Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report CTS Graphic module for CID-Pro measurement files.msi

Overview

General Information

Sample Name:CTS Graphic module for CID-Pro measurement files.msi
Analysis ID:502664
MD5:9d1d12f42aa3de041dda288f87ced756
SHA1:0a5bbbd604a5ae6845c4a389ef1f85708d3c679f
SHA256:98d412acbb77f1fd865e17f16c62ae1e53fe3e19a183b3ba2d89c4fc3bd43fd1
Infos:

Most interesting Screenshot:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Queries the volume information (name, serial number etc) of a device
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sample file is different than original file name gathered from version info
Checks for available system drives (often done to infect USB drives)
Found dropped PE file which has not been started or loaded
Drops PE files
Tries to load missing DLLs
Deletes files inside the Windows folder
Drops PE files to the windows directory (C:\Windows)
Creates files inside the system directory

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 4752 cmdline: 'C:\Windows\System32\msiexec.exe' /i 'C:\Users\user\Desktop\CTS Graphic module for CID-Pro measurement files.msi' MD5: 4767B71A318E201188A0D0A420C8B608)
  • msiexec.exe (PID: 2500 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 6056 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 92B7A03B753DE557328F7B181D3A0B3D C MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
    • msiexec.exe (PID: 6300 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding B258116E8C98C69587BFD784FAB73825 MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Binary string: c:\P4\NIInstallers\trunk\17.5\src\MetaUtils\NI-PathsStub\Unicode_Release\NIPathsStub.pdb source: CTS Graphic module for CID-Pro measurement files.msi
Source: Binary string: p:\InstrumentDriver\IviInstallers\CustomActions\IviPaths\trunk\400\objects\IviPaths\win32U\i386\msvc71\release\IviPaths.pdb source: CTS Graphic module for CID-Pro measurement files.msi
Source: Binary string: h:\nt.obj.x86fre\base\wcp\tools\msmcustomaction\objfre\i386\msmcustomaction.pdb source: CTS Graphic module for CID-Pro measurement files.msi
Source: Binary string: p:\InstrumentDriver\IviInstallers\CustomActions\IviPaths\trunk\400\objects\IviPaths\win32U\i386\msvc71\release\IviPaths.pdb@ source: CTS Graphic module for CID-Pro measurement files.msi
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\System32\msiexec.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://ocsp.thawte.com0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://s.symcd.com06
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://s2.symcb.com0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://sf.symcb.com/sf.crl0a
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://sf.symcb.com/sf.crt0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://sf.symcd.com0&
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://sv.symcd.com0&
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://www.symauth.com/cps0(
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: http://www.symauth.com/rpa00
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: https://d.symcb.com/cps0%
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: https://d.symcb.com/rpa0
Source: CTS Graphic module for CID-Pro measurement files.msiString found in binary or memory: https://d.symcb.com/rpa0.
Source: MSI4009.tmp.1.drString found in binary or memory: https://www.cts-umweltsimulation.de
Source: MSI4009.tmp.1.drString found in binary or memory: https://www.cts-umweltsimulation.de%
Source: CTS Graphic module for CID-Pro measurement files.msiBinary or memory string: OriginalFilenameNiMsiDistKit.dlluax, vs CTS Graphic module for CID-Pro measurement files.msi
Source: CTS Graphic module for CID-Pro measurement files.msiBinary or memory string: OriginalFilenameNIPathsStub.dllP vs CTS Graphic module for CID-Pro measurement files.msi
Source: CTS Graphic module for CID-Pro measurement files.msiBinary or memory string: OriginalFilenameMetaUtilsCA.dllb! vs CTS Graphic module for CID-Pro measurement files.msi
Source: CTS Graphic module for CID-Pro measurement files.msiBinary or memory string: OriginalFilenameIviPaths.dllX vs CTS Graphic module for CID-Pro measurement files.msi
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI2E3F.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4629bb.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIF925.tmpJump to behavior
Source: classification engineClassification label: clean3.winMSI@6/15@0/0
Source: unknownProcess created: C:\Windows\System32\msiexec.exe 'C:\Windows\System32\msiexec.exe' /i 'C:\Users\user\Desktop\CTS Graphic module for CID-Pro measurement files.msi'
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 92B7A03B753DE557328F7B181D3A0B3D C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B258116E8C98C69587BFD784FAB73825
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 92B7A03B753DE557328F7B181D3A0B3D C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B258116E8C98C69587BFD784FAB73825
Source: CTS Graphic module for CID-Pro measurement files.msiStatic file information: TRID: Microsoft Windows Installer (77509/1) 52.18%
Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: CTS Graphic module for CID-Pro measurement files.msiStatic file information: File size 1644032 > 1048576
Source: Binary string: c:\P4\NIInstallers\trunk\17.5\src\MetaUtils\NI-PathsStub\Unicode_Release\NIPathsStub.pdb source: CTS Graphic module for CID-Pro measurement files.msi
Source: Binary string: p:\InstrumentDriver\IviInstallers\CustomActions\IviPaths\trunk\400\objects\IviPaths\win32U\i386\msvc71\release\IviPaths.pdb source: CTS Graphic module for CID-Pro measurement files.msi
Source: Binary string: h:\nt.obj.x86fre\base\wcp\tools\msmcustomaction\objfre\i386\msmcustomaction.pdb source: CTS Graphic module for CID-Pro measurement files.msi
Source: Binary string: p:\InstrumentDriver\IviInstallers\CustomActions\IviPaths\trunk\400\objects\IviPaths\win32U\i386\msvc71\release\IviPaths.pdb@ source: CTS Graphic module for CID-Pro measurement files.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIFF03.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIF925.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3EA0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI38D0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI37D5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI195.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIFDD9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2E3F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C7D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3EA0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI38D0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI37D5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2E3F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C7D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3EA0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI37D5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI195.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFDD9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3C7D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Replication Through Removable Media1Windows Management InstrumentationDLL Side-Loading1Process Injection1Masquerading2OS Credential DumpingQuery Registry1Replication Through Removable Media1Data from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Process Injection1LSASS MemoryPeripheral Device Discovery11Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)DLL Side-Loading1Security Account ManagerSystem Information Discovery11SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)File Deletion1NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
CTS Graphic module for CID-Pro measurement files.msi0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\MSI195.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSI195.tmp2%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI5C.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSI5C.tmp2%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIF925.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSIF925.tmp2%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIFDD9.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSIFDD9.tmp2%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIFF03.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSIFF03.tmp0%ReversingLabs
C:\Windows\Installer\MSI2E3F.tmp0%MetadefenderBrowse
C:\Windows\Installer\MSI2E3F.tmp2%ReversingLabs
C:\Windows\Installer\MSI37D5.tmp0%MetadefenderBrowse
C:\Windows\Installer\MSI37D5.tmp2%ReversingLabs
C:\Windows\Installer\MSI38D0.tmp0%MetadefenderBrowse
C:\Windows\Installer\MSI38D0.tmp0%ReversingLabs
C:\Windows\Installer\MSI3C7D.tmp0%MetadefenderBrowse
C:\Windows\Installer\MSI3C7D.tmp2%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.cts-umweltsimulation.de0%Avira URL Cloudsafe
http://ocsp.thawte.com00%URL Reputationsafe
https://www.cts-umweltsimulation.de%0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://crl.thawte.com/ThawteTimestampingCA.crl0CTS Graphic module for CID-Pro measurement files.msifalse
    		high
    http://www.symauth.com/cps0(CTS Graphic module for CID-Pro measurement files.msifalse
      		high
      http://www.symauth.com/rpa00CTS Graphic module for CID-Pro measurement files.msifalse
        		high
        https://www.cts-umweltsimulation.deMSI4009.tmp.1.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://ocsp.thawte.com0CTS Graphic module for CID-Pro measurement files.msifalse
        • URL Reputation: safe
        		unknown
        https://www.cts-umweltsimulation.de%MSI4009.tmp.1.drfalse
        • Avira URL Cloud: safe
        		low

        Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox Version:33.0.0 White Diamond
        Analysis ID:502664
        Start date:14.10.2021
        Start time:08:36:49
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 5m 37s
        Hypervisor based Inspection enabled:false
        Report type:light
        Sample file name:CTS Graphic module for CID-Pro measurement files.msi
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
        Number of analysed new started processes analysed:25
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • HDC enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:CLEAN
        Classification:clean3.winMSI@6/15@0/0
        EGA Information:Failed
        HDC Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Adjust boot time
        • Enable AMSI
        • Found application associated with file extension: .msi
        Warnings:
        Show All
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 20.82.209.183, 23.203.141.148, 95.100.216.89, 20.199.120.85, 20.50.102.62, 20.199.120.182, 20.199.120.151, 40.112.88.60, 2.20.178.24, 2.20.178.33, 20.82.210.154
        • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, client.wns.windows.com, fs.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, store-images.s-microsoft.com, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: /opt/package/joesandbox/database/analysis/502664/sample/CTS Graphic module for CID-Pro measurement files.msi

