Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EMIESiteListManager.msi

Overview

General Information

Sample Name:EMIESiteListManager.msi
Analysis ID:651407
MD5:5a766bf2b4c5eea7fd8bc0dc0e83f5a3
SHA1:f6df037c3f59952e3ce3128cf4825944820134fd
SHA256:53e957ad72d1c96ad76d0f95f221f6bd3a5e05b716c2048b140a8e47743781e7
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:40%

Compliance

Score:61
Range:0 - 100

Signatures

Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Deletes files inside the Windows folder
Creates files inside the system directory
Binary contains a suspicious time stamp
Stores files to the Windows start menu directory
Checks for available system drives (often done to infect USB drives)
Found dropped PE file which has not been started or loaded

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 6468 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\EMIESiteListManager.msi" MD5: 4767B71A318E201188A0D0A420C8B608)
  • msiexec.exe (PID: 6532 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 5156 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 4B2D4FDED6AF48E1A8084D401C783CB7 C MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Compliance

barindex
PE / OLE file has a valid certificate
Source: EMIESiteListManager.msiStatic PE information: certificate valid
Binary contains paths to debug symbols
Source: Binary string: EMIESiteListManager.pdb source: EMIESiteListManager.exe.1.dr
Source: Binary string: C:\agent\_work\21\s\build\ship\x86\uica.pdb source: EMIESiteListManager.msi, MSI30D9.tmp.0.dr, 513d5d.msi.1.dr, 513d5f.msi.1.dr
Source: Binary string: EMIESiteListManager.pdbC source: EMIESiteListManager.exe.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: EMIESiteListManager.msiBinary or memory string: OriginalFilenameuica.dll\ vs EMIESiteListManager.msi
Source: EMIESiteListManager.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: EMIESiteListManager.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\513d5f.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\513d5d.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\EMIESiteListManager.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4B2D4FDED6AF48E1A8084D401C783CB7 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4B2D4FDED6AF48E1A8084D401C783CB7 CJump to behavior
Source: EMIESiteListManager.msiStatic file information: TRID: Microsoft Windows Installer (77509/1) 90.64%
Source: Enterprise Mode Site List Manager.lnk.1.drLNK file: ..\..\..\..\..\Windows\Installer\{6FE180F0-2BBC-4116-9AF2-4D0D91DF85D2}\emie.ico
Source: Enterprise Mode Site List Manager.lnk0.1.drLNK file: ..\..\..\Windows\Installer\{6FE180F0-2BBC-4116-9AF2-4D0D91DF85D2}\emie.ico
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Enterprise Mode Site List ManagerJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\Public\Desktop\Enterprise Mode Site List Manager.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI30D9.tmpJump to behavior
Source: classification engineClassification label: clean4.winMSI@4/24@0/0
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: initial sampleStatic PE information: Valid certificate with Microsoft Issuer
Source: EMIESiteListManager.msiStatic PE information: certificate valid
Source: Binary string: EMIESiteListManager.pdb source: EMIESiteListManager.exe.1.dr
Source: Binary string: C:\agent\_work\21\s\build\ship\x86\uica.pdb source: EMIESiteListManager.msi, MSI30D9.tmp.0.dr, 513d5d.msi.1.dr, 513d5f.msi.1.dr
Source: Binary string: EMIESiteListManager.pdbC source: EMIESiteListManager.exe.1.dr
Source: EMIESiteListManager.exe.1.drStatic PE information: 0xFE52AE51 [Wed Mar 18 14:57:21 2105 UTC]
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Enterprise Mode Site List Manager\EMIESiteListManager.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI30D9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enterprise Mode Site List Manager.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Enterprise Mode Site List Manager\EMIESiteListManager.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
1
Replication Through Removable Media		Windows Management Instrumentation1
DLL Side-Loading		1
Process Injection		12
Masquerading		OS Credential Dumping1
Process Discovery		1
Replication Through Removable Media		Data from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)1
Registry Run Keys / Startup Folder		1
Timestomp		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
DLL Side-Loading		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 651407 Sample: EMIESiteListManager.msi Startdate: 23/06/2022 Architecture: WINDOWS Score: 4 5 msiexec.exe 80 40 2->5         started        8 msiexec.exe 6 2->8         started        file3 12 C:\...MIESiteListManager.exe, PE32 5->12 dropped 10 msiexec.exe 5->10         started        14 C:\Users\user\AppData\Local\...\MSI30D9.tmp, PE32 8->14 dropped process4

