Analysis Report CID_x64.msi
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice |
---|
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Key opened: |
Source: | Binary or memory string: |
Source: | Static file information: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry key monitored for changes: |
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: |
Source: | Key value queried: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Replication Through Removable Media1 | Windows Management Instrumentation | DLL Side-Loading1 | Process Injection2 | Process Injection2 | OS Credential Dumping | Query Registry1 | Replication Through Removable Media1 | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | DLL Side-Loading1 | LSASS Memory | Process Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Peripheral Device Discovery11 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Information Discovery13 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse | ||
2% | ReversingLabs |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 324348 |
Start date: | 29.11.2020 |
Start time: | 12:21:44 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | CID_x64.msi |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean3.winMSI@3/4@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 117 |
Entropy (8bit): | 4.772296691735276 |
Encrypted: | false |
SSDEEP: | 3:vFWWMNHUz/cIMOoT02V7VKXRAmIRMNHjKboe+RAW4QIMOov:TMV0kI002V7VQ7V2boeuAW4QIm |
MD5: | 3C3D11B78E4C077C083F0B6B527D146E |
SHA1: | C210C08BB3BDA4D775AA4F23BD177DBEF0BC1378 |
SHA-256: | 55DB6CC3FCF27F20362198F28B652889F7808FFA206E2140D3F3AB3ECE879EB9 |
SHA-512: | 03A2F82C58A640314D90070375D6AD6193E705AC63E3463511EBDDE5B727463BBD3D98C9E163A6A21C76A723E28DC9B8D94574DC2D2ECFC8CDB18CB9188C27AF |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\SysWOW64\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 117 |
Entropy (8bit): | 4.772296691735276 |
Encrypted: | false |
SSDEEP: | 3:vFWWMNHUz/cIMOoT02V7VKXRAmIRMNHjKboe+RAW4QIMOov:TMV0kI002V7VQ7V2boeuAW4QIm |
MD5: | 3C3D11B78E4C077C083F0B6B527D146E |
SHA1: | C210C08BB3BDA4D775AA4F23BD177DBEF0BC1378 |
SHA-256: | 55DB6CC3FCF27F20362198F28B652889F7808FFA206E2140D3F3AB3ECE879EB9 |
SHA-512: | 03A2F82C58A640314D90070375D6AD6193E705AC63E3463511EBDDE5B727463BBD3D98C9E163A6A21C76A723E28DC9B8D94574DC2D2ECFC8CDB18CB9188C27AF |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 236872 |
Entropy (8bit): | 6.42500790517661 |
Encrypted: | false |
SSDEEP: | 3072:Z7PyQaeLAxV9EcU95qWCn7B1kkJQGGhKTWAvdEhMqmc1wtI6M/CoKpixBrnQYaeW:8n3Nn7ByILdEODlcOnlpOuodL+8Y |
MD5: | 0A2626FC9E4E0CA18386C029E9EFFFD9 |
SHA1: | AC5576497AFAC2456F485CDB14BF52D895769651 |
SHA-256: | 97A55524E0BF06419143B1B71778C0EC867716079AB477E8404A0F3125DA7DC3 |
SHA-512: | 40B25E507E64B5634E13E83D4BC420196B1294D533E60B01DAE8898A8EED939417AEC8341B409F59A722D14FB63884C24C5A31985DA63933B761F1FC3ACB24DA |
Malicious: | false |
Antivirus: | |
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 236872 |
Entropy (8bit): | 6.42500790517661 |
Encrypted: | false |
SSDEEP: | 3072:Z7PyQaeLAxV9EcU95qWCn7B1kkJQGGhKTWAvdEhMqmc1wtI6M/CoKpixBrnQYaeW:8n3Nn7ByILdEODlcOnlpOuodL+8Y |
MD5: | 0A2626FC9E4E0CA18386C029E9EFFFD9 |
SHA1: | AC5576497AFAC2456F485CDB14BF52D895769651 |
SHA-256: | 97A55524E0BF06419143B1B71778C0EC867716079AB477E8404A0F3125DA7DC3 |
SHA-512: | 40B25E507E64B5634E13E83D4BC420196B1294D533E60B01DAE8898A8EED939417AEC8341B409F59A722D14FB63884C24C5A31985DA63933B761F1FC3ACB24DA |
Malicious: | false |
Antivirus: | |
Joe Sandbox View: |
|
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.791882250085863 |
TrID: |
|
File name: | CID_x64.msi |
File size: | 2429952 |
MD5: | 8c6536b9cb8544f82f24010596e59eeb |
SHA1: | 5a550a562ca964a8d29bdf0256f08276d9f65d6e |
SHA256: | 4faf7350538d1c24997871634ecc9b99b51ad69341af0710f6eeeb2796ec2529 |
SHA512: | f98775688e402b83bd0b9eeb53521cbcdcb614d662c578a61b99fa4b926f6c925a52cc936b8652dd995d2504941a8104a494c33ba642765d6c5f48dfd9c44103 |
SSDEEP: | 49152:Y163Nn7BxwutBUrCA7qiNGk3u0HPYaJ6RxlWWK9bBTIQrCA7qiNGk3u0HXGn4rCY:Pdn7Bxwu8rCsGqHPYAcxghBhrCsGqH5L |
File Content Preview: | ........................>...................&...............8...................e...f...g...h...........[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...{.............................. |
File Icon |
---|
Icon Hash: | a2a0b496b2caca72 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
Authenticode Signature |