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASN

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Config.Msi\4629bc.rbs
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:modified
        Size (bytes):12266
        Entropy (8bit):5.007776556313955
        Encrypted:false
        SSDEEP:192:RvSxQntLWvZW3fpiYmY2BIi1BClmDacA/O1hhhhj:R6xQntLWhWPgRBIi7ClmucA/w
        MD5:BB7FD55E83D560A2582510B25F862B00
        SHA1:D19CD3B9BB969738F2BEDDBE2D84D49E94DDD732
        SHA-256:04C43C0A5DD03C48B7981B782EAD83991829B5085EACB7B5C7D6C86C7661D2F7
        SHA-512:AF2954A597366B07C2BAA0877E92D696DC2FC28CFF79FDFAB1D78DFBA29C9277D3D88722D05E37CB95252E3CA14E804FF49A79233FAC68ADB985398070320BAF
        Malicious:false
        Reputation:low
        Preview: ...@IXOS.@.....@.DNS.@.....@.....@.....@.....@.....@......&.{DE800F69-955C-4883-BAFF-CB2110B8D24E}0.CTS Graphic module for CID-Pro measurement files4.CTS Graphic module for CID-Pro measurement files.msi.@.....@.....@.....@........&.{20A29E39-AE61-4E1D-8B05-2B53D975F455}.....@.....@.....@.....@.......@.....@.....@.......@....0.CTS Graphic module for CID-Pro measurement files......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files.....File: [1]....ProcessComponents".Updating component registration.....&.{4CFD70BB-BCEE-4D6A-8FE0-3623C008CCE6}&.{DE800F69-955C-4883-BAFF-CB2110B8D24E}.@......&.{50861030-DAC5-46F4-9701-8F52634854BD}&.{DE800F69-955C-4883-BAFF-CB2110B8D24E}.@......&.{C05F4450-0A87-450B-87D5-2BB1C0EF5D1B}&.{DE800F69-955C-4883-BAFF-CB2110B8D24E}.@......&.{08EF03B2-6164-47CA-B1C1-FDA8498EEE7E}&.{DE800F69-955C-4883-BAFF-CB2110B8D24E}.@......&.{C0519341-0995-4225-81F9-4D502FC84490}&.{DE800F69-955C-4883-BAFF-CB2110B8D24E}.@......&.{49066991-6467-4D74-B757-D37
        C:\Users\user\AppData\Local\Temp\MSI195.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):604608
        Entropy (8bit):6.120901544049748
        Encrypted:false
        SSDEEP:12288:sjso0X+9aNVnZy3aDczIh0eBqmOInKiGc/wRBUXUiqGqIZ:O0nMKbVOIKRswRiXUiqGqIZ
        MD5:7B2E16B40253B3664BD209416E40D832
        SHA1:0B8F4C27D7C366E19EBDFA6DCC4540EF46F76F26
        SHA-256:5479A842EDE9595A950BBC70A1FA52622F64FC80971AEF689C22701FFC506C9A
        SHA-512:425D57105DC80008F06C96AF06726B470D753F32F5159706A20579FBAFA1465055C2605DA754B51644E0171A6BE1FE374C0003D507C8827515341C1628EEA94D
        Malicious:false
        Antivirus:
        • Antivirus: Metadefender, Detection: 0%, Browse
        • Antivirus: ReversingLabs, Detection: 2%
        Reputation:low
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.......y.]....%..........d.....~.......h.......n.......k.....Rich............PE..L...i..Y...........!.....H..................`...............................p......`............................... .......h............................?.......O...................................[..@............`...............................text...JG.......H.................. ..`.rdata..3....`.......L..............@..@.data...............................@....rsrc...............................@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................
        C:\Users\user\AppData\Local\Temp\MSI5C.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):604608
        Entropy (8bit):6.120901544049748
        Encrypted:false
        SSDEEP:12288:sjso0X+9aNVnZy3aDczIh0eBqmOInKiGc/wRBUXUiqGqIZ:O0nMKbVOIKRswRiXUiqGqIZ
        MD5:7B2E16B40253B3664BD209416E40D832
        SHA1:0B8F4C27D7C366E19EBDFA6DCC4540EF46F76F26
        SHA-256:5479A842EDE9595A950BBC70A1FA52622F64FC80971AEF689C22701FFC506C9A
        SHA-512:425D57105DC80008F06C96AF06726B470D753F32F5159706A20579FBAFA1465055C2605DA754B51644E0171A6BE1FE374C0003D507C8827515341C1628EEA94D
        Malicious:false
        Antivirus:
        • Antivirus: Metadefender, Detection: 0%, Browse
        • Antivirus: ReversingLabs, Detection: 2%
        Reputation:low
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.......y.]....%..........d.....~.......h.......n.......k.....Rich............PE..L...i..Y...........!.....H..................`...............................p......`............................... .......h............................?.......O...................................[..@............`...............................text...JG.......H.................. ..`.rdata..3....`.......L..............@..@.data...............................@....rsrc...............................@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................
        C:\Users\user\AppData\Local\Temp\MSI602bb.LOG
        Process:C:\Windows\System32\msiexec.exe
        File Type:Little-endian UTF-16 Unicode text, with no line terminators
        Category:dropped
        Size (bytes):2
        Entropy (8bit):1.0
        Encrypted:false
        SSDEEP:3:Qn:Qn
        MD5:F3B25701FE362EC84616A93A45CE9998
        SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
        SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
        SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
        Malicious:false
        Reputation:high, very likely benign file
        Preview: ..
        C:\Users\user\AppData\Local\Temp\MSIF925.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):604608
        Entropy (8bit):6.120901544049748
        Encrypted:false
        SSDEEP:12288:sjso0X+9aNVnZy3aDczIh0eBqmOInKiGc/wRBUXUiqGqIZ:O0nMKbVOIKRswRiXUiqGqIZ
        MD5:7B2E16B40253B3664BD209416E40D832
        SHA1:0B8F4C27D7C366E19EBDFA6DCC4540EF46F76F26
        SHA-256:5479A842EDE9595A950BBC70A1FA52622F64FC80971AEF689C22701FFC506C9A
        SHA-512:425D57105DC80008F06C96AF06726B470D753F32F5159706A20579FBAFA1465055C2605DA754B51644E0171A6BE1FE374C0003D507C8827515341C1628EEA94D
        Malicious:false
        Antivirus:
        • Antivirus: Metadefender, Detection: 0%, Browse
        • Antivirus: ReversingLabs, Detection: 2%
        Reputation:low
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.......y.]....%..........d.....~.......h.......n.......k.....Rich............PE..L...i..Y...........!.....H..................`...............................p......`............................... .......h............................?.......O...................................[..@............`...............................text...JG.......H.................. ..`.rdata..3....`.......L..............@..@.data...............................@....rsrc...............................@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................
        C:\Users\user\AppData\Local\Temp\MSIFDD9.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):604608
        Entropy (8bit):6.120901544049748
        Encrypted:false
        SSDEEP:12288:sjso0X+9aNVnZy3aDczIh0eBqmOInKiGc/wRBUXUiqGqIZ:O0nMKbVOIKRswRiXUiqGqIZ
        MD5:7B2E16B40253B3664BD209416E40D832
        SHA1:0B8F4C27D7C366E19EBDFA6DCC4540EF46F76F26
        SHA-256:5479A842EDE9595A950BBC70A1FA52622F64FC80971AEF689C22701FFC506C9A
        SHA-512:425D57105DC80008F06C96AF06726B470D753F32F5159706A20579FBAFA1465055C2605DA754B51644E0171A6BE1FE374C0003D507C8827515341C1628EEA94D
        Malicious:false
        Antivirus:
        • Antivirus: Metadefender, Detection: 0%, Browse
        • Antivirus: ReversingLabs, Detection: 2%
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.......y.]....%..........d.....~.......h.......n.......k.....Rich............PE..L...i..Y...........!.....H..................`...............................p......`............................... .......h............................?.......O...................................[..@............`...............................text...JG.......H.................. ..`.rdata..3....`.......L..............@..@.data...............................@....rsrc...............................@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................
        C:\Users\user\AppData\Local\Temp\MSIFF03.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):69120
        Entropy (8bit):6.280368727841982
        Encrypted:false
        SSDEEP:1536:T5NvYhdShE4p6sBSa/GrTywTwJe1gvxxTtO7m2Uod:TTvwdS6+c8M1gvxdtO7m2X
        MD5:5E71204F63B88FA31CC06D04141198BE
        SHA1:69CEB4C33B98C0D0583224DE9A5DADE8A3903992
        SHA-256:774B7B8BF714746E62A096AEEBAFEADF37E168D978764F14136ED96A85692326
        SHA-512:9E0665EDB50CECC01382A991C36FF2AC045B5E25E917FC08D8A8748077B39BB14192027A303052733F896B308C74ED5B7B76A7E9770C9064B4AD0E52F7B1BC42
        Malicious:false
        Antivirus:
        • Antivirus: Metadefender, Detection: 0%, Browse
        • Antivirus: ReversingLabs, Detection: 0%
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2..a..a..a..a..a...a..a...a..aH..a..a...a..a..a..a...a..a...a..a'..a..a...a..aRich..a........PE..L.....DJ...........!................1J..................................................................................U...\...d....P..h....................`..l...p...............................(...H...............l............................text............................... ..`.rdata...3.......4..................@..@.data....L..........................@....rsrc...h....P......................@..@.reloc..x....`......................@..B........................................................................................................................................................................................................................................................................................................................
        C:\Windows\Installer\4629bb.msi
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 0, Number of Characters: 0, Number of Pages: 200, Template: ;9, Number of Words: 0, Revision Number: {20A29E39-AE61-4E1D-8B05-2B53D975F455}, Security: 0, Last Printed: Tue Oct 5 09:00:44 2021, Create Time/Date: Tue Oct 5 09:00:44 2021, Last Saved Time/Date: Tue Oct 5 09:00:44 2021
        Category:dropped
        Size (bytes):1644032
        Entropy (8bit):6.375958109922464
        Encrypted:false
        SSDEEP:24576:wv8/R6wC9Ab7MX/Z9cSqGqIqo/2m3F3d0nMKbVOIKRswRiXUiqGqIFj:wv8okwvkq/WOI3vXz
        MD5:9D1D12F42AA3DE041DDA288F87CED756
        SHA1:0A5BBBD604A5AE6845C4A389EF1F85708D3C679F
        SHA-256:98D412ACBB77F1FD865E17F16C62AE1E53FE3E19A183B3BA2D89C4FC3BD43FD1
        SHA-512:9CE4D8EE73792878FD625D58757F2C91710D319C2A2DC9FF18CE87BD39222E67C1B94FC0CFC3E20259FE99D1B098659E90F2A492B911CA8FEBFAB822B6444A91
        Malicious:false
        Preview: ......................>.......................................................................................................o........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
        C:\Windows\Installer\MSI2E3F.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):604608
        Entropy (8bit):6.120901544049748
        Encrypted:false
        SSDEEP:12288:sjso0X+9aNVnZy3aDczIh0eBqmOInKiGc/wRBUXUiqGqIZ:O0nMKbVOIKRswRiXUiqGqIZ
        MD5:7B2E16B40253B3664BD209416E40D832
        SHA1:0B8F4C27D7C366E19EBDFA6DCC4540EF46F76F26
        SHA-256:5479A842EDE9595A950BBC70A1FA52622F64FC80971AEF689C22701FFC506C9A
        SHA-512:425D57105DC80008F06C96AF06726B470D753F32F5159706A20579FBAFA1465055C2605DA754B51644E0171A6BE1FE374C0003D507C8827515341C1628EEA94D
        Malicious:false
        Antivirus:
        • Antivirus: Metadefender, Detection: 0%, Browse
        • Antivirus: ReversingLabs, Detection: 2%
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.......y.]....%..........d.....~.......h.......n.......k.....Rich............PE..L...i..Y...........!.....H..................`...............................p......`............................... .......h............................?.......O...................................[..@............`...............................text...JG.......H.................. ..`.rdata..3....`.......L..............@..@.data...............................@....rsrc...............................@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................
        C:\Windows\Installer\MSI37D5.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):604608
        Entropy (8bit):6.120901544049748
        Encrypted:false
        SSDEEP:12288:sjso0X+9aNVnZy3aDczIh0eBqmOInKiGc/wRBUXUiqGqIZ:O0nMKbVOIKRswRiXUiqGqIZ
        MD5:7B2E16B40253B3664BD209416E40D832
        SHA1:0B8F4C27D7C366E19EBDFA6DCC4540EF46F76F26
        SHA-256:5479A842EDE9595A950BBC70A1FA52622F64FC80971AEF689C22701FFC506C9A
        SHA-512:425D57105DC80008F06C96AF06726B470D753F32F5159706A20579FBAFA1465055C2605DA754B51644E0171A6BE1FE374C0003D507C8827515341C1628EEA94D
        Malicious:false
        Antivirus:
        • Antivirus: Metadefender, Detection: 0%, Browse
        • Antivirus: ReversingLabs, Detection: 2%
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.......y.]....%..........d.....~.......h.......n.......k.....Rich............PE..L...i..Y...........!.....H..................`...............................p......`............................... .......h............................?.......O...................................[..@............`...............................text...JG.......H.................. ..`.rdata..3....`.......L..............@..@.data...............................@....rsrc...............................@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................
        C:\Windows\Installer\MSI38D0.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):69120
        Entropy (8bit):6.280368727841982
        Encrypted:false
        SSDEEP:1536:T5NvYhdShE4p6sBSa/GrTywTwJe1gvxxTtO7m2Uod:TTvwdS6+c8M1gvxdtO7m2X
        MD5:5E71204F63B88FA31CC06D04141198BE
        SHA1:69CEB4C33B98C0D0583224DE9A5DADE8A3903992
        SHA-256:774B7B8BF714746E62A096AEEBAFEADF37E168D978764F14136ED96A85692326
        SHA-512:9E0665EDB50CECC01382A991C36FF2AC045B5E25E917FC08D8A8748077B39BB14192027A303052733F896B308C74ED5B7B76A7E9770C9064B4AD0E52F7B1BC42
        Malicious:false
        Antivirus:
        • Antivirus: Metadefender, Detection: 0%, Browse
        • Antivirus: ReversingLabs, Detection: 0%
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2..a..a..a..a..a...a..a...a..aH..a..a...a..a..a..a...a..a...a..a'..a..a...a..aRich..a........PE..L.....DJ...........!................1J..................................................................................U...\...d....P..h....................`..l...p...............................(...H...............l............................text............................... ..`.rdata...3.......4..................@..@.data....L..........................@....rsrc...h....P......................@..@.reloc..x....`......................@..B........................................................................................................................................................................................................................................................................................................................
        C:\Windows\Installer\MSI3C7D.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):604608
        Entropy (8bit):6.120901544049748
        Encrypted:false
        SSDEEP:12288:sjso0X+9aNVnZy3aDczIh0eBqmOInKiGc/wRBUXUiqGqIZ:O0nMKbVOIKRswRiXUiqGqIZ
        MD5:7B2E16B40253B3664BD209416E40D832
        SHA1:0B8F4C27D7C366E19EBDFA6DCC4540EF46F76F26
        SHA-256:5479A842EDE9595A950BBC70A1FA52622F64FC80971AEF689C22701FFC506C9A
        SHA-512:425D57105DC80008F06C96AF06726B470D753F32F5159706A20579FBAFA1465055C2605DA754B51644E0171A6BE1FE374C0003D507C8827515341C1628EEA94D
        Malicious:false
        Antivirus:
        • Antivirus: Metadefender, Detection: 0%, Browse
        • Antivirus: ReversingLabs, Detection: 2%
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.......y.]....%..........d.....~.......h.......n.......k.....Rich............PE..L...i..Y...........!.....H..................`...............................p......`............................... .......h............................?.......O...................................[..@............`...............................text...JG.......H.................. ..`.rdata..3....`.......L..............@..@.data...............................@....rsrc...............................@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................
        C:\Windows\Installer\MSI3EA0.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):604608
        Entropy (8bit):6.120901544049748
        Encrypted:false
        SSDEEP:12288:sjso0X+9aNVnZy3aDczIh0eBqmOInKiGc/wRBUXUiqGqIZ:O0nMKbVOIKRswRiXUiqGqIZ
        MD5:7B2E16B40253B3664BD209416E40D832
        SHA1:0B8F4C27D7C366E19EBDFA6DCC4540EF46F76F26
        SHA-256:5479A842EDE9595A950BBC70A1FA52622F64FC80971AEF689C22701FFC506C9A
        SHA-512:425D57105DC80008F06C96AF06726B470D753F32F5159706A20579FBAFA1465055C2605DA754B51644E0171A6BE1FE374C0003D507C8827515341C1628EEA94D
        Malicious:false
        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.......y.]....%..........d.....~.......h.......n.......k.....Rich............PE..L...i..Y...........!.....H..................`...............................p......`............................... .......h............................?.......O...................................[..@............`...............................text...JG.......H.................. ..`.rdata..3....`.......L..............@..@.data...............................@....rsrc...............................@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................
        C:\Windows\Installer\MSI4009.tmp
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):33204
        Entropy (8bit):5.781528710286994
        Encrypted:false
        SSDEEP:768:ARn1Quy6ZHvuY+G/Zac42/BXwZImqtJuaWSu3VadWxXaHb9UlwLWV:j6ZHvSTIHtJuaWSu3nxXaHbKSLm
        MD5:4361606AADC73C549CD272AAC37450F1
        SHA1:E0BAEA354D4E46480D70937FD8E822DBBFFC6BE6
        SHA-256:0486BD89E1670D82D920D0CFC68F285C0832257D20156C51E64B8017F7DDA572
        SHA-512:864CC4F79AE2210058620E24CB3163CA296385102C00A20CEC5AE20381230D7A47D7DA87F114D6483062BD8F4BBA135A2705858F7588310A92135C02D421DB19
        Malicious:false
        Preview: ...@IXOS.@.....@.DNS.@.....@.....@.....@.....@.....@......&.{DE800F69-955C-4883-BAFF-CB2110B8D24E}0.CTS Graphic module for CID-Pro measurement files4.CTS Graphic module for CID-Pro measurement files.msi.@.....@.....@.....@........&.{20A29E39-AE61-4E1D-8B05-2B53D975F455}.....@.....@.....@.....@.......@.....@.....@.......@....0.CTS Graphic module for CID-Pro measurement files......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files.....File: [1]...@.......@........ProcessComponents".Updating component registration......@o....@.....@.]....&.{4CFD70BB-BCEE-4D6A-8FE0-3623C008CCE6}*.C:\CTSGraphicModule\ExcelConvertModule.exe.@.......@.....@.....@......&.{50861030-DAC5-46F4-9701-8F52634854BD}..C:\CTSGraphicModule\mesa.dll.@.......@.....@.....@......&.{C05F4450-0A87-450B-87D5-2BB1C0EF5D1B}0.C:\CTSGraphicModule\manual\CID500_manual_eng.pdf.@.......@.....@.....@......&.{08EF03B2-6164-47CA-B1C1-FDA8498EEE7E}0.C:\CTSGraphicModule\manual\CID500_manual_deu.pdf.@.......@.....@
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
        Process:C:\Windows\System32\msiexec.exe
        File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):81287
        Entropy (8bit):5.29872828603926
        Encrypted:false
        SSDEEP:192:XL/vcrZZDZo/ZrXczaIcO/gcMH5elWSLc:XDvsDZGrkaIcO/Y5Xuc
        MD5:A08D323CCBCCD65F1E7803A241663B5B
        SHA1:AEEDBBCD6F99F32FA8DC22178D86B0AADD3C7048
        SHA-256:D59464B087080FBEFC1390989BAB8DC2B1A455C196825E8AF14FF98C6A456367
        SHA-512:0D75E874965D28FCD2450898010946A23D39CA21951E2789A140C2F42978DCEBF7D021E08B609A4E1F86DF24CE17164553DC2A561E7E3D6B7B8CAAD9FF0A8E7D
        Malicious:false
        Preview: .To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..07/23/2020 10:38:04.497 [4552]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:38:04.513 [4552]: ngen returning 0x00000000..07/23/2020 10:38:04.559 [4480]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:38:04.559 [4480]: ngen returning 0x00000000..07/23/2020 10:38:04.622 [4256]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:38:04.622 [