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
EMIESiteListManager.msi0%MetadefenderBrowse
EMIESiteListManager.msi2%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Enterprise Mode Site List Manager\EMIESiteListManager.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI30D9.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSI30D9.tmp2%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:651407
Start date and time: 23/06/202222:29:002022-06-23 22:29:00 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 12s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:EMIESiteListManager.msi
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:26
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean4.winMSI@4/24@0/0
EGA Information:Failed
HDC Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .msi
  • Adjust boot time
  • Enable AMSI

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
  • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: EMIESiteListManager.msi

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Config.Msi\513d5e.rbs

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:modified
Size (bytes):7840
Entropy (8bit):5.572079880485364
Encrypted:false
SSDEEP:192:yLg4gSgcogEe+qgFgEAwwgSqgFgEAw0Gg1wA5gkp9z:yvOibiiQ
MD5:5B1D8A686595B4E3FB898ECC18141703
SHA1:A6FE01A9354C1719D06611DC707F4050C126B21F
SHA-256:5D4340E607F80B2A0AB9144CF71A50DFBA29B69F441033035C4A837B0DD180E7
SHA-512:E82A430B1C122AB82FC0309B05649F149E7FC68AD9F89FF95B375E5E9FBE3EDCC4C957C9BF8DEDBEF615E964A09FD807DA2B5BE7F8344EA9F71DBFF786374B8C
Malicious:false
Reputation:low
Preview:...@IXOS.@.....@..T.@.....@.....@.....@.....@.....@......&.{6FE180F0-2BBC-4116-9AF2-4D0D91DF85D2}!.Enterprise Mode Site List Manager..EMIESiteListManager.msi.@.....@.....@.....@......emie.ico..&.{F17300D2-411C-429C-8831-4A8B1C62CF4C}.....@.....@.....@.....@.......@.....@.....@.......@....!.Enterprise Mode Site List Manager......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{53359303-281E-4378-A3D4-3CB5BDF45DC5}&.{6FE180F0-2BBC-4116-9AF2-4D0D91DF85D2}.@......&.{1AD50E76-6B63-4C18-B130-D8DA99337D47}&.{6FE180F0-2BBC-4116-9AF2-4D0D91DF85D2}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..9.C:\Program Files (x86)\Enterprise Mode Site List Manager\....P.C:\Program Files (x86)\Enterprise Mode Site List Manager\EMIESiteListManager.exe....CreateShortcuts..Creating shortcuts..Shortcut: [1]....D.C:\Windows\Installer\{6FE180F0-2BBC-4116-9AF2-4D0D91DF85D2}\emie.ico.@.

C:\Program Files (x86)\Enterprise Mode Site List Manager\EMIESiteListManager.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):234432
Entropy (8bit):5.055513977776364
Encrypted:false
SSDEEP:3072:sfXSCsg9nNlu+7Wf6VfqBnJ/sEGC9PJ0LF+:IL9No+7ziBnJ/sEGCUL0
MD5:9CEF2CAB9E9CBFAD77045931FC36798D
SHA1:887E4B738C5AE7F2335743F5EC190C51FADAF390
SHA-256:456E295BA6B19270A0560D5BA4C1FFAEE7FD50ADDD74E81D793777D9B7BAE5F3
SHA-512:CDF2A441C8D601548A0DCF78287661A947C90A55F9B736BD8D8BFF7FBBE5D5842DC1FA69719943F9528708236FC467E315A4EA73EA17A5C111115A1E9BD32D9A
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.R..........."...0.............n.... ........@.. ...............................%....`.....................................O....................p...#..............8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...............................@..@.reloc...............n..............@..B................O.......H.......Hr..t.......).... .............................................>. 4......(....*2......o....*:........o....*.0..,........o....r...p $...........%...%....o....t....*&...o....*..(....*...0.............(x...s ......&....s....*.............$..."..s....*....0..1.................s!...s....(.....(....("....{.....o#...*..($.....(......(....(%.....(&....(....*....0...........('....((...6...('...()....(*....(+...6...(*...(,................(-...(....o/....+4.o0...........{......