---|
Signature Valid: | true |
Signature Issuer: | CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 2ACE4A9B419194C685C3E4EAC8705A05 |
Thumbprint SHA-1: | 480B2FFCB5C94B0D92740AB9880F610CA87E11BE |
Thumbprint SHA-256: | FD01E3DABB5F2C95F74976F26BF32CD49FC4378BE49DAF50C3381CB90FFFA9BB |
Serial: | 24F1C5406329D5E76175936D |
OLE File "CID_x64.msi" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Windows Installer |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Summary | |
---|---|
Code Page: | 1252 |
Title: | |
Subject: | |
Author: | |
Keywords: | |
Comments: | |
Template: | |
Revion Number: | {ED3668BC-F332-48C8-A8C2-23BD2F353508} |
Last Printed: | 2020-10-07 05:41:24.343000 |
Create Time: | 1999-06-21 07:00:00 |
Last Saved Time: | 2020-10-07 05:41:24.343000 |
Number of Pages: | 200 |
Number of Words: | 2 |
Creating Application: | |
Security: | 1 |
Streams |
---|
Stream Path: \x5DigitalSignature, File Type: data, Stream Size: 6655 |
---|
General | |
---|---|
Stream Path: | \x5DigitalSignature |
File Type: | data |
Stream Size: | 6655 |
Entropy: | 7.36955217941 |
Base64 Encoded: | True |
Data ASCII: | 0 . . . . . * . H . . . . . . . . . . 0 . . . . . . 1 . 0 . . . + . . . . . . 0 g . . + . . . . . 7 . . . . Y 0 W 0 2 . . + . . . . . 7 . . . 0 $ . . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . 0 ! 0 . . . + . . . . . . . . 6 q R r ` C . Y . y . . . < | . d Z . . . . . . 0 . . . 0 . . . . . . . . . . H . j . . B L . . . . . . . 0 . . . * . H . . . . . . . . 0 L 1 0 . . . U . . . . G l o b a l S i g n R o o t C A - R 3 1 . 0 . . . U . . . . G l o b a l S i g n 1 . 0 . . . U |
Data Raw: | 30 82 19 fb 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 19 ec 30 82 19 e8 02 01 01 31 0b 30 09 06 05 2b 0e 03 02 1a 05 00 30 67 06 0a 2b 06 01 04 01 82 37 02 01 04 a0 59 30 57 30 32 06 0a 2b 06 01 04 01 82 37 02 01 1e 30 24 02 01 02 04 10 f1 10 0c 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 01 00 02 01 00 02 01 00 02 01 00 02 01 00 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 36 71 52 72 |
Stream Path: \x5MsiDigitalSignatureEx, File Type: data, Stream Size: 20 |
---|
General | |
---|---|
Stream Path: | \x5MsiDigitalSignatureEx |
File Type: | data |
Stream Size: | 20 |
Entropy: | 4.32192809489 |
Base64 Encoded: | False |
Data ASCII: | . t p . . . . . 3 . . . _ . . : W b < . |
Data Raw: | 19 74 70 e8 e9 a0 e5 c6 33 a7 ab bb 5f e2 9a 3a 57 62 3c 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 420 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 420 |
Entropy: | 3.9312803785 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . < . . . . . . . H . . . . . . . T . . . . . . . \\ . . . . . . . h . . . @ . . . . . . . . . . . . . . . . . . . W i n d o w s I n s t a l l e r . . . . . . . . . . . . . . . . . . . . . . . . . . . x 6 4 ; 1 0 3 3 . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 74 01 00 00 0f 00 00 00 0c 00 00 00 80 00 00 00 12 00 00 00 8c 00 00 00 13 00 00 00 a8 00 00 00 01 00 00 00 b0 00 00 00 07 00 00 00 b8 00 00 00 0e 00 00 00 cc 00 00 00 09 00 00 00 d4 00 00 00 02 00 00 00 04 01 00 00 03 00 00 00 10 01 00 00 |
General | |
---|---|
Stream Path: | \x15295\x15047\x14734\x14471\x15049\x14988\x15119\x14470\x15109\x14464\x15181\x14404\x15301\x15113\x14468\x15108\x18444 |
File Type: | Microsoft Cabinet archive data, 1966548 bytes, 5 files |
Stream Size: | 1966548 |
Entropy: | 7.99876848548 |
Base64 Encoded: | True |
Data ASCII: | M S C F . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . > . . . . . . . . . . . . . . . } . . . . . . . . O . . . . . . . [ . . . . . . . . G Q @ Y . . _ 5 8 D 6 4 B 7 3 A C B 7 4 9 E D 8 D 4 3 4 F 8 E B E E F 7 A 4 5 . ; . . . . . . . . . G Q k Y . . _ 7 3 2 C F 1 9 C 6 1 4 A 4 3 5 6 9 C E 4 6 A C 4 C A A 4 3 A 5 8 . . . . . ; . . . . . G Q k Y . . _ C B C 9 3 D 7 2 4 8 3 B 4 1 9 8 8 5 7 D C E 4 A C D 8 C 6 6 7 A . . . . . . . . . . . G Q k Y . . _ D 7 8 6 6 8 2 7 2 0 0 4 4 C 2 C A 6 9 D E |
Data Raw: | 4d 53 43 46 00 00 00 00 d4 01 1e 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 04 00 05 00 00 00 00 00 00 00 3e 01 00 00 1d 00 01 00 0b b2 07 00 1c 00 01 00 7d 01 0f 00 1c 00 01 00 fa 4f 16 00 1d 00 01 00 f0 5b 0e 00 00 00 00 00 00 00 47 51 40 59 00 00 5f 35 38 44 36 34 42 37 33 41 43 42 37 34 39 45 44 38 44 34 33 34 46 38 45 42 45 45 46 37 41 34 35 00 3b 01 00 00 00 00 00 00 01 00 |