        Static File Info

        General

        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 0, Number of Characters: 0, Number of Pages: 200, Template: ;9, Number of Words: 0, Revision Number: {20A29E39-AE61-4E1D-8B05-2B53D975F455}, Security: 0, Last Printed: Tue Oct 5 09:00:44 2021, Create Time/Date: Tue Oct 5 09:00:44 2021, Last Saved Time/Date: Tue Oct 5 09:00:44 2021
        Entropy (8bit):6.375958109922464
        TrID:
        • Microsoft Windows Installer (77509/1) 52.18%
        • Windows SDK Setup Transform Script (63028/2) 42.43%
        • Generic OLE2 / Multistream Compound File (8008/1) 5.39%
        File name:CTS Graphic module for CID-Pro measurement files.msi
        File size:1644032
        MD5:9d1d12f42aa3de041dda288f87ced756
        SHA1:0a5bbbd604a5ae6845c4a389ef1f85708d3c679f
        SHA256:98d412acbb77f1fd865e17f16c62ae1e53fe3e19a183b3ba2d89c4fc3bd43fd1
        SHA512:9ce4d8ee73792878fd625d58757f2c91710d319c2a2dc9ff18ce87bd39222e67c1b94fc0cfc3e20259fe99d1b098659e90f2a492b911ca8febfab822b6444a91
        SSDEEP:24576:wv8/R6wC9Ab7MX/Z9cSqGqIqo/2m3F3d0nMKbVOIKRswRiXUiqGqIFj:wv8okwvkq/WOI3vXz
        File Content Preview:........................>.......................................................................................................o..............................................................................................................................

        File Icon

        Icon Hash:a2a0b496b2caca72

        Static OLE Info

        General

        Document Type:OLE
        Number of OLE Files:1

        OLE File "CTS Graphic module for CID-Pro measurement files.msi"

        Indicators

        Has Summary Info:True
        Application Name:
        Encrypted Document:False
        Contains Word Document Stream:False
        Contains Workbook/Book Stream:False
        Contains PowerPoint Document Stream:False
        Contains Visio Document Stream:False
        Contains ObjectPool Stream:
        Flash Objects Count:
        Contains VBA Macros:False

        Summary

        Code Page:0
        Title:
        Subject:
        Author:
        Keywords:
        Comments:
        Template:;9
        Last Saved By:
        Revion Number:{20A29E39-AE61-4E1D-8B05-2B53D975F455}
        Last Printed:2021-10-05 08:00:44.006472
        Create Time:2021-10-05 08:00:44.006472
        Last Saved Time:2021-10-05 08:00:44.006472
        Number of Pages:200
        Number of Words:0
        Number of Characters:0
        Creating Application:
        Security:0