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enterprise Mode Site List Manager.lnk

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows shortcut, Item id list present, Has Relative path, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:dropped
Size (bytes):2423
Entropy (8bit):2.3994993707916032
Encrypted:false
SSDEEP:48:8QNdXO3p5nuO3pvk5uO3pv6jQ2ZScgPWuO3pv:8QNg3p5Z3pc5Z3pixgPWZ3p
MD5:76A4382C3C9309D0F6630DE1A00F6041
SHA1:74F1A6E24C990194E6C581FEB8C7AD75EA34C2D9
SHA-256:646450EDC39607C854BE783F167533CA7F190DE552DA5234F5B94AD26CBB7123
SHA-512:FD498FDAB7C5394BD591A071615F29A1C5A5BE0A8C8AC1F56D89EA5C88FF0514DBC468C5CADB8D263B51C7D9C7DC022839A4393E98669ACD2407515BC50FDA6D
Malicious:false
Reputation:low
Preview:L..................F.P...........................................................P.O. .:i.....+00.../C:\...................V.1.....hT....Windows.@......L...T.+............................Z.W.i.n.d.o.w.s.....\.1......T.+..INSTAL~1..D......L..T.+..........................n...I.n.s.t.a.l.l.e.r.......1......T.+..{6FE18~1..~.......T.+.T.+..........................n...{.6.F.E.1.8.0.F.0.-.2.B.B.C.-.4.1.1.6.-.9.A.F.2.-.4.D.0.D.9.1.D.F.8.5.D.2.}.....Z.2......T.+!.emie.ico..B.......T.+.T.+....<......................a..e.m.i.e...i.c.o.......P.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.6.F.E.1.8.0.F.0.-.2.B.B.C.-.4.1.1.6.-.9.A.F.2.-.4.D.0.D.9.1.D.F.8.5.D.2.}.\.e.m.i.e...i.c.o.D.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.6.F.E.1.8.0.F.0.-.2.B.B.C.-.4.1.1.6.-.9.A.F.2.-.4.D.0.D.9.1.D.F.8.5.D.2.}.\.e.m.i.e...i.c.o.........@9OzKh~*w8fKO?'GZ9al>Gi3hB%$4c99{59cS.qLh............................................................................................................

C:\Users\Public\Desktop\Enterprise Mode Site List Manager.lnk

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows shortcut, Item id list present, Has Relative path, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:dropped
Size (bytes):2411
Entropy (8bit):2.3946967317840198
Encrypted:false
SSDEEP:48:8QNIXO3p51uO3pvk5uO3pv6jQ2ZScgPWuO3pv:8QNT3pLZ3pc5Z3pixgPWZ3p
MD5:B0D14B6DEAFB9CFCCF76ED9EF6F3CCDF
SHA1:572CF9F662B71BD00AD31D2218006270C794B9CC
SHA-256:BB2BF116D39E396A6DA2B91031780D238D9E439FA96F6597AF2A004E47E3574D
SHA-512:E44D24869EA4C2D49A5A25FF4BBCDD737DDD987070DECF5FDD45F039DF3FB3905CDD8FD3B024E3D6BA61F8580A22E10816157447056EB651BF3BE1048A6A8DD5
Malicious:false
Reputation:low
Preview:L..................F.P...........................................................P.O. .:i.....+00.../C:\...................V.1.....hT....Windows.@......L...T.+............................Z.W.i.n.d.o.w.s.....\.1......T.+..INSTAL~1..D......L..T.+............................I.n.s.t.a.l.l.e.r.......1......T.+..{6FE18~1..~.......T.+.T.+..........................n...{.6.F.E.1.8.0.F.0.-.2.B.B.C.-.4.1.1.6.-.9.A.F.2.-.4.D.0.D.9.1.D.F.8.5.D.2.}.....Z.2......T.+!.emie.ico..B.......T.+.T.+....<......................a..e.m.i.e...i.c.o.......J.....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.6.F.E.1.8.0.F.0.-.2.B.B.C.-.4.1.1.6.-.9.A.F.2.-.4.D.0.D.9.1.D.F.8.5.D.2.}.\.e.m.i.e...i.c.o.D.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.6.F.E.1.8.0.F.0.-.2.B.B.C.-.4.1.1.6.-.9.A.F.2.-.4.D.0.D.9.1.D.F.8.5.D.2.}.\.e.m.i.e...i.c.o.........@9OzKh~*w8fKO?'GZ9al>Gi3hB%$4c99{59cS.qLh........................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI30D9.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):108032
Entropy (8bit):6.520387807172719
Encrypted:false
SSDEEP:3072:BBaoJJ61aGkD3MQnGFRZAc7dofArPpxye:BrizkjQ7B
MD5:8FE31D869219C9DDDB449FAF45C8F4FC
SHA1:55DBBF0FFFA92C366E9C2068361E1567AD4E1D36
SHA-256:1D36FEB5636CDBA2762AA8007E64968726F6E7428F0168AAA7D01F7E55737F66
SHA-512:46632E90E37BB5ABEE22ABAEC9081197D1DA35B4FF1D3C277BB212CE70B5D33B62439B3E25E05184AF9739C601F2E12E6901D877867BF5363E19400ABC319687
Malicious:false
Antivirus:
  • Antivirus: Metadefender, Detection: 0%, Browse
  • Antivirus: ReversingLabs, Detection: 2%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......MVS..7=..7=..7=.....7=....~7=.....7=.CR>..7=.CR9..7=.CR8..7=..O...7=..7<..7=..Q8..7=..Q=..7=..Q..7=..7...7=..Q?..7=.Rich.7=.................PE..L.....Z...........!................/5....... ............................................@.........................p...\..............x...............................T...........................8...@............ ..(............................text............................... ..`.rdata...v... ...x..................@..@.data...d"..........................@....rsrc...x...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\513d5d.msi