Stream Path: \x17163\x16689\x18229\x15230\x17000\x16651\x17521\x17768\x17163\x17463\x17636, File Type: PC bitmap, Windows 3.x format, 500 x 70 x 24, Stream Size: 105056 |
---|
General | |
---|---|
Stream Path: | \x17163\x16689\x18229\x15230\x17000\x16651\x17521\x17768\x17163\x17463\x17636 |
File Type: | PC bitmap, Windows 3.x format, 500 x 70 x 24 |
Stream Size: | 105056 |
Entropy: | 0.48937496512 |
Base64 Encoded: | False |
Data ASCII: | B M ` . . . . . . . 6 . . . ( . . . . . . . F . . . . . . . . . . . * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 42 4d 60 9a 01 00 00 00 00 00 36 00 00 00 28 00 00 00 f4 01 00 00 46 00 00 00 01 00 18 00 00 00 00 00 2a 9a 01 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |
Stream Path: \x17163\x16689\x18229\x15806\x16348\x15179\x15129\x15178\x15701, File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Stream Size: 236872 |
---|
General | |
---|---|
Stream Path: | \x17163\x16689\x18229\x15806\x16348\x15179\x15129\x15178\x15701 |
File Type: | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
Stream Size: | 236872 |
Entropy: | 6.42500790518 |
Base64 Encoded: | True |
Data ASCII: | M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . S / . . . N . . . N . . . N . . 0 . . . . N . . p 8 E . . N . . . 6 l . . N . . x 8 D . + N . . x 8 q . . N . . x 8 E . . N . . . 6 | . . N . . . N . . F O . . p 8 D . . N . . p 8 t . . N . . p 8 u . . N . . p 8 r . . N . . R i c h . N . . . . . . . . . . |
Data Raw: | 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |
Stream Path: \x17163\x16689\x18229\x15870\x18088\x17359\x17767\x17867\x18481, File Type: MS Windows icon resource - 1 icon, 16x16, 16 colors, Stream Size: 318 |
---|
General | |
---|---|
Stream Path: | \x17163\x16689\x18229\x15870\x18088\x17359\x17767\x17867\x18481 |
File Type: | MS Windows icon resource - 1 icon, 16x16, 16 colors |
Stream Size: | 318 |
Entropy: | 2.67842013261 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { { { { { . . . . . . . . . . . { { { { { . . . . . . . . . . . { { { { { . . . . . . . . . . . p { { { { . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00 |
Stream Path: \x17163\x16689\x18229\x16318\x15347\x16879\x15093\x17527, File Type: MS Windows icon resource - 1 icon, 16x16, 16 colors, Stream Size: 318 |
---|
General | |
---|---|
Stream Path: | \x17163\x16689\x18229\x16318\x15347\x16879\x15093\x17527 |
File Type: | MS Windows icon resource - 1 icon, 16x16, 16 colors |
Stream Size: | 318 |
Entropy: | 2.6217926687 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { { { { { . . . . . . . . . . . { . { { { . . . . . . . . . . . . . . { { . . . . . . . . . . . { . { { { . . . . . . . . . . { { { x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00 |
Stream Path: \x17163\x16689\x18229\x16382\x15196\x15255\x15133\x15375, File Type: XML 1.0 document, ASCII text, with CRLF line terminators, Stream Size: 11247 |
---|
General | |
---|---|
Stream Path: | \x17163\x16689\x18229\x16382\x15196\x15255\x15133\x15375 |
File Type: | XML 1.0 document, ASCII text, with CRLF line terminators |
Stream Size: | 11247 |
Entropy: | 5.13177845424 |
Base64 Encoded: | True |
Data ASCII: | < ? x m l v e r s i o n = " 1 . 0 " ? > . . < c o n f i g u r a t i o n > . . . < s t a r t u p > < s u p p o r t e d R u n t i m e v e r s i o n = " v . N E T F r a m e w o r k 4 C l i e n t P r o f i l e " / > < / s t a r t u p > . . . < r u n t i m e > . . . . < a s s e m b l y B i n d i n g x m l n s = " u r n : s c h e m a s - m i c r o s o f t - c o m : a s m . v 1 " a p p l i e s T o = " v 1 . 0 . 3 7 0 5 " > . . . . . < d e p e n d e n t A s s e m b l y > . . . . . . < a s s e m b l |
Data Raw: | 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 09 3c 73 74 61 72 74 75 70 3e 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 2e 4e 45 54 20 46 72 61 6d 65 77 6f 72 6b 20 34 20 43 6c 69 65 6e 74 20 50 72 6f 66 69 6c 65 22 2f 3e 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 09 3c 72 75 |
Stream Path: \x18496\x15167\x17394\x17464\x17841, File Type: data, Stream Size: 3328 |
---|
General | |
---|---|
Stream Path: | \x18496\x15167\x17394\x17464\x17841 |
File Type: | data |
Stream Size: | 3328 |