        Streams

        Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 412
        General
        Stream Path:\x5SummaryInformation
        File Type:data
        Stream Size:412
        Entropy:3.09547090823
        Base64 Encoded:True
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 4 . . . . . . . < . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ; 9 . . . . . . . . . . . . . . ' . . . { 2 0 A 2 9 E 3 9 - A E
        Data Raw:fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 6c 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 10 00 00 00 98 00 00 00 0e 00 00 00 a0 00 00 00 07 00 00 00 a8 00 00 00 0f 00 00 00 b4 00 00 00 09 00 00 00 bc 00 00 00 02 00 00 00 ec 00 00 00 03 00 00 00 f8 00 00 00 05 00 00 00 04 01 00 00
        Stream Path: \x17163\x16689\x18229\x15166\x17380\x17199\x17209\x16691\x17143\x14774\x18308\x15106\x15042\x14985\x14339\x15167\x15311\x18383\x15300\x14602\x14975\x14860\x18379\x15047\x15310\x14605\x14592\x15232\x14351, File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Stream Size: 69120
        General
        Stream Path:\x17163\x16689\x18229\x15166\x17380\x17199\x17209\x16691\x17143\x14774\x18308\x15106\x15042\x14985\x14339\x15167\x15311\x18383\x15300\x14602\x14975\x14860\x18379\x15047\x15310\x14605\x14592\x15232\x14351
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Stream Size:69120
        Entropy:6.28036872784
        Base64 Encoded:True
        Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . . . 2 . . . a . . . a . . . a . . . a . . . a . . . a . . . a . . . a . . . a H . . a . . . a . . . a . . . a . . . a . . . a . . . a . . . a . . . a . . . a ' . . a . . . a . . . a . . . a R i c h . . . a . . . . . . . . P E . . L . . . . . D J . . . .
        Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
        Stream Path: \x17163\x16689\x18229\x15166\x17458\x17395\x17896\x18472, File Type: MS Windows icon resource - 1 icon, 48x48, 16 colors, Stream Size: 1662
        General
        Stream Path:\x17163\x16689\x18229\x15166\x17458\x17395\x17896\x18472
        File Type:MS Windows icon resource - 1 icon, 48x48, 16 colors
        Stream Size:1662
        Entropy:2.79395257148
        Base64 Encoded:False
        Data ASCII:. . . . . . 0 0 . . . . . . h . . . . . . . ( . . . 0 . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:00 00 01 00 01 00 30 30 10 00 00 00 00 00 68 06 00 00 16 00 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 04 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
        Stream Path: \x17163\x16689\x18229\x15166\x17848\x17591\x18480, File Type: MS Windows icon resource - 1 icon, 48x48, 16 colors, Stream Size: 1662
        General
        Stream Path:\x17163\x16689\x18229\x15166\x17848\x17591\x18480
        File Type:MS Windows icon resource - 1 icon, 48x48, 16 colors
        Stream Size:1662
        Entropy:2.71630665582
        Base64 Encoded:False
        Data ASCII:. . . . . . 0 0 . . . . . . h . . . . . . . ( . . . 0 . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:00 00 01 00 01 00 30 30 10 00 00 00 00 00 68 06 00 00 16 00 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 04 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
        Stream Path: \x17163\x16689\x18229\x15166\x18445, File Type: MS Windows icon resource - 1 icon, 32x32, 16 colors, Stream Size: 766
        General
        Stream Path:\x17163\x16689\x18229\x15166\x18445
        File Type:MS Windows icon resource - 1 icon, 32x32, 16 colors
        Stream Size:766
        Entropy:3.66291942105
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w w w w w w w w w w w w . . . . r " w w w w w w w w w w . . . . z . w w w w w x . . . w . . . . p . . . . . . . . . . . . . . . p . . . . . . w . . . . . . . . x
        Data Raw:00 00 01 00 01 00 20 20 10 00 00 00 00 00 e8 02 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
        Stream Path: \x17163\x16689\x18229\x15550\x17009\x18482, File Type: MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors, Stream Size: 1078
        General
        Stream Path:\x17163\x16689\x18229\x15550\x17009\x18482
        File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors
        Stream Size:1078
        Entropy:2.86422695486
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . & . . . . . . . . . . . ( . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . w p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . w w . . . w w . . . . . .
        Data Raw:00 00 01 00 02 00 20 20 10 00 00 00 00 00 e8 02 00 00 26 00 00 00 10 10 10 00 00 00 00 00 28 01 00 00 0e 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 80 80 80 00 c0 c0 c0 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00
        Stream Path: \x17163\x16689\x18229\x15806\x17848\x16812, File Type: PC bitmap, Windows 3.x format, 35 x 35 x 4, Stream Size: 818
        General
        Stream Path:\x17163\x16689\x18229\x15806\x17848\x16812
        File Type:PC bitmap, Windows 3.x format, 35 x 35 x 4
        Stream Size:818
        Entropy:3.55003168124
        Base64 Encoded:False
        Data ASCII:B M 2 . . . . . . . v . . . ( . . . # . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . p . . . . . . . . . . . p . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . w w w w . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:42 4d 32 03 00 00 00 00 00 00 76 00 00 00 28 00 00 00 23 00 00 00 23 00 00 00 01 00 04 00 00 00 00 00 bc 02 00 00 c4 0e 00 00 c4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 80 80 80 00 c0 c0 c0 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 88 88 88 88 88 88 88 88 88 88
        Stream Path: \x17163\x16689\x18229\x15870\x15762\x17896\x16292\x17207\x17839\x14988\x14974\x15169\x14789\x14342\x18379\x14927\x14862\x14655\x14531\x18370\x15307\x14411\x14591\x14984\x15108\x14795\x14921\x14538\x18446, File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Stream Size: 604608
        General
        Stream Path:\x17163\x16689\x18229\x15870\x15762\x17896\x16292\x17207\x17839\x14988\x14974\x15169\x14789\x14342\x18379\x14927\x14862\x14655\x14531\x18370\x15307\x14411\x14591\x14984\x15108\x14795\x14921\x14538\x18446
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Stream Size:604608
        Entropy:6.12090154405
        Base64 Encoded:True
        Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . . . . . . . . . . . . . . . . . . o . . . . . . . y . ] . . . . % . . . . . . . . . . d . . . . . ~ . . . . . . . h . . . . . . . n . . . . . . . k . . . . . R i c h . . . . . . . . . . . . P E . . L . . . i . . Y . . . . . . . . . . . ! . . . . . H . .
        Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
        Stream Path: \x17163\x16689\x18229\x15870\x15954\x17892\x17835\x14974\x15169\x14789\x14342\x18379\x14927\x14862\x14655\x14531\x18370\x15307\x14411\x14591\x14984\x15108\x14795\x14921\x14538\x18446, File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Stream Size: 3584
        General
        Stream Path:\x17163\x16689\x18229\x15870\x15954\x17892\x17835\x14974\x15169\x14789\x14342\x18379\x14927\x14862\x14655\x14531\x18370\x15307\x14411\x14591\x14984\x15108\x14795\x14921\x14538\x18446
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Stream Size:3584
        Entropy:3.4870728674
        Base64 Encoded:False
        Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . . . . . . . . . . . . . . . . . . L . . . . . . . Z . . . . . . . \\ . . . . . . . Y . . . . . R i c h . . . . . . . . . . . . P E . . L . . . ] . . Y . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
        Stream Path: \x17163\x16689\x18229\x15870\x18088, File Type: MS Windows icon resource - 1 icon, 16x16, 16 colors, Stream Size: 318
        General
        Stream Path:\x17163\x16689\x18229\x15870\x18088
        File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
        Stream Size:318
        Entropy:2.03444158006
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
        Stream Path: \x17163\x16689\x18229\x16190\x17851\x17502\x17516\x17910\x17380\x15151\x18442, File Type: PE32 executable (DLL) (console) Intel 80386, for MS Windows, Stream Size: 28672
        General
        Stream Path:\x17163\x16689\x18229\x16190\x17851\x17502\x17516\x17910\x17380\x15151\x18442
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Stream Size:28672
        Entropy:3.74162375238
        Base64 Encoded:True
        Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . C n u S " . & S " . & S " . & t . } & P " . & S " . & . " . & t . { & X " . & t . m & ^ " . & t . z & R " . & t . n & R " . & t . x & R " . & R i c h S " . & . . . . . . . . . . . . . . . . . . . . . . . . P E . . L . . . \\ . . C . . . . . . . . . . . !
        Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
        Stream Path: \x17163\x16689\x18229\x16254\x17660\x16812\x17380, File Type: MS Windows icon resource - 1 icon, 48x48, 16 colors, Stream Size: 1662
        General
        Stream Path:\x17163\x16689\x18229\x16254\x17660\x16812\x17380
        File Type:MS Windows icon resource - 1 icon, 48x48, 16 colors
        Stream Size:1662
        Entropy:2.75293780194
        Base64 Encoded:False
        Data ASCII:. . . . . . 0 0 . . . . . . h . . . . . . . ( . . . 0 . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:00 00 01 00 01 00 30 30 10 00 00 00 00 00 68 06 00 00 16 00 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 04 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
        Stream Path: \x17163\x16689\x18229\x16318\x18483, File Type: MS Windows icon resource - 1 icon, 16x16, 16 colors, Stream Size: 318
        General
        Stream Path:\x17163\x16689\x18229\x16318\x18483
        File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
        Stream Size:318
        Entropy:2.03693614652
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
        Stream Path: \x17163\x16689\x18229\x17214\x17574\x18481, File Type: MS Windows icon resource - 1 icon, 48x48, 16 colors, Stream Size: 1662
        General
        Stream Path:\x17163\x16689\x18229\x17214\x17574\x18481
        File Type:MS Windows icon resource - 1 icon, 48x48, 16 colors
        Stream Size:1662
        Entropy:2.56276146076
        Base64 Encoded:False
        Data ASCII:. . . . . . 0 0 . . . . . . h . . . . . . . ( . . . 0 . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:00 00 01 00 01 00 30 30 10 00 00 00 00 00 68 06 00 00 16 00 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 04 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
        Stream Path: \x17163\x16689\x18229\x17534\x17452\x17206\x17191\x17910\x17198\x18487, File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Stream Size: 488000
        General
        Stream Path:\x17163\x16689\x18229\x17534\x17452\x17206\x17191\x17910\x17198\x18487
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Stream Size:488000
        Entropy:6.46273603884
        Base64 Encoded:True
        Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . d . . . . . T . . . T . . . T . } X T . . . T . } N T > . . T . . . T . . . T . . . T . . . T . . . T . . . T . } I T . . . T . } _ T . . . T . W Y T . . . T . } \\ T . . . T R i c h . . . T . . . . . . . . . . . . . . . . P E . . L . . . o . . Y . . . .
        Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
        Stream Path: \x17163\x16689\x18229\x17854\x16876\x14440\x18438, File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 501x314, frames 3, Stream Size: 12708
        General
        Stream Path:\x17163\x16689\x18229\x17854\x16876\x14440\x18438
        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 501x314, frames 3
        Stream Size:12708
        Entropy:7.38082106353
        Base64 Encoded:True
        Data ASCII:. . . . . . J F I F . . . . . ` . ` . . . . . C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . " $ " . $ . . . . . . . C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . } . . . . . . . . ! 1 A . . Q a . " q . 2 . . . . #
        Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e
        Stream Path: \x17163\x16689\x18229\x17918\x16693\x17142\x18433, File Type: MS Windows icon resource - 1 icon, 32x32, 16 colors, Stream Size: 766
        General
        Stream Path:\x17163\x16689\x18229\x17918\x16693\x17142\x18433
        File Type:MS Windows icon resource - 1 icon, 32x32, 16 colors
        Stream Size:766
        Entropy:3.99611608735
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w w w . . . . . . . . . . . w . . . . . w . . . . . . . . . w . . . . . . w . . . . . . . . w . . . . . . w w . . . . . . . w . . . . . w . . w . . . . . . w . . . . . . . . w w . . . . . w . . . . ~ . x . . w . . . . . w . . . . . w . w . w x @ . . .
        Data Raw:00 00 01 00 01 00 20 20 10 00 00 00 00 00 e8 02 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
        Stream Path: \x17163\x16689\x18229\x17918\x17650\x14721, File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x63, frames 3, Stream Size: 3254
        General
        Stream Path:\x17163\x16689\x18229\x17918\x17650\x14721
        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x63, frames 3
        Stream Size:3254
        Entropy:7.51960377284
        Base64 Encoded:True
        Data ASCII:. . . . . . J F I F . . . . . ` . ` . . . . . C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . " $ " . $ . . . . . . . C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ? . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . } . . . . . . . . ! 1 A . . Q a . " q . 2 . . . . #
        Data Raw:ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e
        Stream Path: \x18496\x15167\x17394\x17464\x17841, File Type: data, Stream Size: 4672
        General
        Stream Path:\x18496\x15167\x17394\x17464\x17841
        File Type:data
        Stream Size:4672
        Entropy:5.49221765952
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . _ . _ . _ . _ . u . u . u . u . u . u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:05 00 05 00 05 00 10 00 10 00 13 00 13 00 15 00 b1 00 b1 00 b1 00 b2 00 b2 00 b2 00 b6 00 b6 00 b6 00 be 00 be 00 be 00 bf 00 bf 00 bf 00 c0 00 c0 00 c0 00 c0 00 c0 00 c0 00 c0 00 c7 00 c7 00 c9 00 c9 00 c9 00 c9 00 c9 00 c9 00 c9 00 c9 00 c9 00 d1 00 d1 00 d1 00 d1 00 d4 00 d4 00 e5 00 e5 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 08 01 08 01
        Stream Path: \x18496\x15511\x16665\x17143\x15222\x17000\x17516\x17900\x17580\x18481, File Type: data, Stream Size: 23532
        General
        Stream Path:\x18496\x15511\x16665\x17143\x15222\x17000\x17516\x17900\x17580\x18481
        File Type:data
        Stream Size:23532
        Entropy:4.87540658806
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . " . # . & . ' . ( . + . - . / . 0 . 1 . 2 . 4 . 5 . 6 . 7 . 9 . ; . < . = . ? . A . B . D . E . G . H . J . L . N . P . R . T . V . X . Y . Z . \\ . ^ . ` . b . c . d . f . h . j . l . m . n . p . r . t . v . x . z . | . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:ea 07 ec 07 ee 07 ef 07 f0 07 f4 07 f6 07 f8 07 f9 07 fa 07 fd 07 fe 07 00 08 01 08 02 08 04 08 07 08 09 08 0b 08 0d 08 0f 08 11 08 12 08 14 08 17 08 18 08 1a 08 1b 08 1c 08 1e 08 1f 08 21 08 22 08 23 08 26 08 27 08 28 08 2b 08 2d 08 2f 08 30 08 31 08 32 08 34 08 35 08 36 08 37 08 39 08 3b 08 3c 08 3d 08 3f 08 41 08 42 08 44 08 45 08 47 08 48 08 4a 08 4c 08 4e 08 50 08 52 08 54 08
        Stream Path: \x18496\x15511\x16665\x17143\x15222\x17772, File Type: data, Stream Size: 14336
        General
        Stream Path:\x18496\x15511\x16665\x17143\x15222\x17772
        File Type:data
        Stream Size:14336
        Entropy:5.72986375264
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . " . # . ' . ( . + . - . 0 . 5 . 9 . < . = . ? . E . H . R . \\ . f . p . x . z . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . 0 . 9 . ; . = . E . J . N . P . R . U . l . n . p . r . t . v . x . z . | . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:ec 07 ef 07 f0 07 f9 07 fa 07 02 08 04 08 07 08 12 08 14 08 1b 08 1c 08 22 08 23 08 27 08 28 08 2b 08 2d 08 30 08 35 08 39 08 3c 08 3d 08 3f 08 45 08 48 08 52 08 5c 08 66 08 70 08 78 08 7a 08 7c 08 88 08 8b 08 90 08 91 08 93 08 96 08 99 08 9b 08 9d 08 a0 08 a2 08 a4 08 a7 08 a9 08 ab 08 ae 08 b0 08 b2 08 b5 08 b8 08 bb 08 be 08 c1 08 c2 08 c6 08 c9 08 cc 08 cf 08 d2 08 d4 08 d6 08
        Stream Path: \x18496\x15511\x16665\x17143\x15222\x17896\x16808\x16951\x18471, File Type: data, Stream Size: 3120
        General
        Stream Path:\x18496\x15511\x16665\x17143\x15222\x17896\x16808\x16951\x18471
        File Type:data
        Stream Size:3120
        Entropy:5.57091511522