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Enterprise Mode Site List Manager, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Enterprise Mode Site List Manager., Template: Intel;1033, Revision Number: {F17300D2-411C-429C-8831-4A8B1C62CF4C}, Create Time/Date: Wed Apr 22 01:49:52 2020, Last Saved Time/Date: Wed Apr 22 01:49:52 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.1703), Security: 2
Category:dropped
Size (bytes):532480
Entropy (8bit):6.105382708673196
Encrypted:false
SSDEEP:3072:KqBGam/ChswIu9A8zUgGBaoJJ61aGkD3MQnGFRZAc7dofArPpxyeUeVXOeuap2r8:KqLyGoesrizkjQ7Boap2rrfAPvh
MD5:5A766BF2B4C5EEA7FD8BC0DC0E83F5A3
SHA1:F6DF037C3F59952E3CE3128CF4825944820134FD
SHA-256:53E957AD72D1C96AD76D0F95F221F6BD3A5E05B716C2048B140A8E47743781E7
SHA-512:0C99B6AAF5F621E8EAA68858A3983B083E4082F3F0287E51324A6509D1563DCA10641964BBC32DE608F9627E15D31C693729026EAB2F458545AC790C3D3E0D65
Malicious:false
Reputation:low
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\513d5f.msi

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Enterprise Mode Site List Manager, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Enterprise Mode Site List Manager., Template: Intel;1033, Revision Number: {F17300D2-411C-429C-8831-4A8B1C62CF4C}, Create Time/Date: Wed Apr 22 01:49:52 2020, Last Saved Time/Date: Wed Apr 22 01:49:52 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.1703), Security: 2
Category:dropped
Size (bytes):532480
Entropy (8bit):6.105382708673196
Encrypted:false
SSDEEP:3072:KqBGam/ChswIu9A8zUgGBaoJJ61aGkD3MQnGFRZAc7dofArPpxyeUeVXOeuap2r8:KqLyGoesrizkjQ7Boap2rrfAPvh
MD5:5A766BF2B4C5EEA7FD8BC0DC0E83F5A3
SHA1:F6DF037C3F59952E3CE3128CF4825944820134FD
SHA-256:53E957AD72D1C96AD76D0F95F221F6BD3A5E05B716C2048B140A8E47743781E7
SHA-512:0C99B6AAF5F621E8EAA68858A3983B083E4082F3F0287E51324A6509D1563DCA10641964BBC32DE608F9627E15D31C693729026EAB2F458545AC790C3D3E0D65
Malicious:false
Reputation:low
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI42CB.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):53907
Entropy (8bit):2.794719375508344
Encrypted:false
SSDEEP:48:XLgLy6cHVEP3DTymru9MHsSYaHsSY7wD8SPVXeUpandgWIDpUrPJ3EVltyHg2:XLg0H2li9qtYwtY7YPleZdgtDedEPcg2
MD5:6D1CE1D3B011409A0898CEF777F0510A
SHA1:19B3D9ACC867441C51008522FA9DF58EEB75E88E
SHA-256:E0C196A97ECDAD56DF4661A4BAE21D00C92D8411ED28FAC1AA274EC944D13669
SHA-512:576141400B46E4B8BF1B46E05C538DCD9D55C58AF8A953632D15110377859C5EA2F86277C50B8883A5BEAEFAF45E4BF510837A53337B730ED3E3EDF38A628246
Malicious:false
Reputation:low
Preview:...@IXOS.@.....@..T.@.....@.....@.....@.....@.....@......&.{6FE180F0-2BBC-4116-9AF2-4D0D91DF85D2}!.Enterprise Mode Site List Manager..EMIESiteListManager.msi.@.....@.....@.....@......emie.ico..&.{F17300D2-411C-429C-8831-4A8B1C62CF4C}.....@.....@.....@.....@.......@.....@.....@.......@....!.Enterprise Mode Site List Manager......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{53359303-281E-4378-A3D4-3CB5BDF45DC5}P.C:\Program Files (x86)\Enterprise Mode Site List Manager\EMIESiteListManager.exe.@.......@.....@.....@......&.{1AD50E76-6B63-4C18-B130-D8DA99337D47}4.01:\Software\Microsoft\EMIESiteListManager\Uninstall.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@.....@.....@......9.C:\Program Files (x86)\Enterprise Mode Site List Manager\....1\iz_jeo6z\|Enterprise Mode Site List Manager\......Please