Entropy: | 5.28709721402 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . % . % . % . ' . ' . ' . + . + . + . , . , . , . - . - . - . . . . . . . . . . . . . . . 7 . 7 . 8 . 8 . = . = . = . = . = . = . = . = . = . B . B . B . B . P . P . P . P . P . P . P . P . T . T . X . X . Z . Z . Z . Z . Z . Z . Z . Z . _ . ` . ` . d . d . d . d . d . d . d . d . d . d . d . d . d . m . m . m . m . m . m . z . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 1f 00 1f 00 1f 00 25 00 25 00 25 00 27 00 27 00 27 00 2b 00 2b 00 2b 00 2c 00 2c 00 2c 00 2d 00 2d 00 2d 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 37 00 37 00 38 00 38 00 3d 00 3d 00 3d 00 3d 00 3d 00 3d 00 3d 00 3d 00 3d 00 42 00 42 00 42 00 42 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 54 00 54 00 58 00 58 00 |
Stream Path: \x18496\x15518\x16925\x17915, File Type: data, Stream Size: 204 |
---|
General | |
---|---|
Stream Path: | \x18496\x15518\x16925\x17915 |
File Type: | data |
Stream Size: | 204 |
Entropy: | 4.53620853375 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . " . $ . % . & . ( . * . , . . . 0 . 2 . 4 . 6 . 8 . : . < . > . @ . B . D . F . H . J . L . N . P . R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . # . % . & . ' . ) . + . - . / . 1 . 3 . 5 . 7 . 9 . ; . = . ? . A . C . E . G . I . K . M . O . Q . |
Data Raw: | f3 03 f5 03 f7 03 f9 03 fb 03 fd 03 ff 03 01 04 03 04 05 04 07 04 09 04 0b 04 0d 04 0f 04 11 04 13 04 15 04 17 04 19 04 1b 04 1d 04 1e 04 20 04 21 04 22 04 24 04 25 04 26 04 28 04 2a 04 2c 04 2e 04 30 04 32 04 34 04 36 04 38 04 3a 04 3c 04 3e 04 40 04 42 04 44 04 46 04 48 04 4a 04 4c 04 4e 04 50 04 52 04 f2 03 f4 03 f6 03 f8 03 fa 03 fc 03 fe 03 00 04 02 04 04 04 06 04 08 04 0a 04 |
Stream Path: \x18496\x16191\x17783\x17516\x15210\x17892\x18468, File Type: ASCII text, with very long lines, with CRLF line terminators, Stream Size: 42691 |
---|
General | |
---|---|
Stream Path: | \x18496\x16191\x17783\x17516\x15210\x17892\x18468 |
File Type: | ASCII text, with very long lines, with CRLF line terminators |
Stream Size: | 42691 |
Entropy: | 4.99585872456 |
Base64 Encoded: | True |
Data ASCII: | N a m e T a b l e T y p e C o l u m n _ V a l i d a t i o n I d e n t i f i e r N S t r i n g c a t e g o r y T e x t ; F o r m a t t e d ; T e m p l a t e ; C o n d i t i o n ; G u i d ; P a t h ; V e r s i o n ; L a n g u a g e ; I d e n t i f i e r ; B i n a r y ; U p p e r C a s e ; L o w e r C a s e ; F i l e n a m e ; P a t h s ; A n y P a t h ; W i l d C a r d F i l e n a m e ; R e g P a t h ; K e y F o r m a t t e d ; C u s t o m S o u r c e ; P r o p e r t y ; C a b i n e t ; S h o r t c u t ; U |
Data Raw: | 4e 61 6d 65 54 61 62 6c 65 54 79 70 65 43 6f 6c 75 6d 6e 5f 56 61 6c 69 64 61 74 69 6f 6e 49 64 65 6e 74 69 66 69 65 72 4e 53 74 72 69 6e 67 20 63 61 74 65 67 6f 72 79 54 65 78 74 3b 46 6f 72 6d 61 74 74 65 64 3b 54 65 6d 70 6c 61 74 65 3b 43 6f 6e 64 69 74 69 6f 6e 3b 47 75 69 64 3b 50 61 74 68 3b 56 65 72 73 69 6f 6e 3b 4c 61 6e 67 75 61 67 65 3b 49 64 65 6e 74 69 66 69 65 72 3b |
Stream Path: \x18496\x16191\x17783\x17516\x15978\x17586\x18479, File Type: data, Stream Size: 4648 |
---|
General | |
---|---|
Stream Path: | \x18496\x16191\x17783\x17516\x15978\x17586\x18479 |
File Type: | data |
Stream Size: | 4648 |
Entropy: | 3.53568669665 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T . . . . . . . j . . . . . . . B . . . . . + . . . . . . . . . o . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ) . . . . . . . . . . . . . . . . . ( . . . . . . . 5 . . . . . . . . . . . . . . . O . . . |
Data Raw: | e4 04 00 00 04 00 14 00 05 00 06 00 00 00 00 00 04 00 0c 00 06 00 02 00 0b 00 15 00 0a 00 99 00 01 00 07 01 0f 00 01 00 ca 00 01 00 01 00 ae 00 0b 00 1a 00 03 00 02 00 08 00 02 00 09 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 0e 00 01 00 04 00 81 00 15 00 01 00 24 00 01 00 36 00 01 00 15 00 01 00 15 00 01 00 05 00 01 00 1e 00 01 00 20 00 01 00 0d 00 01 00 0a 00 07 00 |
Stream Path: \x18496\x16255\x16740\x16943\x18486, File Type: data, Stream Size: 176 |
---|
General | |
---|---|
Stream Path: | \x18496\x16255\x16740\x16943\x18486 |
File Type: | data |
Stream Size: | 176 |
Entropy: | 4.87443979456 |
Base64 Encoded: | False |
Data ASCII: | . . . . % . ' . + . , . - . . . 7 . 8 . = . B . P . T . X . Z . _ . ` . d . m . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . 5 . 6 . 7 . < . ? . B . F . Q . b . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . : . J . [ . e . m . p . } . . . |
Data Raw: | 06 00 1f 00 25 00 27 00 2b 00 2c 00 2d 00 2e 00 37 00 38 00 3d 00 42 00 50 00 54 00 58 00 5a 00 5f 00 60 00 64 00 6d 00 7a 00 7f 00 81 00 87 00 8c 00 94 00 9d 00 a2 00 a7 00 ae 00 b5 00 b8 00 d5 00 dd 00 e6 00 eb 00 ef 00 f4 00 f7 00 07 01 16 01 19 01 1b 01 21 01 2e 01 35 01 36 01 37 01 3c 01 3f 01 42 01 46 01 51 01 62 01 64 01 80 01 8b 01 91 01 94 01 99 01 a1 01 a8 01 ad 01 b0 01 |