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . ! . & . / . 4 . ; . D . G . J . L . T . V . X . ^ . ` . b . h . j . l . r . t . v . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . # . ' . * . 4 . 8 . ? . C . I . T . W . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . + . 0 . 9 . = . A . E . I . M . Q . U . Y . ] . _ . a . c . e . g . i . k . t . w . z . } . . . . . . .
        Data Raw:ea 07 ee 07 f8 07 00 08 09 08 0b 08 0d 08 0f 08 11 08 1a 08 21 08 26 08 2f 08 34 08 3b 08 44 08 47 08 4a 08 4c 08 54 08 56 08 58 08 5e 08 60 08 62 08 68 08 6a 08 6c 08 72 08 74 08 76 08 7e 08 82 08 84 08 86 08 8a 08 8f 08 98 08 9f 08 a6 08 ad 08 b4 08 b7 08 ba 08 bd 08 c0 08 c5 08 c8 08 cb 08 ce 08 d1 08 d8 08 df 08 e9 08 f1 08 f3 08 f7 08 f9 08 fd 08 ff 08 03 09 05 09 09 09 0b 09
        Stream Path: \x18496\x15511\x16665\x17143\x15286\x18033\x17772\x17522\x16944\x17905, File Type: data, Stream Size: 10
        General
        Stream Path:\x18496\x15511\x16665\x17143\x15286\x18033\x17772\x17522\x16944\x17905
        File Type:data
        Stream Size:10
        Entropy:2.64643934467
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . .
        Data Raw:b0 11 a3 1e a2 1e 00 00 00 80
        Stream Path: \x18496\x15511\x16665\x17143\x15798\x15644\x15179\x17896\x16808\x16951\x18471, File Type: data, Stream Size: 12
        General
        Stream Path:\x18496\x15511\x16665\x17143\x15798\x15644\x15179\x17896\x16808\x16951\x18471
        File Type:data
        Stream Size:12
        Entropy:2.75162916739
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . .
        Data Raw:e5 07 e6 07 a5 1e a7 1e a4 1e a6 1e
        Stream Path: \x18496\x15511\x16665\x17143\x15990\x17768\x17200\x17846\x17580\x17841, File Type: data, Stream Size: 54
        General
        Stream Path:\x18496\x15511\x16665\x17143\x15990\x17768\x17200\x17846\x17580\x17841
        File Type:data
        Stream Size:54
        Entropy:2.89634921974
        Base64 Encoded:False
        Data ASCII:= . . . _ . . . . . . . = . . . _ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:3d 08 91 08 5f 12 e0 02 e0 02 e0 02 3d 08 91 08 5f 12 00 00 00 00 00 00 00 00 00 00 ab 1e 00 00 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 80 a8 1e a9 1e aa 1e
        Stream Path: \x18496\x15511\x16665\x17143\x16118\x17064\x17557\x16678\x17591\x18485, File Type: data, Stream Size: 23260
        General
        Stream Path:\x18496\x15511\x16665\x17143\x16118\x17064\x17557\x16678\x17591\x18485
        File Type:data
        Stream Size:23260
        Entropy:3.6801167552
        Base64 Encoded:False
        Data ASCII:\\ . ] . ^ . _ . ` . a . b . c . d . e . f . g . h . i . j . k . l . m . n . o . p . q . r . s . t . u . v . w . x . y . z . { . | . } . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:5c 15 5d 15 5e 15 5f 15 60 15 61 15 62 15 63 15 64 15 65 15 66 15 67 15 68 15 69 15 6a 15 6b 15 6c 15 6d 15 6e 15 6f 15 70 15 71 15 72 15 73 15 74 15 75 15 76 15 77 15 78 15 79 15 7a 15 7b 15 7c 15 7d 15 7e 15 7f 15 80 15 81 15 82 15 83 15 84 15 85 15 86 15 87 15 88 15 89 15 8a 15 8b 15 8c 15 8d 15 8e 15 8f 15 90 15 91 15 92 15 93 15 94 15 95 15 96 15 97 15 98 15 99 15 9a 15 9b 15
        Stream Path: \x18496\x15511\x16665\x17143\x16118\x17704\x16952\x17910\x16872, File Type: data, Stream Size: 24
        General
        Stream Path:\x18496\x15511\x16665\x17143\x16118\x17704\x16952\x17910\x16872
        File Type:data
        Stream Size:24
        Entropy:3.97017552146
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . 0 . . . ` . . . J
        Data Raw:d2 07 da 07 ef 07 f9 07 02 08 12 08 ef 08 30 09 10 0a 60 13 06 15 4a 20
        Stream Path: \x18496\x15511\x16665\x17143\x16118\x18084\x16923\x16868, File Type: data, Stream Size: 1460
        General
        Stream Path:\x18496\x15511\x16665\x17143\x16118\x18084\x16923\x16868
        File Type:data
        Stream Size:1460
        Entropy:4.9720591689
        Base64 Encoded:False
        Data ASCII:. . Z . [ . \\ . ] . ^ . _ . ` . a . b . c . d . e . f . . . . . . . . . . . . . . . . . . . . . . . ; . ? . C . G . K . O . S . W . [ . b . d . . . . . . . . . . . . . . . . . . . . . . . . . B . D . j . l . r . s . . . . . . . . . . . . . . . . . . . . . $ . % . M . O . u . w . } . ~ . . . . . . . . . . . . . . . . . ' . ) . / . 0 . X . Z . r . t . { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . X . Z . . . . . . . . . . . 3 . 4 . . . . . Q . v . x . . . . . . . . . . . . . ' . - .
        Data Raw:e8 08 5a 09 5b 09 5c 09 5d 09 5e 09 5f 09 60 09 61 09 62 09 63 09 64 09 65 09 66 09 8f 09 91 09 97 09 99 09 9e 09 a0 09 a6 09 a8 09 cf 09 d1 09 f9 09 3b 0a 3f 0a 43 0a 47 0a 4b 0a 4f 0a 53 0a 57 0a 5b 0a 62 0b 64 0b 90 0b 92 0b b8 0b ba 0b c0 0b c1 0b e9 0b eb 0b 11 0c 13 0c 19 0c 1a 0c 42 0c 44 0c 6a 0c 6c 0c 72 0c 73 0c 9b 0c 9d 0c c3 0c c5 0c cb 0c cc 0c f4 0c f6 0c 1c 0d 1e 0d
        Stream Path: \x18496\x15511\x16665\x17143\x16182\x16695\x16881\x17354\x17522\x16168\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 18
        General
        Stream Path:\x18496\x15511\x16665\x17143\x16182\x16695\x16881\x17354\x17522\x16168\x17704\x16952\x16817\x18472
        File Type:data
        Stream Size:18
        Entropy:2.725480557
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . c .
        Data Raw:17 00 18 00 de 06 00 00 00 00 00 00 e8 83 20 83 63 80
        Stream Path: \x18496\x15511\x16665\x17143\x16374\x17768\x17206\x17522\x17884\x17205\x17073, File Type: data, Stream Size: 1230
        General
        Stream Path:\x18496\x15511\x16665\x17143\x16374\x17768\x17206\x17522\x17884\x17205\x17073
        File Type:data
        Stream Size:1230
        Entropy:5.57603167066
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . 1 . 6 . A . N . Y . c . m . . . . . . . . . . . . . . . . . . . . . $ . ( . , . G . K . X . . . . . . . . . . . . . " . ' . ) . 4 . o . . . . . . . . . . . . . . . . . . . . . . . . . . . * . . . . . . . . . F . H . . . . . . . . . Q . S . . . . . . . . . \\ . ^ . u . . . . . . . . . . . . . . . . . . . . . \\ . ^ . o . y . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . ? . Z . . . . . . . . . ) . , . 5 . < . S . V . ] . a . l . o . . . . . . . . . . . . . . . . . . .
        Data Raw:f4 07 fd 07 01 08 17 08 1e 08 31 08 36 08 41 08 4e 08 59 08 63 08 6d 08 8c 08 e6 08 f4 08 fa 08 00 09 06 09 0c 09 12 09 18 09 1e 09 24 09 28 09 2c 09 47 09 4b 09 58 09 a1 09 c9 09 de 09 e7 09 ee 09 04 0a 22 0a 27 0a 29 0a 34 0a 6f 0a 95 0a 9f 0a a6 0a b0 0a b3 0a b6 0a bb 0a bf 0a cb 0a de 0a e6 0a ef 0a f7 0a 2a 0b 94 0b 96 0b ed 0b ef 0b 46 0c 48 0c 9f 0c a1 0c f8 0c fa 0c 51 0d
        Stream Path: \x18496\x15511\x16665\x17143\x16374\x17768\x17206\x17522\x17943\x16944\x17205\x18470, File Type: data, Stream Size: 1272
        General
        Stream Path:\x18496\x15511\x16665\x17143\x16374\x17768\x17206\x17522\x17943\x16944\x17205\x18470
        File Type:data
        Stream Size:1272
        Entropy:5.55298467633
        Base64 Encoded:False
        Data ASCII:. . . . . . . . 2 . 7 . B . P . Z . d . n . . . . . . . . . . . . . . . . . . . . . % . + . - . 2 . 6 . A . L . j . . . . . . . . . . . . . . . . . ( . 5 . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J . L . . . . . . . . . U . W . . . . . . . . . ` . b . v . . . . . . . . . . . . . . . . . . . . . ` . b . q . { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . > . M . [ . ` . n . | . . . . . . . . . . . . . . . . . . . . . . . + . c . d . m . p . ~ . . . . . . .
        Data Raw:f6 07 fe 07 18 08 1f 08 32 08 37 08 42 08 50 08 5a 08 64 08 6e 08 80 08 8d 08 f5 08 fb 08 01 09 07 09 0d 09 13 09 19 09 1f 09 25 09 2b 09 2d 09 32 09 36 09 41 09 4c 09 6a 09 a2 09 d2 09 df 09 e8 09 ef 09 f3 09 0c 0a 19 0a 28 0a 35 0a 70 0a 97 0a a1 0a a8 0a b2 0a b4 0a b8 0a bc 0a c0 0a c4 0a cd 0a e3 0a e7 0a f1 0a f7 0a 98 0b 9a 0b f1 0b f3 0b 4a 0c 4c 0c a3 0c a5 0c fc 0c fe 0c
        Stream Path: \x18496\x15511\x16911\x17892\x17784\x15976\x17589\x17959\x17894, File Type: data, Stream Size: 44
        General
        Stream Path:\x18496\x15511\x16911\x17892\x17784\x15976\x17589\x17959\x17894
        File Type:data
        Stream Size:44
        Entropy:3.26209211209
        Base64 Encoded:False
        Data ASCII:. . . . . . . . Y b . . . . ! 9 ! . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:0e 03 14 03 ca 06 f9 1f 59 20 62 20 85 20 94 20 e9 20 02 21 39 21 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06
        Stream Path: \x18496\x15511\x17165\x16949\x17894\x17778\x15996\x17589\x17959\x17894, File Type: data, Stream Size: 176
        General
        Stream Path:\x18496\x15511\x17165\x16949\x17894\x17778\x15996\x17589\x17959\x17894
        File Type:data
        Stream Size:176
        Entropy:3.66880272586
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . [ d e g h . . . . . . . . . . . . . . . . . ! . ! . ! . ! . ! . ! . ! . ! . ! ; ! < ! > ! ? ! @ ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:e8 03 a9 06 d4 1e f5 1f fb 1f fd 1f 01 20 02 20 03 20 5b 20 64 20 65 20 67 20 68 20 87 20 88 20 96 20 97 20 99 20 9a 20 9c 20 9e 20 a3 20 a4 20 a7 20 eb 20 ec 20 ee 20 ef 20 f0 20 03 21 04 21 06 21 07 21 09 21 0b 21 0d 21 0e 21 10 21 3b 21 3c 21 3e 21 3f 21 40 21 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06
        Stream Path: \x18496\x15511\x17548\x17648\x17522\x17512\x15159\x17842\x18487, File Type: data, Stream Size: 1540
        General
        Stream Path:\x18496\x15511\x17548\x17648\x17522\x17512\x15159\x17842\x18487
        File Type:data
        Stream Size:1540
        Entropy:2.9832802467
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . ' . + . / . 3 . 7 . ; . ? . C . G . K . O . S . W . [ . _ . c . g . k . o . s . w . { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ] j n s t u v . . . . . . . . ! . ! # ! ) ! B ! G ! W ! Y ! ] ! b ! e ! i ! n ! s ! x ! } ! . . . . . . . . C . . . > . . . . . . . V . . . . . . . . . . . . . . .
        Data Raw:c9 1e cf 1e d7 1e dc 1e e2 1e e8 1e ee 1e f2 1e f7 1e fb 1e ff 1e 03 1f 07 1f 0b 1f 0f 1f 13 1f 17 1f 1b 1f 1f 1f 23 1f 27 1f 2b 1f 2f 1f 33 1f 37 1f 3b 1f 3f 1f 43 1f 47 1f 4b 1f 4f 1f 53 1f 57 1f 5b 1f 5f 1f 63 1f 67 1f 6b 1f 6f 1f 73 1f 77 1f 7b 1f 7f 1f 83 1f 87 1f 8b 1f 8f 1f 93 1f 97 1f 9b 1f 9f 1f a3 1f a7 1f ab 1f af 1f b3 1f b7 1f bb 1f bf 1f c3 1f c7 1f cb 1f cf 1f d3 1f
        Stream Path: \x18496\x15511\x17630\x17770\x16868\x15976\x17589\x17959\x17894, File Type: data, Stream Size: 40
        General
        Stream Path:\x18496\x15511\x17630\x17770\x16868\x15976\x17589\x17959\x17894
        File Type:data
        Stream Size:40
        Entropy:3.31017198708
        Base64 Encoded:False
        Data ASCII:E . E . . . . . . . ? . ? . . . . . . . . . . . . . . . . . . . , . L . k . a .
        Data Raw:45 04 45 04 d3 06 d3 06 00 00 3f 04 3f 04 00 00 00 00 00 00 05 06 00 80 02 00 00 80 c2 03 00 00 2c 02 4c 04 6b 02 61 02
        Stream Path: \x18496\x15511\x17753\x16882\x16824\x15991\x17764\x18487, File Type: data, Stream Size: 2
        General
        Stream Path:\x18496\x15511\x17753\x16882\x16824\x15991\x17764\x18487
        File Type:data
        Stream Size:2
        Entropy:1.0
        Base64 Encoded:False
        Data ASCII:. .
        Data Raw:d3 06
        Stream Path: \x18496\x15511\x17753\x17650\x17768\x18231\x17753\x16882\x16824\x18487, File Type: data, Stream Size: 124
        General
        Stream Path:\x18496\x15511\x17753\x17650\x17768\x18231\x17753\x16882\x16824\x18487
        File Type:data
        Stream Size:124
        Entropy:3.57192366301
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . - . 4 . ; . G . K . O . Q . S . U . W . Y . Z . a . r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:89 02 99 02 9b 02 b0 02 b4 02 ba 02 be 02 c0 02 c1 02 c6 02 d8 02 2d 04 34 04 3b 04 47 04 4b 04 4f 04 51 04 53 04 55 04 57 04 59 04 5a 04 61 04 72 04 a7 06 05 07 06 07 08 07 09 07 ea 1e d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06 d3 06
        Stream Path: \x18496\x15511\x17948\x17456\x17764\x15996\x17589\x17959\x17894, File Type: data, Stream Size: 54
        General
        Stream Path:\x18496\x15511\x17948\x17456\x17764\x15996\x17589\x17959\x17894
        File Type:data
        Stream Size:54
        Entropy:3.05953796473
        Base64 Encoded:False
        Data ASCII:. . . ! . ! ? . 6 . E . o . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . l 4 . . > . . . . . . .
        Data Raw:d3 06 83 21 82 21 3f 04 36 04 45 04 6f 06 00 14 19 80 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 80 81 21 01 80 00 80 6c 34 00 80 3e 00 00 80 00 00 00 00
        Stream Path: \x18496\x15518\x16925\x17915, File Type: data, Stream Size: 204
        General
        Stream Path:\x18496\x15518\x16925\x17915
        File Type:data
        Stream Size:204
        Entropy:4.75329472526
        Base64 Encoded:False
        Data ASCII:$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:24 01 e9 01 bd 04 be 04 bf 04 c0 04 c2 04 c4 04 c6 04 c8 04 ca 04 cc 04 ce 04 d0 04 d2 04 d4 04 d6 04 d8 04 da 04 dc 04 de 04 e0 04 e2 04 e4 04 e6 04 e8 04 ea 04 ec 04 ee 04 f0 04 f2 04 f4 04 f6 04 f8 04 fa 04 fc 04 fe 04 00 05 02 05 04 05 06 05 08 05 0a 05 0c 05 0e 05 10 05 12 05 14 05 16 05 18 05 19 05 d1 04 5d 03 00 00 be 04 bf 04 c0 04 c1 04 c3 04 c5 04 c7 04 c9 04 cb 04 cd 04
        Stream Path: \x18496\x15551\x17841\x16695\x17391\x16671\x17199\x16679\x16951, File Type: data, Stream Size: 408
        General
        Stream Path:\x18496\x15551\x17841\x16695\x17391\x16671\x17199\x16679\x16951
        File Type:data
        Stream Size:408
        Entropy:4.13556549238
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . ! . $ . % . . . 0 . 2 . 8 . : . < . A . I . K . N . Q . S . T . W . Z . ] . ` . c . e . h . k . m . p . s . x . z . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . & . , . / . 2 . 6 . 7 . 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:10 00 13 00 15 00 17 00 18 00 1b 00 1e 00 21 00 24 00 25 00 2e 00 30 00 32 00 38 00 3a 00 3c 00 41 00 49 00 4b 00 4e 00 51 00 53 00 54 00 57 00 5a 00 5d 00 60 00 63 00 65 00 68 00 6b 00 6d 00 70 00 73 00 78 00 7a 00 7d 00 7f 00 82 00 84 00 8b 00 8d 00 8f 00 91 00 93 00 97 00 99 00 9d 00 a0 00 a2 00 a4 00 a6 00 a8 00 aa 00 ab 00 ad 00 b0 00 b4 00 b5 00 b8 00 88 02 26 05 2c 05 2f 05
        Stream Path: \x18496\x15871\x15890\x17143\x17768\x16671\x17199\x16679\x17207\x17522\x16671\x17967\x17832, File Type: ISO-8859 text, with no line terminators, Stream Size: 2
        General
        Stream Path:\x18496\x15871\x15890\x17143\x17768\x16671\x17199\x16679\x17207\x17522\x16671\x17967\x17832
        File Type:ISO-8859 text, with no line terminators
        Stream Size:2
        Entropy:1.0
        Base64 Encoded:False
        Data ASCII:. .
        Data Raw:e7 07
        Stream Path: \x18496\x15871\x15954\x17892\x17835\x17548\x16935\x17753\x17650\x17768\x17207\x17832, File Type: data, Stream Size: 46
        General
        Stream Path:\x18496\x15871\x15954\x17892\x17835\x17548\x16935\x17753\x17650\x17768\x17207\x17832
        File Type:data
        Stream Size:46
        Entropy:3.34731205149
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:d6 06 d1 07 d2 07 d3 07 d4 07 d5 07 d6 07 d7 07 d8 07 d9 07 da 07 db 07 dc 07 dd 07 de 07 df 07 e0 07 e1 07 e2 07 e3 07 e4 07 e5 07 e6 07
        Stream Path: \x18496\x16127\x17704\x17208\x16949\x18471, File Type: data, Stream Size: 312
        General
        Stream Path:\x18496\x16127\x17704\x17208\x16949\x18471
        File Type:data
        Stream Size:312
        Entropy:3.94552184253
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ] . 7 . @ . F . $ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . < . = . > . ? . @ . A .
        Data Raw:c7 00 c7 00 c7 00 c7 00 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 bc 04 5d 02 37 04 40 04 46 04 24 01 bd 04 be 04 bf 04 c0 04 c2 04 cc 04 ce 04 d0 04 d4 04 d8 04 da 04 dc 04 e8 04 ec 04 ee 04 f0 04 f2 04 f6 04 fa 04 fc 04
        Stream Path: \x18496\x16191\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 800
        General
        Stream Path:\x18496\x16191\x17704\x16952\x16817\x18472
        File Type:data
        Stream Size:800
        Entropy:3.23219736164
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . $ . % . % . 0 . 8 . : . A . A . S . T . T . T . W . W . W . W . ] . ] . ` . c . c . c . c . h . h . h . k . m . p . p . s . s . x . x . x . x . x . z . z . } . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . O . . . 0 . . . . . T . . . . . . . . . . . . . T . 2 . 0 . . . 0 . . . . . . . 0 . . . . . . . . . . . 0 . . . Q .