C:\Windows\Installer\SourceHash{6FE180F0-2BBC-4116-9AF2-4D0D91DF85D2}

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.168621003134087
Encrypted:false
SSDEEP:12:JSbX72FjgiAGiLIlHVRpU5h/7777777777777777777777777vDHF/FUH3cJl0i5:JGiQI5Gn9FWTF
MD5:6A492682ABC92F515977A644EB7EE1D4
SHA1:11702E6B78F733A11F691DED235AC2A54FBF8F69
SHA-256:1E20FC7CFD94D55F4966B21F3D5798E00C4E9A119F4F16E4420CC35FC96DD243
SHA-512:77C136E49DED1E5BB9AD829D4B7E1065BBF3DD0E911A70FA4B584A2B3A45FCFC0CD1E6E8B156748038B850EE3178ED977ADAC516745EA5BE074BABF36BB5F5BD
Malicious:false
Reputation:low
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.519329204639125
Encrypted:false
SSDEEP:48:YO8PhBuRc06WXJmFT5uw1yHqrXdeQDrS5kFP9rdeQDrSIdLJQDcO3p:YBhB19FTHyKPDrLlDr8DX3p
MD5:5D1141769BD9386127C6A7896A19C059
SHA1:1D77DA130F1299C4E8EBF876A1F12F717540AF04
SHA-256:B790037BF935D3596FAB93E67DF904C240A86CF9C6F5C7665A91F163C61CD33C
SHA-512:CB3311C64CF94B79C7A32654A5DA5C3341BAC1453CE5BEA85DC7882EC3A51B850CDC951C1D51A8FA7C46924C2513CE4D6B2830B09FCBFC8CE45DA0BDA95D8579
Malicious:false
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\{6FE180F0-2BBC-4116-9AF2-4D0D91DF85D2}\emie.ico

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows icon resource - 12 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
Category:dropped
Size (bytes):51382
Entropy (8bit):2.475464260673703
Encrypted:false
SSDEEP:24:Awgu9ToOOOOOOOORLwHsSYd94tToOOOOOOOORLwHsSYd9rxxxxxxxxxxxxxxxxxD:A9MHsSYaHsSY
MD5:EF255E5FE7A9EC15BD1F356229BD935E
SHA1:E16472CA7E49D46BAEF1AD3CD8175BF38BBDF570
SHA-256:2FF4752EAFE317FABBB4864B44E0B79D85D2AF4222E702FEF4E8B4B1F6B583BA
SHA-512:4FE9A30F6BC19F7515BB27D950AA4400C1224838889816F4DE62EBCF775948BA00744A6786833BBF97BF9BE48D65390CC6AA995FC58C3BFAA23E361EFEDB5D82
Malicious:false
Preview:......................@@......(.......00.............. ...........)...............2..........h....8........ .....^>..@@.... .(B..NB..00.... ..%..v... .... ............... .............. .h...N....PNG........IHDR.............\r.f....pHYs..........o.d....IDATx....m.@.@Q..id..L.N...d.+.{..9}..uy<_...5z.`...0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0..0...........#...Gx.........................................M.m....@..@..@..@..@..@..@..@..@..@..@..@..@..@..@..@..@..@..@..@..@..@..@...ph....6.].. L. L. L. L. L. L. L. L. L. L. .-@..G.(...c..0..0..0..0..0..0..0..0..0..0......x...j...b..0..0..0..0..0..0..0..0..0..0.......u...go....6.......................................................................`.....l..&..&..&..&..&..&..&..&..&..&.....X....}.~.yf..k.. L. L. L. L. L. L. L. L. L. L. L. L. L. L. L. L. L. L. L. L. L. L. ,._..M?.<3..l..&..&..&..&..&..&..&..&..&..&........>......@..@..@..@..@..@..@..@..@..@..@..@..@..