Stream Path: \x18496\x16383\x16886\x16661\x17528\x17126\x17548\x16881\x17900\x17580\x18481, File Type: data, Stream Size: 6 |
---|
General | |
---|---|
Stream Path: | \x18496\x16383\x16886\x16661\x17528\x17126\x17548\x16881\x17900\x17580\x18481 |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.79248125036 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | a8 02 a7 02 a6 02 |
Stream Path: \x18496\x16383\x17380\x16876\x17892\x17580\x18481, File Type: data, Stream Size: 10248 |
---|
General | |
---|---|
Stream Path: | \x18496\x16383\x17380\x16876\x17892\x17580\x18481 |
File Type: | data |
Stream Size: | 10248 |
Entropy: | 2.83594526926 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . % . % . % . ' . ' . ' . + . + . + . , . , . , . - . - . - . . . . . . . . . . . . . . . 7 . 7 . 8 . 8 . = . = . = . = . = . = . = . = . = . B . B . B . B . P . P . P . P . P . P . P . P . T . T . X . X . Z . Z . Z . Z . Z . Z . Z . Z . _ . ` . ` . d . d . d . d . d . d . d . d . d . d . d . d . d . m . m . m . m . m . m . z . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 06 00 1f 00 1f 00 1f 00 25 00 25 00 25 00 27 00 27 00 27 00 2b 00 2b 00 2b 00 2c 00 2c 00 2c 00 2d 00 2d 00 2d 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 2e 00 37 00 37 00 38 00 38 00 3d 00 3d 00 3d 00 3d 00 3d 00 3d 00 3d 00 3d 00 3d 00 42 00 42 00 42 00 42 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 54 00 54 00 58 00 58 00 |
Stream Path: \x18496\x16667\x17191\x15090\x17912\x17591\x18481, File Type: data, Stream Size: 72 |
---|
General | |
---|---|
Stream Path: | \x18496\x16667\x17191\x15090\x17912\x17591\x18481 |
File Type: | data |
Stream Size: | 72 |
Entropy: | 3.38712473846 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . u . . . u . . . . . . . . . . . . . . . . . \\ . \\ . \\ . \\ . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | bf 03 bf 03 80 04 80 04 01 80 02 80 01 80 02 80 be 03 75 02 be 03 75 02 00 80 00 80 00 80 00 80 00 80 12 80 00 80 12 80 5c 81 5c 81 5c 81 5c 81 11 80 11 80 11 80 11 80 de 03 df 03 de 03 df 03 00 00 00 00 00 00 00 00 |
Stream Path: \x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 54 |
---|
General | |
---|---|
Stream Path: | \x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934 |
File Type: | data |
Stream Size: | 54 |
Entropy: | 3.95560491959 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . < . |
Data Raw: | a1 02 de 02 df 02 e2 02 e4 02 e5 02 01 03 1a 03 1b 03 a2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ee 82 20 83 84 83 e8 83 78 85 dc 85 a0 8f c8 99 3c 8f |
Stream Path: \x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 72 |
---|
General | |
---|---|
Stream Path: | \x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472 |
File Type: | data |
Stream Size: | 72 |
Entropy: | 4.42651128706 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . 2 . 3 . 4 . 5 . T . V . . . . . . . . . . . . . . . . . . . 0 . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | a1 02 de 02 df 02 e2 02 1c 03 32 03 33 03 34 03 35 03 54 04 56 04 81 04 a2 02 00 00 00 00 00 00 00 00 00 00 00 00 2e 03 30 03 00 00 5a 04 00 00 ee 82 20 83 84 83 e8 83 14 85 fe 7f fd 7f e7 83 e6 83 13 85 e9 83 ff 7f |
Stream Path: \x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 96 |
---|
General | |
---|---|
Stream Path: | \x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472 |
File Type: | data |
Stream Size: | 96 |
Entropy: | 4.26345939513 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . j . r . . . . . \\ . . . $ . 8 . . . . . . . |
Data Raw: | a1 02 de 02 e2 02 e4 02 e5 02 e8 02 e9 02 04 03 05 03 06 03 07 03 08 03 15 03 16 03 17 03 1a 03 a2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ee 82 20 83 e8 83 78 85 dc 85 6a 98 72 86 94 91 f8 91 5c 92 c0 92 24 93 38 98 9c 98 00 99 c8 99 |
Stream Path: \x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486, File Type: data, Stream Size: 32 |
---|
General | |
---|---|
Stream Path: | \x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486 |
File Type: | data |
Stream Size: | 32 |
Entropy: | 2.25 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 84 02 84 02 84 02 84 02 84 02 84 02 84 02 84 02 87 02 8d 02 91 02 95 02 99 02 cc 02 d1 02 d6 02 |
Stream Path: \x18496\x16911\x17892\x17784\x18472, File Type: data, Stream Size: 16 |
---|