        Data Raw:10 00 13 00 15 00 15 00 15 00 17 00 17 00 18 00 18 00 18 00 18 00 18 00 18 00 1b 00 1b 00 1e 00 1e 00 1e 00 21 00 24 00 25 00 25 00 30 00 38 00 3a 00 41 00 41 00 53 00 54 00 54 00 54 00 57 00 57 00 57 00 57 00 5d 00 5d 00 60 00 63 00 63 00 63 00 63 00 68 00 68 00 68 00 6b 00 6d 00 70 00 70 00 73 00 73 00 78 00 78 00 78 00 78 00 78 00 7a 00 7a 00 7d 00 7d 00 82 00 82 00 82 00 82 00
        Stream Path: \x18496\x16191\x17783\x17516\x15210\x17892\x18468, File Type: Non-ISO extended-ASCII text, with very long lines, Stream Size: 243712
        General
        Stream Path:\x18496\x16191\x17783\x17516\x15210\x17892\x18468
        File Type:Non-ISO extended-ASCII text, with very long lines
        Stream Size:243712
        Entropy:5.57613254473
        Base64 Encoded:True
        Data ASCII:N a m e T a b l e A R P S Y S T E M C O M P O N E N T T y p e A c t i o n T e x t A c t i o n D e s c r i p t i o n T e m p l a t e A p p I d : [ 1 ] { { , A p p T y p e : [ 2 ] } } A d v e r t i s e E v a l u a t i n g l a u n c h c o n d i t i o n s . . . U n r e g i s t e r i n g C O M + A p p l i c a t i o n s a n d C o m p o n e n t s A l l o c a t e R e g i s t r y S p a c e V a l i d a t i n g i n s t a l l . . . U n r e g i s t e r c l a s s s e r v e r s . . . A p p S e a r
        Data Raw:4e 61 6d 65 54 61 62 6c 65 41 52 50 53 59 53 54 45 4d 43 4f 4d 50 4f 4e 45 4e 54 54 79 70 65 41 63 74 69 6f 6e 54 65 78 74 41 63 74 69 6f 6e 44 65 73 63 72 69 70 74 69 6f 6e 54 65 6d 70 6c 61 74 65 41 70 70 49 64 3a 20 5b 31 5d 7b 7b 2c 20 41 70 70 54 79 70 65 3a 20 5b 32 5d 7d 7d 41 64 76 65 72 74 69 73 65 45 76 61 6c 75 61 74 69 6e 67 20 6c 61 75 6e 63 68 20 63 6f 6e 64 69 74 69
        Stream Path: \x18496\x16191\x17783\x17516\x15978\x17586\x18479, File Type: data, Stream Size: 34320
        General
        Stream Path:\x18496\x16191\x17783\x17516\x15978\x17586\x18479
        File Type:data
        Stream Size:34320
        Entropy:3.46717950909
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . 7 . . . . . . . " . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . $ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . ! . . . . . . . ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:00 00 00 00 04 00 1c 00 05 00 09 00 12 00 01 00 04 00 37 00 0a 00 0d 00 06 00 22 00 0b 00 22 00 08 00 07 00 1c 00 01 00 09 00 03 00 1f 00 01 00 2e 00 01 00 15 00 03 00 15 00 01 00 1b 00 01 00 09 00 0d 00 1b 00 01 00 23 00 01 00 09 00 09 00 11 00 01 00 09 00 0c 00 0b 00 01 00 0c 00 0e 00 0e 00 14 00 0e 00 01 00 10 00 01 00 0d 00 05 00 22 00 01 00 20 00 01 00 0f 00 09 00 14 00 01 00
        Stream Path: \x18496\x16255\x16740\x16943\x18486, File Type: data, Stream Size: 248
        General
        Stream Path:\x18496\x16255\x16740\x16943\x18486
        File Type:data
        Stream Size:248
        Entropy:5.66542121485
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . _ . u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . & . b . e . z . | . } . ~ . . . . . . . . . . . . . . . . . . . . . . . . . # . : . K . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 . ; . R . d . i . . . . . . . . . . . . . . . . . . . . . . . . . . . ' 7 . .
        Data Raw:05 00 10 00 13 00 15 00 b1 00 b2 00 b6 00 be 00 bf 00 c0 00 c7 00 c9 00 d1 00 d4 00 e5 00 fd 00 08 01 0a 01 0c 01 0e 01 12 01 7f 01 9d 01 5f 02 75 02 c2 02 c3 02 cf 02 e0 02 18 03 1b 03 1f 03 20 03 c5 03 d2 03 d5 03 d8 03 d9 03 de 03 e0 03 e4 03 e6 03 ef 03 f4 03 f7 03 f8 03 fa 03 ff 03 02 04 08 04 0c 04 0f 04 13 04 15 04 19 04 1c 04 1e 04 20 04 23 04 26 04 62 04 65 04 7a 04 7c 04
        Stream Path: \x18496\x16383\x17380\x16876\x17892\x17580\x18481, File Type: data, Stream Size: 17400
        General
        Stream Path:\x18496\x16383\x17380\x16876\x17892\x17580\x18481
        File Type:data
        Stream Size:17400
        Entropy:3.07519259209
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . _ . _ . _ . _ . u . u . u . u . u . u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:05 00 05 00 05 00 10 00 10 00 13 00 13 00 15 00 b1 00 b1 00 b1 00 b2 00 b2 00 b2 00 b6 00 b6 00 b6 00 be 00 be 00 be 00 bf 00 bf 00 bf 00 c0 00 c0 00 c0 00 c0 00 c0 00 c0 00 c0 00 c7 00 c7 00 c9 00 c9 00 c9 00 c9 00 c9 00 c9 00 c9 00 c9 00 c9 00 d1 00 d1 00 d1 00 d1 00 d4 00 d4 00 e5 00 e5 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 fd 00 08 01 08 01
        Stream Path: \x18496\x16667\x17191\x15090\x17912\x17591\x18481, File Type: data, Stream Size: 288
        General
        Stream Path:\x18496\x16667\x17191\x15090\x17912\x17591\x18481
        File Type:data
        Stream Size:288
        Entropy:4.13420472635
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . - . - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . R . T . 5 . u . . . x . . . . . . . . . T . R . + . l . 3 . o . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . < . s . . . . . . . < . s . . . . . . . . . . . n . . . . . 9 . 9 . 9 . . . . . 9 . 9 . 9 . . . . . . . . . | . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . h . i . M . s . t . w . y . v . p . q . f . g . j . k . m . n .
        Data Raw:0a 00 0a 00 ca 01 ca 01 ca 01 89 02 89 02 99 02 99 02 99 02 b4 02 b4 02 c0 02 c0 02 2d 04 2d 04 01 80 02 80 01 80 02 80 03 80 06 80 07 80 01 80 02 80 03 80 01 80 02 80 04 80 05 80 01 80 02 80 52 01 54 01 35 04 75 04 9a 02 78 04 bf 02 dc 00 d7 00 d8 00 54 01 52 01 2b 04 6c 04 33 04 6f 04 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 0a 80 0a 80
        Stream Path: \x18496\x16778\x17207\x17522\x16925\x17915, File Type: data, Stream Size: 426
        General
        Stream Path:\x18496\x16778\x17207\x17522\x16925\x17915
        File Type:data
        Stream Size:426
        Entropy:4.43042532912
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . ! . $ . % . ( . . . 0 . 2 . 3 . 8 . : . ; . < . ? . @ . A . D . F . I . K . N . Q . S . T . W . Z . ] . ` . c . e . h . k . m . p . s . v . x . z . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { . i . a . [ . # . . . . . t . . . U . L . . . . . . . . . G . B . " . , . = . . . 9 . . . . . > . r . . . . . . . . . . . . . . . [ . . . . . . . . . | . w . u . l . g . d . _ . Y . . . R . P . J . H . C . 7 . 1 . / . * .
        Data Raw:0a 00 0d 00 10 00 13 00 15 00 16 00 17 00 18 00 19 00 1a 00 1b 00 1e 00 21 00 24 00 25 00 28 00 2e 00 30 00 32 00 33 00 38 00 3a 00 3b 00 3c 00 3f 00 40 00 41 00 44 00 46 00 49 00 4b 00 4e 00 51 00 53 00 54 00 57 00 5a 00 5d 00 60 00 63 00 65 00 68 00 6b 00 6d 00 70 00 73 00 76 00 78 00 7a 00 7d 00 7f 00 82 00 84 00 8b 00 8d 00 8f 00 91 00 93 00 97 00 99 00 9d 00 a0 00 a2 00 a4 00
        Stream Path: \x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 138
        General
        Stream Path:\x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934
        File Type:data
        Stream Size:138
        Entropy:4.38193117361
        Base64 Encoded:False
        Data ASCII:. . . . % . . . 0 . : . < . . . . . . . . . . . . . . . . . . . [ . . . . ! . ! @ ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . < . . . x . d . . . . . . . . . e . . . f . . . . . . . . . . . . . . . . . . .
        Data Raw:17 00 18 00 25 00 2e 00 30 00 3a 00 3c 00 b4 00 b5 00 de 06 e0 06 e2 06 e4 06 e6 06 e8 06 fd 1f 5b 20 96 20 97 20 f0 20 03 21 04 21 40 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dd 06 df 06 e1 06 e7 06 e5 06 e1 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 83 20 83 84 83 3c 8f a0 8f 78 85 64 80 c8 99 dc 85 07 80 08 80 65 80 e9 83 66 80 ea 83 06 80 05 80 04 80
        Stream Path: \x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 138
        General
        Stream Path:\x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472
        File Type:data
        Stream Size:138
        Entropy:4.19039290737
        Base64 Encoded:False
        Data ASCII:. . . . % . < . . . . . . . . . . . . . . . . . . . . . . . . . [ . . . . ! . ! @ ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:17 00 18 00 25 00 3c 00 b7 00 b8 00 b9 00 ba 00 bb 00 bc 00 bd 00 de 06 e0 06 e2 06 e4 06 fd 1f 5b 20 96 20 97 20 f0 20 03 21 04 21 40 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dd 06 df 06 e1 06 e3 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 83 20 83 84 83 64 80 ce 84 14 85 ff 7f fd 7f 00 85 8c 80 fe 7f 07 80 08 80 8d 80 e9 83 06 80 05 80 04 80
        Stream Path: \x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 132
        General
        Stream Path:\x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472
        File Type:data
        Stream Size:132
        Entropy:3.9311347035
        Base64 Encoded:False
        Data ASCII:. . . . . . : . D . N . Q . S . W . ] . c . h . . . . . . . [ . . . . ! . ! @ ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . j . 8 . . . . . . . \\ . $ . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:17 00 18 00 1e 00 3a 00 44 00 4e 00 51 00 53 00 57 00 5d 00 63 00 68 00 b4 00 b5 00 fd 1f 5b 20 96 20 97 20 f0 20 03 21 04 21 40 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 83 20 83 94 91 78 85 6a 98 38 98 9c 98 00 99 f8 91 5c 92 24 93 c0 92 c8 99 dc 85 06 80 05 80 04 80 04 80 03 80 02 80
        Stream Path: \x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486, File Type: data, Stream Size: 440
        General
        Stream Path:\x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486
        File Type:data
        Stream Size:440
        Entropy:4.52237914897
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y Y Y Y Y Y b . . . . . . . . . . . ! . ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03
        Stream Path: \x18496\x16911\x17892\x17784\x18472, File Type: data, Stream Size: 176
        General
        Stream Path:\x18496\x16911\x17892\x17784\x18472
        File Type:data
        Stream Size:176
        Entropy:4.1802723001
        Base64 Encoded:False
        Data ASCII:. . . . . . . . Y b . . . . ! 9 ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . ! 8 ! P ! 6 . . . . . . . a . . . . ! 8 ! P ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:0e 03 14 03 ca 06 f9 1f 59 20 62 20 85 20 94 20 e9 20 02 21 39 21 00 00 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 0e 03 c9 06 d8 06 f8 1f fc 1f 61 20 84 20 93 20 e8 20 01 21 38 21 50 21 36 04 d8 06 f8 1f fc 1f 61 20 84 20 93 20 e8 20 01 21 38 21 50 21 02 80 04 80 04 80 04 80 04 80 04 80 04 80 04 80 04 80 04 80 04 80 0a 80 0a 80 0a 80 0a 80 0a 80 0a 80 0a 80 0a 80 0a 80
        Stream Path: \x18496\x16918\x17191\x18468, File Type: MIPSEB Ucode, Stream Size: 12
        General
        Stream Path:\x18496\x16918\x17191\x18468
        File Type:MIPSEB Ucode
        Stream Size:12
        Entropy:2.12581458369
        Base64 Encoded:False
        Data ASCII:. . > . . . . . . . . .
        Data Raw:01 80 3e 80 00 00 c3 03 00 00 00 00
        Stream Path: \x18496\x16923\x17194\x17910\x18229, File Type: data, Stream Size: 1152
        General
        Stream Path:\x18496\x16923\x17194\x17910\x18229
        File Type:data
        Stream Size:1152
        Entropy:4.98904233646
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . % . ) . - . 1 . 5 . 9 . = . A . E . I . M . Q . U . Y . ] . a . e . i . m . q . u . y . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . L P S U V W x z | ~ . . . . - ! 0 ! 2 ! L ! Q ! [ ! ` ! c ! g ! l ! q ! v ! { ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:c5 06 ce 06 d0 06 ec 1e f0 1e f5 1e f9 1e fd 1e 01 1f 05 1f 09 1f 0d 1f 11 1f 15 1f 19 1f 1d 1f 21 1f 25 1f 29 1f 2d 1f 31 1f 35 1f 39 1f 3d 1f 41 1f 45 1f 49 1f 4d 1f 51 1f 55 1f 59 1f 5d 1f 61 1f 65 1f 69 1f 6d 1f 71 1f 75 1f 79 1f 7d 1f 81 1f 85 1f 89 1f 8d 1f 91 1f 95 1f 99 1f 9d 1f a1 1f a5 1f a9 1f ad 1f b1 1f b5 1f b9 1f bd 1f c1 1f c5 1f c9 1f cd 1f d1 1f d5 1f d9 1f dd 1f
        Stream Path: \x18496\x16925\x17915\x17884\x17404\x18472, File Type: data, Stream Size: 216
        General
        Stream Path:\x18496\x16925\x17915\x17884\x17404\x18472
        File Type:data
        Stream Size:216
        Entropy:3.44794856007
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:2e 04 a4 04 a5 04 a6 04 a7 04 a8 04 a9 04 aa 04 ac 04 ae 04 af 04 b0 04 b2 04 b3 04 b5 04 b6 04 b8 04 b9 04 a3 04 a3 04 a3 04 a3 04 a3 04 a3 04 a3 04 a3 04 ab 04 ad 04 ad 04 ad 04 b1 04 b1 04 b4 04 b4 04 b7 04 b4 04 0a 80 0c 80 0d 80 0e 80 0e 80 08 80 09 80 0a 80 0c 80 0a 80 08 80 08 80 0a 80 0f 80 09 80 0c 80 0a 80 10 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 80
        Stream Path: \x18496\x17100\x16808\x15086\x18162, File Type: data, Stream Size: 44
        General
        Stream Path:\x18496\x17100\x16808\x15086\x18162
        File Type:data
        Stream Size:44
        Entropy:3.53419019238
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:ea 00 ec 00 ee 00 f0 00 f4 00 f6 00 fa 00 fc 00 9b 02 c1 02 ea 1e e9 00 eb 00 ed 00 ef 00 f3 00 f5 00 f9 00 fb 00 f7 00 f1 00 e7 00
        Stream Path: \x18496\x17116\x17778\x16823\x17912, File Type: data, Stream Size: 24
        General
        Stream Path:\x18496\x17116\x17778\x16823\x17912
        File Type:data
        Stream Size:24
        Entropy:3.00270548193
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:f7 1f f5 1f f6 1f e8 1e 0e 03 00 00 00 00 00 00 00 00 00 00 01 80 a9 06
        Stream Path: \x18496\x17163\x16689\x18229, File Type: data, Stream Size: 68
        General
        Stream Path:\x18496\x17163\x16689\x18229
        File Type:data
        Stream Size:68
        Entropy:2.8713806917
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . V ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:d6 00 d7 00 d8 00 d9 00 da 00 db 00 dc 00 dd 00 de 00 df 00 e0 00 e1 00 e2 00 f5 06 f6 06 ab 20 56 21 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00
        Stream Path: \x18496\x17165\x16949\x17894\x17778\x18492, File Type: SVr3 curses screen image, little-endian, Stream Size: 420
        General
        Stream Path:\x18496\x17165\x16949\x17894\x17778\x18492
        File Type:SVr3 curses screen image, little-endian
        Stream Size:420
        Entropy:5.2336859198
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [ d e g h . . . . . . . . . . . . . . . . . ! . ! . ! . ! . ! . ! . ! . ! . ! ; ! < ! > ! ? ! @ ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . d ` . g . . . . . . . . . . . . . . . . . . . . . . !
        Data Raw:1c 01 e4 02 e6 02 e8 02 ea 02 ec 02 ee 02 f0 02 f2 02 f4 02 f5 02 f7 02 f9 02 fb 02 fd 02 ff 02 01 03 03 03 05 03 07 03 09 03 0b 03 0d 03 10 03 12 03 16 03 e8 03 a9 06 d4 1e f5 1f fb 1f fd 1f 01 20 02 20 03 20 5b 20 64 20 65 20 67 20 68 20 87 20 88 20 96 20 97 20 99 20 9a 20 9c 20 9e 20 a3 20 a4 20 a7 20 eb 20 ec 20 ee 20 ef 20 f0 20 03 21 04 21 06 21 07 21 09 21 0b 21 0d 21 0e 21
        Stream Path: \x18496\x17165\x17380\x17074, File Type: data, Stream Size: 682
        General
        Stream Path:\x18496\x17165\x17380\x17074
        File Type:data
        Stream Size:682
        Entropy:4.38587258261
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . 1 . < . G . P . Y . ] . w . . . . . . . . . . . . . . . . . . . . . % . 0 . B . S . Y . \\ . 2 . 2 . ( . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . ( . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . . . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . w . w . . . w . x . . . . . \\ . \\ . w . . . . . b . , . w . w . w . w . w . b . w . w . A . w . w . w . w . w . w . . . w . . . . . Q . . .
        Data Raw:b7 00 b9 00 ba 00 bb 00 bc 00 bd 00 19 01 1a 01 31 01 3c 01 47 01 50 01 59 01 5d 01 77 01 85 01 97 01 ae 01 bc 01 d1 01 d4 01 ea 01 f2 01 00 02 07 02 25 02 30 02 42 02 53 02 59 02 5c 02 32 80 32 80 28 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80
        Stream Path: \x18496\x17167\x16943, File Type: data, Stream Size: 1116
        General
        Stream Path:\x18496\x17167\x16943
        File Type:data
        Stream Size:1116
        Entropy:5.09505485134
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . ! ] k o r . . . . . . . . . . . . . . . . . . . ! . ! . ! . ! . ! . ! . ! ! ! ! " ! $ ! % ! & ! ' ! * ! , ! C ! E ! H ! J ! X ! . . . . . . . . . . . . . . . . . . . . . . . . . . . ] j n j . . . . . . . . . . . . . . . . . . . ! . ! . ! . ! . ! . ! . ! . ! . ! . ! # ! # ! # ! # ! ) ! ) ! B ! B ! G ! G ! W ! . . . . . . . .
        Data Raw:ca 1e d0 1e d8 1e dd 1e e3 1e e9 1e 08 20 0a 20 0c 20 0e 20 10 20 12 20 14 20 17 20 19 20 1b 20 1d 20 1f 20 21 20 5d 20 6b 20 6f 20 72 20 8c 20 af 20 b1 20 b3 20 b5 20 b7 20 b9 20 ba 20 bb 20 bd 20 be 20 bf 20 c2 20 c4 20 f3 20 f5 20 f8 20 fa 20 13 21 15 21 17 21 19 21 1b 21 1d 21 1f 21 20 21 21 21 22 21 24 21 25 21 26 21 27 21 2a 21 2c 21 43 21 45 21 48 21 4a 21 58 21 c9 1e cf 1e