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category:dropped
Size (bytes):122558
Entropy (8bit):5.363498046761453
Encrypted:false
SSDEEP:1536:iHzMV+f84vcIH17Yyxkjr0+NVRVle+yjeLWJOQzi7gZFOIKICh/81r8yQ1oXB4HY:iHHJCoX5CY
MD5:A4841F42C8590E273D88DCD6757EA091
SHA1:FA7094C801D8B402036A55B21281A9AB39F98512
SHA-256:44A73DC05FE3C91A0E7D78E615799B4EC4D8D806E7C27B04E967741ACC29A93E
SHA-512:06F69B2EA6D46F71E73533C4FCB4A575B7F068D34C2453816BB62B6205FD5F866FD60FF0EC1DC5ACD0B5C349CCDC6341EFC8E1B2FF09661C661DF37C33B53711
Malicious:false
Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..07/23/2020 10:13:25.847 [3928]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:13:25.863 [3928]: ngen returning 0x00000000..07/23/2020 10:13:25.925 [1900]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:13:25.925 [1900]: ngen returning 0x00000000..07/23/2020 10:13:25.972 [4436]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /N

C:\Windows\Temp\~DF00D00E929335E7A1.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.519329204639125
Encrypted:false
SSDEEP:48:YO8PhBuRc06WXJmFT5uw1yHqrXdeQDrS5kFP9rdeQDrSIdLJQDcO3p:YBhB19FTHyKPDrLlDr8DX3p
MD5:5D1141769BD9386127C6A7896A19C059
SHA1:1D77DA130F1299C4E8EBF876A1F12F717540AF04
SHA-256:B790037BF935D3596FAB93E67DF904C240A86CF9C6F5C7665A91F163C61CD33C
SHA-512:CB3311C64CF94B79C7A32654A5DA5C3341BAC1453CE5BEA85DC7882EC3A51B850CDC951C1D51A8FA7C46924C2513CE4D6B2830B09FCBFC8CE45DA0BDA95D8579
Malicious:false
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF01FE53D8B85C6BCF.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.519329204639125
Encrypted:false
SSDEEP:48:YO8PhBuRc06WXJmFT5uw1yHqrXdeQDrS5kFP9rdeQDrSIdLJQDcO3p:YBhB19FTHyKPDrLlDr8DX3p
MD5:5D1141769BD9386127C6A7896A19C059
SHA1:1D77DA130F1299C4E8EBF876A1F12F717540AF04
SHA-256:B790037BF935D3596FAB93E67DF904C240A86CF9C6F5C7665A91F163C61CD33C
SHA-512:CB3311C64CF94B79C7A32654A5DA5C3341BAC1453CE5BEA85DC7882EC3A51B850CDC951C1D51A8FA7C46924C2513CE4D6B2830B09FCBFC8CE45DA0BDA95D8579
Malicious:false
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF1C0B8D87137E27D0.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:3::
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF44BEB62D72DFC192.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):32768
Entropy (8bit):1.2201879078129263
Encrypted:false
SSDEEP:48:xgS5uuPveFXJnT5Rw1yHqrXdeQDrS5kFP9rdeQDrSIdLJQDcO3p:xb5ePToyKPDrLlDr8DX3p
MD5:63C15EBA6739C0209BE612E37BFF7140
SHA1:3B0EA868989DAC7E5EB48AF31864FD40B35166CE
SHA-256:614EB18DD57AAE40D67A48D76EEC02094887CDD1008EB303D0B861DBCC0A624B
SHA-512:6929B4AC0EA187D604ABD40EBB368C9308D670D763039F9136EB6060B5B13AD3B17B7B8C90876FB0E4283EFA6842BE66F0441E43C4E766F1507712A59424B549
Malicious:false
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF7B0B90474896C64A.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:3::
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF846EA03A72D14C0F.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:3::