General | |
---|---|
Stream Path: | \x18496\x16911\x17892\x17784\x18472 |
File Type: | data |
Stream Size: | 16 |
Entropy: | 2.17742128383 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . |
Data Raw: | 84 02 00 00 00 00 00 00 02 80 01 80 83 02 00 80 |
Stream Path: \x18496\x16918\x17191\x18468, File Type: MIPSEB Ucode, Stream Size: 12 |
---|
General | |
---|---|
Stream Path: | \x18496\x16918\x17191\x18468 |
File Type: | MIPSEB Ucode |
Stream Size: | 12 |
Entropy: | 2.12581458369 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . |
Data Raw: | 01 80 05 80 00 00 89 04 00 00 00 00 |
Stream Path: \x18496\x16923\x17194\x17910\x18229, File Type: data, Stream Size: 36 |
---|
General | |
---|---|
Stream Path: | \x18496\x16923\x17194\x17910\x18229 |
File Type: | data |
Stream Size: | 36 |
Entropy: | 3.22439444541 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | cf 02 d4 02 d8 02 01 80 01 80 01 80 ce 02 d3 02 d3 02 00 00 00 00 d7 02 cd 02 d2 02 00 00 cc 02 d1 02 d6 02 |
Stream Path: \x18496\x16925\x17915\x17884\x17404\x18472, File Type: data, Stream Size: 36 |
---|
General | |
---|---|
Stream Path: | \x18496\x16925\x17915\x17884\x17404\x18472 |
File Type: | data |
Stream Size: | 36 |
Entropy: | 2.70193235354 |
Base64 Encoded: | False |
Data ASCII: | ^ . _ . . . ] . ] . ] . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 5e 03 5f 03 f0 03 5d 03 5d 03 5d 03 09 80 0c 80 09 80 00 00 00 80 00 00 00 80 00 00 00 80 00 80 01 80 00 80 |
Stream Path: \x18496\x17163\x16689\x18229, File Type: data, Stream Size: 20 |
---|
General | |
---|---|
Stream Path: | \x18496\x17163\x16689\x18229 |
File Type: | data |
Stream Size: | 20 |
Entropy: | 2.82321967234 |
Base64 Encoded: | False |
Data ASCII: | . . . . G . b . d . . . . . . . . . . . |
Data Raw: | a9 02 b2 02 47 03 62 03 64 03 01 00 01 00 01 00 01 00 01 00 |
Stream Path: \x18496\x17165\x16949\x17894\x17778\x18492, File Type: data, Stream Size: 18 |
---|
General | |
---|---|
Stream Path: | \x18496\x17165\x16949\x17894\x17778\x18492 |
File Type: | data |
Stream Size: | 18 |
Entropy: | 2.46132014021 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . |
Data Raw: | 83 02 9c 02 9e 02 00 00 83 02 83 02 9f 02 9b 02 9d 02 |
Stream Path: \x18496\x17165\x17380\x17074, File Type: data, Stream Size: 484 |
---|
General | |
---|---|
Stream Path: | \x18496\x17165\x17380\x17074 |
File Type: | data |
Stream Size: | 484 |
Entropy: | 4.01246371302 |
Base64 Encoded: | False |
Data ASCII: | + . - . / . 1 . 2 . 3 . 4 . 5 . < . W . a . l . q . { . . . . . . . T . V . a . u . . . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . u . u . u . u . u . u . u . u . u . . . J . . . i . i . 9 . u . u . u . u . u . u . u . . . . . . . . . . . . . . . . . . . N . e . N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 2b 03 2d 03 2f 03 31 03 32 03 33 03 34 03 35 03 3c 03 57 03 61 03 6c 03 71 03 7b 03 86 03 c2 03 e1 03 54 04 56 04 61 04 75 04 81 04 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 |
Stream Path: \x18496\x17167\x16943, File Type: GPG encrypted data, Stream Size: 90 |
---|
General | |
---|---|
Stream Path: | \x18496\x17167\x16943 |
File Type: | GPG encrypted data |
Stream Size: | 90 |
Entropy: | 4.02421640311 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [ . . ; . . . . . . . . . . . . [ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 85 02 8b 02 8f 02 93 02 97 02 87 02 8d 02 91 02 95 02 99 02 8a 02 8e 02 92 02 96 02 9a 02 f0 5b 0e 80 3b 01 00 80 f0 f9 0d 80 f0 f9 0d 80 f0 5b 0e 80 89 02 00 00 89 02 89 02 89 02 88 02 00 00 88 02 88 02 88 02 00 82 00 82 00 82 00 82 00 82 01 80 02 80 03 80 04 80 05 80 |
Stream Path: \x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 420 |
---|
General | |
---|---|
Stream Path: | \x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934 |
File Type: | data |
Stream Size: | 420 |
Entropy: | 5.21806511231 |
Base64 Encoded: | False |
Data ASCII: | 7 . X . _ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 37 00 58 00 5f 00 a1 02 ab 02 b4 02 c7 02 da 02 db 02 dc 02 dd 02 de 02 df 02 e1 02 e2 02 e3 02 e4 02 e5 02 e6 02 e7 02 e8 02 e9 02 ea 02 eb 02 ed 02 ee 02 ef 02 f0 02 f1 02 f2 02 f3 02 f4 02 f5 02 f6 02 f7 02 f8 02 f9 02 fa 02 fb 02 fc 02 fd 02 fe 02 ff 02 00 03 01 03 02 03 03 03 04 03 05 03 06 03 07 03 08 03 09 03 0a 03 0b 03 0c 03 0d 03 0e 03 0f 03 10 03 11 03 12 03 13 03 14 03 |
Stream Path: \x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 132 |
---|
General | |