        Stream Path: \x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 576
        General
        Stream Path:\x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934
        File Type:data
        Stream Size:576
        Entropy:5.35218711285
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . ! . $ . % . ( . 0 . 2 . 8 . : . < . ? . A . D . F . I . K . N . Q . S . T . W . Z . ] . ` . c . e . h . k . m . p . s . v . x . z . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [ . . . . . ! . ! @ ! S ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:0d 00 10 00 13 00 15 00 17 00 18 00 1b 00 1e 00 21 00 24 00 25 00 28 00 30 00 32 00 38 00 3a 00 3c 00 3f 00 41 00 44 00 46 00 49 00 4b 00 4e 00 51 00 53 00 54 00 57 00 5a 00 5d 00 60 00 63 00 65 00 68 00 6b 00 6d 00 70 00 73 00 76 00 78 00 7a 00 7d 00 7f 00 82 00 84 00 8b 00 8d 00 8f 00 91 00 93 00 97 00 99 00 9d 00 a0 00 a2 00 a4 00 a6 00 a8 00 aa 00 ab 00 ad 00 b0 00 b4 00 b5 00
        Stream Path: \x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 246
        General
        Stream Path:\x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472
        File Type:data
        Stream Size:246
        Entropy:5.25633664673
        Base64 Encoded:False
        Data ASCII:. . . . . . . . % . ( . < . ? . T . . . . . . . . . . . . . G . . . . . S . \\ . . . . . . . " . 6 . . . . . . . . . . . . . . . . . [ . . . . ! . ! @ ! S ! . . . . . . . . . . . . . . . . . . . . a . a . a . a . a . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . d . . . X . . . . . . . . . . . . . & . . . . . . . . . . . 3 . . . 2 . . . 4 . 5 . . . . . . . . . ^ . . . . . . . . . . . . . . . . . 6 .
        Data Raw:10 00 15 00 17 00 18 00 25 00 28 00 3c 00 3f 00 54 00 b8 00 b9 00 ba 00 bb 00 bc 00 bd 00 47 01 d4 01 00 02 53 02 5c 02 88 02 cc 02 ea 03 22 05 36 05 de 06 e0 06 e2 06 e4 06 ea 06 ec 06 cb 1e fd 1f 5b 20 96 20 97 20 f0 20 03 21 04 21 40 21 53 21 00 00 e7 03 00 00 00 00 00 00 00 00 00 00 00 00 e7 03 00 00 61 02 61 02 61 02 61 02 61 02 f0 03 f1 03 f2 03 f3 03 a4 02 00 00 ee 03 00 00
        Stream Path: \x18496\x17548\x17648\x17522\x17512\x18487, File Type: data, Stream Size: 1320
        General
        Stream Path:\x18496\x17548\x17648\x17522\x17512\x18487
        File Type:data
        Stream Size:1320
        Entropy:5.14720197696
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . ' . + . / . 3 . 7 . ; . ? . C . G . K . O . S . W . [ . _ . c . g . k . o . s . w . { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ] j n s t u v . . . . . . . . ! . ! # ! ) ! B ! G ! W ! Y ! ] ! b ! e ! i ! n ! s ! x ! } ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:c9 1e cf 1e d7 1e dc 1e e2 1e e8 1e ee 1e f2 1e f7 1e fb 1e ff 1e 03 1f 07 1f 0b 1f 0f 1f 13 1f 17 1f 1b 1f 1f 1f 23 1f 27 1f 2b 1f 2f 1f 33 1f 37 1f 3b 1f 3f 1f 43 1f 47 1f 4b 1f 4f 1f 53 1f 57 1f 5b 1f 5f 1f 63 1f 67 1f 6b 1f 6f 1f 73 1f 77 1f 7b 1f 7f 1f 83 1f 87 1f 8b 1f 8f 1f 93 1f 97 1f 9b 1f 9f 1f a3 1f a7 1f ab 1f af 1f b3 1f b7 1f bb 1f bf 1f c3 1f c7 1f cb 1f cf 1f d3 1f
        Stream Path: \x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522, File Type: data, Stream Size: 232
        General
        Stream Path:\x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522
        File Type:data
        Stream Size:232
        Entropy:4.05910717547
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . 0 . 0 . 0 . B . B . B . B . . . . . o . r . . . . . . . . . . . / . / . / . . . . . . . . . . . 1 . . . . . . . 7 . 9 . ; . = . . . . . . . I . d . b . b . d . d . d . b . d . d . b . h . j . b . d . n . d . n . d . d . d . d . d . d . d . d . d . d . d . d . c . a . a . e . c . e . k . f . f . . . i . i . k . l . m . m . l . o . o . o . o . p . q . m . r . s . s . t . t .
        Data Raw:b9 00 b9 00 b9 00 b9 00 bb 00 bb 00 bc 00 85 01 85 01 ae 01 ae 01 ae 01 bc 01 00 02 00 02 00 02 00 02 07 02 07 02 07 02 07 02 30 02 30 02 30 02 30 02 42 02 42 02 42 02 42 02 d0 00 18 01 6f 01 72 01 e6 01 e8 01 19 01 8c 01 94 01 2f 01 2f 01 2f 01 19 01 d0 00 d0 00 cc 01 cc 01 31 01 11 02 13 02 15 02 37 02 39 02 3b 02 3d 02 8c 01 94 01 a6 01 49 02 64 02 62 02 62 02 64 02 64 02 64 02
        Stream Path: \x18496\x17548\x17905\x17589\x15279\x16953\x17905, File Type: data, Stream Size: 1692
        General
        Stream Path:\x18496\x17548\x17905\x17589\x15279\x16953\x17905
        File Type:data
        Stream Size:1692
        Entropy:4.53518439019
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . 1 . 1 . 1 . 1 . 1 . 1 . < . < . < . G . G . P . Y . ] . ] . ] . ] . ] . ] . ] . w . w . w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % . % . % . % . % . % . % . % . % . % . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . B . B . B . B . B . B . B . B .
        Data Raw:b7 00 b7 00 b7 00 b7 00 b9 00 b9 00 b9 00 ba 00 bb 00 bc 00 bd 00 19 01 19 01 1a 01 1a 01 1a 01 1a 01 1a 01 1a 01 31 01 31 01 31 01 31 01 31 01 31 01 31 01 3c 01 3c 01 3c 01 47 01 47 01 50 01 59 01 5d 01 5d 01 5d 01 5d 01 5d 01 5d 01 5d 01 77 01 77 01 77 01 85 01 85 01 97 01 97 01 97 01 97 01 97 01 97 01 97 01 ae 01 ae 01 ae 01 ae 01 ae 01 bc 01 bc 01 bc 01 bc 01 bc 01 d1 01 d4 01
        Stream Path: \x18496\x17548\x17905\x17589\x18479, File Type: data, Stream Size: 7046
        General
        Stream Path:\x18496\x17548\x17905\x17589\x18479
        File Type:data
        Stream Size:7046
        Entropy:4.4115949714
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . 1 . 1 . 1 . 1 . 1 . 1 . 1 . 1 . < . < . < . < . < . < . < . G . G . G . G . G . G . P . P . Y . Y . Y . ] . ] . ] . ] . ] . ] . ] . ] . ] . w . w . w . w . w . w . w . w . w . w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:b7 00 b7 00 b7 00 b7 00 b7 00 b7 00 b7 00 b7 00 b7 00 b7 00 b7 00 b9 00 b9 00 b9 00 b9 00 b9 00 b9 00 b9 00 b9 00 ba 00 ba 00 bb 00 bb 00 bb 00 bb 00 bb 00 bb 00 bb 00 bb 00 bb 00 bb 00 bb 00 bb 00 bc 00 bc 00 bc 00 bc 00 bc 00 bd 00 bd 00 19 01 19 01 19 01 1a 01 1a 01 1a 01 1a 01 1a 01 1a 01 1a 01 1a 01 1a 01 31 01 31 01 31 01 31 01 31 01 31 01 31 01 31 01 31 01 3c 01 3c 01 3c 01
        Stream Path: \x18496\x17558\x17959\x16943\x16909\x16947\x16881\x17512\x18214, File Type: data, Stream Size: 110
        General
        Stream Path:\x18496\x17558\x17959\x16943\x16909\x16947\x16881\x17512\x18214
        File Type:data
        Stream Size:110
        Entropy:3.14753752399
        Base64 Encoded:False
        Data ASCII:. . . . G I I I I I ` . . . . . . . . . . . . . . . . . . . . . . . . G I ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F H _ . . . . . . . . . .
        Data Raw:fb 1f fb 1f 47 20 49 20 49 20 49 20 49 20 49 20 60 20 8f 20 91 20 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 47 20 49 20 60 20 dc 06 8e 20 8f 20 90 20 91 20 dc 06 8e 20 90 20 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 46 20 48 20 5f 20 00 00 8d 20 8d 20 8d 20 8d 20 00 00 8d 20 8d 20
        Stream Path: \x18496\x17558\x17959\x16943\x17180\x17514\x17892\x17784\x18472, File Type: data, Stream Size: 60
        General
        Stream Path:\x18496\x17558\x17959\x16943\x17180\x17514\x17892\x17784\x18472
        File Type:data
        Stream Size:60
        Entropy:3.71857116668
        Base64 Encoded:False
        Data ASCII:. . . . G I ` . . . . R ! . . . . . . . . . . . . . . . . . . . . . . . . . . H _ . . . . . .
        Data Raw:dc 06 fb 1f 47 20 49 20 60 20 8e 20 8f 20 90 20 91 20 52 21 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 db 06 fa 1f fa 1f 48 20 5f 20 8d 20 8d 20 8d 20 8d 20 ce 1b
        Stream Path: \x18496\x17558\x17959\x16943\x17548\x17648\x17522\x17512\x17847, File Type: data, Stream Size: 168
        General
        Stream Path:\x18496\x17558\x17959\x16943\x17548\x17648\x17522\x17512\x17847
        File Type:data
        Stream Size:168
        Entropy:3.82714059028
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . ] j n s t u v . . . . . . . . ! . ! # ! ) ! B ! G ! . . . . . . . . . . . . . . . . G ` ` ` ` ` ` I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:fb 1f 01 20 02 20 08 20 0a 20 0c 20 0e 20 16 20 5d 20 6a 20 6e 20 73 20 74 20 75 20 76 20 8b 20 ae 20 b0 20 bc 20 c1 20 f2 20 f7 20 12 21 14 21 23 21 29 21 42 21 47 21 fb 1f fb 1f fb 1f fb 1f fb 1f fb 1f fb 1f fb 1f 47 20 60 20 60 20 60 20 60 20 60 20 60 20 49 20 8e 20 8e 20 8e 20 8e 20 8f 20 8f 20 90 20 90 20 90 20 90 20 91 20 91 20 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80
        Stream Path: \x18496\x17630\x17770\x16868\x18472, File Type: data, Stream Size: 32
        General
        Stream Path:\x18496\x17630\x17770\x16868\x18472
        File Type:data
        Stream Size:32
        Entropy:2.88389509968
        Base64 Encoded:False
        Data ASCII:E . E . . . ? . ? . . . . . . . . . . . . . . . . . . . , . L .
        Data Raw:45 04 45 04 00 00 3f 04 3f 04 00 00 00 00 00 00 05 06 00 80 02 00 00 80 c2 03 00 00 2c 02 4c 04
        Stream Path: \x18496\x17742\x17589\x18485, File Type: data, Stream Size: 632
        General
        Stream Path:\x18496\x17742\x17589\x18485
        File Type:data
        Stream Size:632
        Entropy:5.68930638396
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . M . . . . . . . . . . . . . . . . . . . . . . . . ! . " . # . $ . % . & . ' . ( . ) . * . + . , . - . . . / . 0 . 1 . 2 . 3 . 4 . 5 . 6 . 7 . 8 . y . z . { . | . } . ~ . . . . . . . . . . . . . . . . . A . B . C . D . E . F . G . H . I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . m . n . o . p . q .
        Data Raw:00 80 01 80 02 80 03 80 04 80 05 80 06 80 07 80 08 80 09 80 0a 80 0b 80 0c 80 0d 80 0e 80 0f 80 10 80 11 80 12 80 13 80 14 80 15 80 16 80 17 80 20 80 21 80 4d 84 15 85 16 85 17 85 18 85 19 85 1a 85 1b 85 1c 85 1d 85 1e 85 1f 85 20 85 21 85 22 85 23 85 24 85 25 85 26 85 27 85 28 85 29 85 2a 85 2b 85 2c 85 2d 85 2e 85 2f 85 30 85 31 85 32 85 33 85 34 85 35 85 36 85 37 85 38 85 79 85
        Stream Path: \x18496\x17753\x17650\x17768\x18231, File Type: data, Stream Size: 240
        General
        Stream Path:\x18496\x17753\x17650\x17768\x18231
        File Type:data
        Stream Size:240
        Entropy:5.2387517132
        Base64 Encoded:False
        Data ASCII:. . ] . . . . . ] . f . . . . . . . . . . . . . . . . . . . . . . . " . . . . . ) . * . - . / . 0 . 2 . 4 . 7 . 9 . ; . = . > . @ . C . F . G . H . I . K . M . O . Q . S . U . W . Y . Z . ] . a . r . . . . . . . . . . . . . . . . . . . . ! a . ] . o . 5 . 6 . A . . . . . . . . . T . a . k . + . . . , . ^ . a . a . X . a . a . 3 . . . b . 1 . k . . . 8 . . . < . - . . . B . ? . J . . . . . N . E . P . R . T . V . X . a . k . \\ . . . ` . . . . . . . . . . . D . . . a . . . . .
        Data Raw:03 00 5d 01 b0 01 ca 01 5d 02 66 02 89 02 99 02 9b 02 b0 02 b4 02 ba 02 be 02 c0 02 c1 02 c6 02 d8 02 22 03 c1 03 05 04 29 04 2a 04 2d 04 2f 04 30 04 32 04 34 04 37 04 39 04 3b 04 3d 04 3e 04 40 04 43 04 46 04 47 04 48 04 49 04 4b 04 4d 04 4f 04 51 04 53 04 55 04 57 04 59 04 5a 04 5d 04 61 04 72 04 a7 06 05 07 06 07 08 07 09 07 c4 1e c6 1e c7 1e ea 1e 80 21 61 02 5d 01 6f 06 35 04
        Stream Path: \x18496\x17814\x15020\x17846\x17448\x17381\x15868\x17444\x18472, File Type: data, Stream Size: 120
        General
        Stream Path:\x18496\x17814\x15020\x17846\x17448\x17381\x15868\x17444\x18472
        File Type:data
        Stream Size:120
        Entropy:3.36075466277
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . ! . ! . ! . ! . ! B ! B ! B ! B ! B ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 ! . . . . N ! . . . .
        Data Raw:ae 20 ae 20 ae 20 ae 20 ae 20 f2 20 f2 20 f2 20 f2 20 f2 20 12 21 12 21 12 21 12 21 12 21 42 21 42 21 42 21 42 21 42 21 dd 20 de 20 e0 20 e2 20 e4 20 dd 20 de 20 e0 20 e2 20 e4 20 dd 20 de 20 e0 20 e2 20 e4 20 dd 20 de 20 e0 20 e2 20 e4 20 dc 20 ac 20 df 20 e1 20 e3 20 fe 20 ac 20 df 20 e1 20 ff 20 34 21 ac 20 df 20 e1 20 e3 20 4e 21 ac 20 df 20 e1 20 ff 20
        Stream Path: \x18496\x17814\x15020\x17846\x17448\x17381\x18492, File Type: data, Stream Size: 40
        General
        Stream Path:\x18496\x17814\x15020\x17846\x17448\x17381\x18492
        File Type:data
        Stream Size:40
        Entropy:3.54039997167
        Base64 Encoded:False
        Data ASCII:. . . ! B ! . . . . ! . . . ! C ! . . . . . . . . . . . . . . . .
        Data Raw:ae 20 f2 20 12 21 42 21 85 20 94 20 e9 20 02 21 b7 20 f3 20 1d 21 43 21 00 00 00 00 00 00 00 00 01 80 01 80 01 80 01 80
        Stream Path: \x18496\x17814\x15340\x17388\x15464\x17828\x18475, File Type: data, Stream Size: 380
        General
        Stream Path:\x18496\x17814\x15340\x17388\x15464\x17828\x18475
        File Type:data
        Stream Size:380
        Entropy:6.69567514216
        Base64 Encoded:False
        Data ASCII:. . k . . . . . . . . . ! . ! * ! , ! C ! E ! H ! J ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . u . " 2 . t . . 1 . . . . . . 3 Z . . . . . . 3 Z . x Q G L . . . . x Q G L . . . Z . . / . G . . Z . . / . G . . . + . . . . . . . + . . . . . . N p . . R . . . . . . . . . b . z E ' . . . b . z E ' . . . . . . ' j . . . . . . ' j . . Z } . - . . . . Z } . - . . . * . < . : [ / . * . < . : [ / . . . . . . 8 P H . . F o . . E . . W . . . . E . . W . .
        Data Raw:14 20 17 20 6b 20 b7 20 b9 20 c2 20 c4 20 f3 20 f5 20 f8 20 fa 20 1d 21 1f 21 2a 21 2c 21 43 21 45 21 48 21 4a 21 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 9d ff 1f 75 01 22 32 15 74 9c 90 31 c1 ed a8 e0 eb de 33 5a c1 ed a8 e0 eb de 33 5a cd 78 51 47 4c c3 90 04 cd 78 51 47 4c c3 90 04 5a b0 df 2f 91 47 a7 c4
        Stream Path: \x18496\x17814\x16172\x15119\x18187\x16691\x17846, File Type: data, Stream Size: 74
        General
        Stream Path:\x18496\x17814\x16172\x15119\x18187\x16691\x17846
        File Type:data
        Stream Size:74
        Entropy:3.94867882638
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . . . . . . . ! . ! . ! . ! . ! . ! . ! ! ! ! " ! $ ! % ! & ! ' ! * ! , ! C ! E ! H ! J !
        Data Raw:af 20 b1 20 b3 20 b5 20 b7 20 b9 20 ba 20 bb 20 bd 20 be 20 bf 20 c2 20 c4 20 f3 20 f5 20 f8 20 fa 20 13 21 15 21 17 21 19 21 1b 21 1d 21 1f 21 20 21 21 21 22 21 24 21 25 21 26 21 27 21 2a 21 2c 21 43 21 45 21 48 21 4a 21
        Stream Path: \x18496\x17932\x17910\x17458\x16778\x17207\x17522, File Type: data, Stream Size: 232
        General
        Stream Path:\x18496\x17932\x17910\x17458\x16778\x17207\x17522
        File Type:data
        Stream Size:232
        Entropy:4.99881829624
        Base64 Encoded:False
        Data ASCII:. . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [ . . . . . ! . ! @ ! S ! . . 3 . . . 3 . . . . . . . . . . . 3 . . . . . . . . . . . . . . . . . 3 . . . 3 . 3 . 3 . . . 3 . 3 . 3 . 3 . A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [ . . . . . ! . ! @ ! V ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E . . . . . . . . . . . U !
        Data Raw:c7 02 cc 02 ce 02 22 05 d2 06 de 06 e0 06 e2 06 e4 06 e6 06 e8 06 ea 06 ec 06 ee 06 f0 06 f2 06 f4 06 cb 1e fd 1f 05 20 5b 20 96 20 97 20 a9 20 f0 20 03 21 04 21 40 21 53 21 01 80 33 80 01 80 33 80 01 82 01 82 01 82 01 82 01 82 33 80 01 82 01 81 01 82 01 82 01 80 01 82 01 80 13 80 33 80 13 80 33 80 33 80 33 80 01 80 33 80 33 80 33 80 33 80 41 80 df 00 cb 02 ab 20 cb 02 df 00 f5 06
        Stream Path: \x18496\x17998\x17512\x15799\x17636\x17203\x17073, File Type: data, Stream Size: 120
        General
        Stream Path:\x18496\x17998\x17512\x15799\x17636\x17203\x17073
        File Type:data
        Stream Size:120
        Entropy:4.17229836916
        Base64 Encoded:False
        Data ASCII:. . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . / . Y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        Data Raw:bb 00 bb 00 bb 00 bb 00 bb 00 bc 00 31 01 07 02 07 02 07 02 07 02 07 02 07 02 07 02 07 02 05 00 d1 00 dc 01 df 01 e9 01 05 00 1e 01 2f 01 59 01 b5 01 06 02 0d 02 13 02 15 02 18 02 05 00 c9 03 dc 01 c9 03 e9 01 05 00 c7 03 cc 03 cc 03 cc 03 ca 03 cd 03 ce 03 d0 03 d1 03 d0 00 c8 03 d0 00 c8 03 e9 01 d0 00 c7 03 cb 03 cb 03 cb 03 d0 00 d0 00 d0 00 cf 03 d0 00
        Stream Path: \x18496\x18140\x15798\x17462\x16912\x15153\x17458\x17587\x16945\x17905\x18486, File Type: ISO-8859 text, with no line terminators, Stream Size: 24
        General
        Stream Path:\x18496\x18140\x15798\x17462\x16912\x15153\x17458\x17587\x16945\x17905\x18486
        File Type:ISO-8859 text, with no line terminators
        Stream Size:24
        Entropy:3.29248125036
        Base64 Encoded:False
        Data ASCII:. . . # ! ) ! G ! . . . 1 ! 3 ! M !
        Data Raw:bc 20 c1 20 f7 20 23 21 29 21 47 21 d7 20 d9 20 fd 20 31 21 33 21 4d 21

