254FEB91449FE25FCE93824266DCE7B1539CDCE
SHA-256:	852A1EDD87423A6B41D9BAA549BD54E51E7068D0E977FCC255DE0AE7018958DB
SHA-512:	B531F4A3EF0B169550033A6EE1034B72E52994AF60DB2648EE74B010879BA8C9F6A7152D3DD924CEB2814BA24B94DB9138A84DC7B0687F8A0805DE4A9511202A
Malicious:	false
Reputation:	unknown
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

⊘No static file info

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Config.Msi\52f118.rbs

C:\Program Files (x86)\BistroPortal\BPortal.exe

C:\Program Files (x86)\BistroPortal\BPortalWebUi.exe

C:\Program Files (x86)\BistroPortal\chrome_100_percent.pak

C:\Program Files (x86)\BistroPortal\chrome_200_percent.pak

C:\Program Files (x86)\BistroPortal\chrome_elf.dll

C:\Program Files (x86)\BistroPortal\d3dcompiler_47.dll

C:\Program Files (x86)\BistroPortal\icudtl.dat

C:\Program Files (x86)\BistroPortal\libEGL.dll

C:\Program Files (x86)\BistroPortal\libGLESv2.dll

C:\Program Files (x86)\BistroPortal\libcef.dll

C:\Program Files (x86)\BistroPortal\locales\af.pak

C:\Program Files (x86)\BistroPortal\locales\am.pak

C:\Program Files (x86)\BistroPortal\locales\ar.pak

C:\Program Files (x86)\BistroPortal\locales\bg.pak

C:\Program Files (x86)\BistroPortal\locales\bn.pak

C:\Program Files (x86)\BistroPortal\locales\ca.pak

C:\Program Files (x86)\BistroPortal\locales\cs.pak

C:\Program Files (x86)\BistroPortal\locales\da.pak

C:\Program Files (x86)\BistroPortal\locales\de.pak

C:\Program Files (x86)\BistroPortal\locales\el.pak

C:\Program Files (x86)\BistroPortal\locales\en-GB.pak

C:\Program Files (x86)\BistroPortal\locales\en-US.pak

C:\Program Files (x86)\BistroPortal\locales\es-419.pak

C:\Program Files (x86)\BistroPortal\locales\es.pak

C:\Program Files (x86)\BistroPortal\locales\et.pak

C:\Program Files (x86)\BistroPortal\locales\fa.pak

C:\Program Files (x86)\BistroPortal\locales\fi.pak

C:\Program Files (x86)\BistroPortal\locales\fil.pak

C:\Program Files (x86)\BistroPortal\locales\fr.pak

C:\Program Files (x86)\BistroPortal\locales\gu.pak

C:\Program Files (x86)\BistroPortal\locales\he.pak

C:\Program Files (x86)\BistroPortal\locales\hi.pak

C:\Program Files (x86)\BistroPortal\locales\hr.pak

C:\Program Files (x86)\BistroPortal\locales\hu.pak

Windows Analysis Report
https://bpupdate.amadeus-leisure-it.com/9.10.102/BistroPortal_9.10.102_setup_de.msi