---|---|
Stream Path: | \x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472 |
File Type: | data |
Stream Size: | 132 |
Entropy: | 4.90257883497 |
Base64 Encoded: | False |
Data ASCII: | 7 . _ . . . . . . . . . . . . . . . . . . . . . . . . . . . + . - . / . 1 . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . 0 . . . . . Z . d . . . . . . . . . . . . . . . X . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 37 00 5f 00 a1 02 ab 02 b4 02 ca 02 da 02 db 02 dc 02 dd 02 de 02 df 02 e1 02 e2 02 1c 03 2b 03 2d 03 2f 03 31 03 3c 03 c2 03 e1 03 00 00 b5 02 a2 02 00 00 b5 02 cb 02 00 00 b5 02 b5 02 00 00 00 00 00 00 e0 02 00 00 00 00 00 00 2c 03 2e 03 30 03 00 00 00 00 5a 04 64 80 f4 81 ee 82 01 80 8f 81 05 80 c8 80 90 81 58 82 bc 82 20 83 84 83 b6 83 e8 83 14 85 fe 7f fd 7f e7 83 e6 83 13 85 |
Stream Path: \x18496\x17548\x17648\x17522\x17512\x18487, File Type: data, Stream Size: 96 |
---|
General | |
---|---|
Stream Path: | \x18496\x17548\x17648\x17522\x17512\x18487 |
File Type: | data |
Stream Size: | 96 |
Entropy: | 3.40794631967 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 87 02 8d 02 91 02 95 02 99 02 cc 02 d1 02 d6 02 86 02 8c 02 90 02 94 02 98 02 d0 02 d5 02 d9 02 83 02 83 02 83 02 83 02 83 02 83 02 83 02 83 02 00 81 00 81 00 81 00 81 00 81 04 81 04 81 04 81 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 85 02 8b 02 8f 02 93 02 97 02 cf 02 d4 02 d8 02 |
Stream Path: \x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522, File Type: data, Stream Size: 480 |
---|
General | |
---|---|
Stream Path: | \x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522 |
File Type: | data |
Stream Size: | 480 |
Entropy: | 3.54700027059 |
Base64 Encoded: | False |
Data ASCII: | + . + . + . + . - . - . - . - . 2 . 2 . 2 . 2 . 3 . 3 . 3 . 3 . < . < . < . < . < . < . < . < . q . q . q . q . { . { . { . { . . . . . . . . . . . . . . . . . T . T . T . T . T . T . T . T . V . V . V . V . a . a . u . u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . L . L . N . N . P . P . R . R . u . u . w . w . . . . . . . . . k . k . . . . . . . . . 8 . 8 . L . L . N . N . P . P . R . R . 8 . 8 . . . . . 8 . 8 . 8 . 8 . k . k . . . . . T . V . T . V . T . V . T . V . |
Data Raw: | 2b 03 2b 03 2b 03 2b 03 2d 03 2d 03 2d 03 2d 03 32 03 32 03 32 03 32 03 33 03 33 03 33 03 33 03 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 71 03 71 03 71 03 71 03 7b 03 7b 03 7b 03 7b 03 c2 03 c2 03 c2 03 c2 03 c2 03 c2 03 e1 03 e1 03 54 04 54 04 54 04 54 04 54 04 54 04 54 04 54 04 56 04 56 04 56 04 56 04 61 04 61 04 75 04 75 04 81 04 81 04 81 04 81 04 c6 03 c6 03 cd 03 cd 03 |
Stream Path: \x18496\x17548\x17905\x17589\x15279\x16953\x17905, File Type: data, Stream Size: 840 |
---|
General | |
---|---|
Stream Path: | \x18496\x17548\x17905\x17589\x15279\x16953\x17905 |
File Type: | data |
Stream Size: | 840 |
Entropy: | 4.28863678448 |
Base64 Encoded: | False |
Data ASCII: | + . - . / . / . / . / . / . / . 1 . 1 . 2 . 3 . 4 . 4 . 4 . 4 . 4 . 4 . 5 . 5 . < . W . W . a . a . a . a . a . a . a . l . l . l . l . q . { . { . { . . . . . . . . . . . . . . . . . . . . . . . T . V . V . V . V . a . a . a . a . a . a . a . a . a . a . a . u . u . u . u . . . . . . . ; . . . . . . . . . . . ; . . . . . . . ; . . . . . . . . . . . ; . . . ; . f . h . . . . . . . . . . . . . . . f . f . h . h . p . z . | . ~ . ; . ; . p . p . . . . . . . 8 . ; . > . > . ; . 8 . ; . > . > . 8 . ; . > . > . |
Data Raw: | 2b 03 2d 03 2f 03 2f 03 2f 03 2f 03 2f 03 2f 03 31 03 31 03 32 03 33 03 34 03 34 03 34 03 34 03 34 03 34 03 35 03 35 03 3c 03 57 03 57 03 61 03 61 03 61 03 61 03 61 03 61 03 61 03 6c 03 6c 03 6c 03 6c 03 71 03 7b 03 7b 03 7b 03 86 03 86 03 86 03 86 03 86 03 86 03 c2 03 e1 03 e1 03 e1 03 e1 03 54 04 56 04 56 04 56 04 56 04 61 04 61 04 61 04 61 04 61 04 61 04 61 04 61 04 61 04 61 04 |
Stream Path: \x18496\x17548\x17905\x17589\x18479, File Type: data, Stream Size: 4784 |
---|
General | |
---|---|
Stream Path: | \x18496\x17548\x17905\x17589\x18479 |
File Type: | data |
Stream Size: | 4784 |
Entropy: | 4.43726345693 |
Base64 Encoded: | False |