        Network Behavior

        No network behavior found

        Code Manipulations

        Statistics

        Behavior

        Click to jump to process

        System Behavior

        Analysis Process: msiexec.exe PID: 4752 Parent PID: 1560

        General

        Start time:08:37:50
        Start date:14/10/2021
        Path:C:\Windows\System32\msiexec.exe
        Wow64 process (32bit):false
        Commandline:'C:\Windows\System32\msiexec.exe' /i 'C:\Users\user\Desktop\CTS Graphic module for CID-Pro measurement files.msi'
        Imagebase:0x7ff69b980000
        File size:66048 bytes
        MD5 hash:4767B71A318E201188A0D0A420C8B608
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        Analysis Process: msiexec.exe PID: 2500 Parent PID: 556

        General

        Start time:08:37:51
        Start date:14/10/2021
        Path:C:\Windows\System32\msiexec.exe
        Wow64 process (32bit):false
        Commandline:C:\Windows\system32\msiexec.exe /V
        Imagebase:0x7ff69b980000
        File size:66048 bytes
        MD5 hash:4767B71A318E201188A0D0A420C8B608
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        Analysis Process: msiexec.exe PID: 6056 Parent PID: 2500

        General

        Start time:08:37:52
        Start date:14/10/2021
        Path:C:\Windows\SysWOW64\msiexec.exe
        Wow64 process (32bit):true
        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 92B7A03B753DE557328F7B181D3A0B3D C
        Imagebase:0x10000
        File size:59904 bytes
        MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        Analysis Process: msiexec.exe PID: 6300 Parent PID: 2500

        General

        Start time:08:38:06
        Start date:14/10/2021
        Path:C:\Windows\SysWOW64\msiexec.exe
        Wow64 process (32bit):true
        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding B258116E8C98C69587BFD784FAB73825
        Imagebase:0x10000
        File size:59904 bytes
        MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        Disassembly

        Code Analysis

        Reset < >