Data ASCII: | + . + . + . + . + . + . + . + . + . - . - . - . - . - . - . - . - . - . / . / . / . / . / . / . / . / . / . 1 . 1 . 1 . 1 . 1 . 1 . 1 . 1 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 5 . 5 . 5 . 5 . 5 . 5 . 5 . 5 . < . < . < . < . < . < . < . < . < . < . < . < . W . W . W . a . a . a . a . a . a . a . a . l . l . l . q . q . q . q . { . { . { . { . { . { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 2b 03 2b 03 2b 03 2b 03 2b 03 2b 03 2b 03 2b 03 2b 03 2d 03 2d 03 2d 03 2d 03 2d 03 2d 03 2d 03 2d 03 2d 03 2f 03 2f 03 2f 03 2f 03 2f 03 2f 03 2f 03 2f 03 2f 03 31 03 31 03 31 03 31 03 31 03 31 03 31 03 31 03 32 03 32 03 32 03 32 03 32 03 32 03 32 03 32 03 32 03 33 03 33 03 33 03 33 03 33 03 33 03 33 03 33 03 33 03 34 03 34 03 34 03 34 03 34 03 34 03 34 03 34 03 34 03 35 03 35 03 |
Stream Path: \x18496\x17558\x17959\x16943\x17180\x17514\x17892\x17784\x18472, File Type: data, Stream Size: 66 |
---|
General | |
---|---|
Stream Path: | \x18496\x17558\x17959\x16943\x17180\x17514\x17892\x17784\x18472 |
File Type: | data |
Stream Size: | 66 |
Entropy: | 3.05564029829 |
Base64 Encoded: | False |
Data ASCII: | . . 6 . ` . . . . . . . S . U . ` . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 1e 03 36 03 60 03 bd 03 e0 03 ef 03 53 04 55 04 60 04 74 04 7f 04 09 84 09 84 09 84 09 84 09 84 09 84 09 84 09 84 09 84 09 84 09 84 1d 03 1d 03 1d 03 1d 03 1d 03 1d 03 1d 03 1d 03 1d 03 1d 03 1d 03 |
Stream Path: \x18496\x17630\x17770\x16868\x18472, File Type: data, Stream Size: 32 |
---|
General | |
---|---|
Stream Path: | \x18496\x17630\x17770\x16868\x18472 |
File Type: | data |
Stream Size: | 32 |
Entropy: | 2.1983911108 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | ba 02 ba 02 00 00 bb 02 bb 02 00 00 00 00 00 00 00 00 00 80 02 01 00 80 00 00 00 00 c2 02 c4 02 |
Stream Path: \x18496\x17753\x17650\x17768\x18231, File Type: data, Stream Size: 108 |
---|
General | |
---|---|
Stream Path: | \x18496\x17753\x17650\x17768\x18231 |
File Type: | data |
Stream Size: | 108 |
Entropy: | 4.4638353437 |
Base64 Encoded: | False |
Data ASCII: | w . . . . . . . . . . . . . . . . . . . . . . " . $ . & . ( . * . a . c . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . # . % . ' . ) . a . b . d . . . . . . . a . V . u . a . |
Data Raw: | 77 02 ad 02 af 02 b1 02 b7 02 b9 02 bc 02 be 02 bf 02 c1 02 c3 02 20 03 22 03 24 03 26 03 28 03 2a 03 61 03 63 03 65 03 bf 03 f1 03 80 04 85 04 86 04 87 04 88 04 ba 02 ac 02 ae 02 b0 02 b6 02 b8 02 bb 02 bd 02 bd 02 c0 02 c5 02 1f 03 21 03 23 03 25 03 27 03 29 03 61 03 62 03 64 03 be 03 f0 03 be 03 61 04 56 04 75 04 61 04 |
Stream Path: \x18496\x17932\x17910\x17458\x16778\x17207\x17522, File Type: data, Stream Size: 40 |
---|
General | |
---|---|
Stream Path: | \x18496\x17932\x17910\x17458\x16778\x17207\x17522 |
File Type: | data |
Stream Size: | 40 |
Entropy: | 3.56928518649 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | a1 02 ab 02 b4 02 c7 02 ca 02 33 81 01 80 01 80 13 80 13 80 83 02 a9 02 a9 02 00 00 00 00 a0 02 aa 02 b3 02 c6 02 c9 02 |
Stream Path: \x18496\x17998\x17512\x15799\x17636\x17203\x17073, File Type: data, Stream Size: 192 |
---|
General | |
---|---|
Stream Path: | \x18496\x17998\x17512\x15799\x17636\x17203\x17073 |
File Type: | data |
Stream Size: | 192 |
Entropy: | 3.04340343258 |
Base64 Encoded: | False |
Data ASCII: | < . < . < . < . < . < . < . < . < . < . < . < . T . T . T . T . T . T . T . T . T . T . T . T . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . C . . . . . . . . . . . . . . . . . . . . . [ . \\ . . . . . . . . . . . . . . . . . . . . . [ . \\ . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . Z . |
Data Raw: | 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 3c 03 54 04 54 04 54 04 54 04 54 04 54 04 54 04 54 04 54 04 54 04 54 04 54 04 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 43 03 ed 02 ee 02 f4 02 fd 02 00 03 01 03 09 03 0a 03 12 03 1b 03 5b 03 5c 03 ed 02 ee 02 f4 02 fd 02 |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:22:31 |
Start date: | 29/11/2020 |
Path: | C:\Windows\System32\msiexec.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ac640000 |
File size: | 66048 bytes |
MD5 hash: | 4767B71A318E201188A0D0A420C8B608 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:22:33 |
Start date: | 29/11/2020 |
Path: | C:\Windows\SysWOW64\msiexec.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd60000 |
File size: | 59904 bytes |
MD5 hash: | 12C17B5A5C2A7B97342C362CA467E9A2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:22:36 |
Start date: | 29/11/2020 |
Path: | C:\Windows\SysWOW64\msiexec.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd60000 |
File size: | 59904 bytes |
MD5 hash: | 12C17B5A5C2A7B97342C362CA467E9A2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|