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF8F5381410179078B.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:3::
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFC06573D464748E53.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):32768
Entropy (8bit):1.2201879078129263
Encrypted:false
SSDEEP:48:xgS5uuPveFXJnT5Rw1yHqrXdeQDrS5kFP9rdeQDrSIdLJQDcO3p:xb5ePToyKPDrLlDr8DX3p
MD5:63C15EBA6739C0209BE612E37BFF7140
SHA1:3B0EA868989DAC7E5EB48AF31864FD40B35166CE
SHA-256:614EB18DD57AAE40D67A48D76EEC02094887CDD1008EB303D0B861DBCC0A624B
SHA-512:6929B4AC0EA187D604ABD40EBB368C9308D670D763039F9136EB6060B5B13AD3B17B7B8C90876FB0E4283EFA6842BE66F0441E43C4E766F1507712A59424B549
Malicious:false
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFC85FCF4B781F769C.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):69632
Entropy (8bit):0.1255016485903017
Encrypted:false
SSDEEP:48:zO3poQDDRdldeQDrS3qrXdeQDrS5kFP9uZw1:S3pHDBDrJPDrLMW
MD5:E9877A5B74564D412A932CAAAD78531C
SHA1:A67DA9E7B6A07C8CB240622AEE4EADE091A2090A
SHA-256:9E7692F617042BEEF1FE73FE1757C3C8CEC416BC18A3BA6CE4027DF9E1A64107
SHA-512:444D26711C8E9B28F792432D4BAF25E5D47734402D380D447BD79ABA6FC5087BC4CB50B33D2BCEFB5969E52B90501C7F0C2D8715755B9D19A721B7B17B490E3D
Malicious:false
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE92B0867D610BE55.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.07493422556332817
Encrypted:false
SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO/Fd2HheUMzn6Vky6lD1:2F0i8n0itFzDHF/FUH3cJ
MD5:074A1E158A345B500804A192B8ED1EF0
SHA1:1EC8345B5FEDF1A0DB73AA370961DD888F27F28E
SHA-256:FB5A848DF7DCDD0C7473203C330DCBC8EB2B1174B848F3E980E06D47CF0D1650
SHA-512:E8F5DE458DF629F43389F772DA0AED9AAA3840E0D387058FE247BCDC5B91D74FFB2635C17E53A88B26F818CBE088C6B1E86FE3363C6D23A3F81FEF76706C0D7D
Malicious:false
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFEB3D6F54A619D8A1.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):32768
Entropy (8bit):1.2201879078129263
Encrypted:false
SSDEEP:48:xgS5uuPveFXJnT5Rw1yHqrXdeQDrS5kFP9rdeQDrSIdLJQDcO3p:xb5ePToyKPDrLlDr8DX3p
MD5:63C15EBA6739C0209BE612E37BFF7140
SHA1:3B0EA868989DAC7E5EB48AF31864FD40B35166CE
SHA-256:614EB18DD57AAE40D67A48D76EEC02094887CDD1008EB303D0B861DBCC0A624B
SHA-512:6929B4AC0EA187D604ABD40EBB368C9308D670D763039F9136EB6060B5B13AD3B17B7B8C90876FB0E4283EFA6842BE66F0441E43C4E766F1507712A59424B549
Malicious:false
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFFE772C76824F6EFF.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:3::
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Enterprise Mode Site List Manager, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Enterprise Mode Site List Manager., Template: Intel;1033, Revision Number: {F17300D2-411C-429C-8831-4A8B1C62CF4C}, Create Time/Date: Wed Apr 22 01:49:52 2020, Last Saved Time/Date: Wed Apr 22 01:49:52 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.1703), Security: 2
Entropy (8bit):6.105382708673196
TrID:
  • Microsoft Windows Installer (77509/1) 90.64%
  • Generic OLE2 / Multistream Compound File (8008/1) 9.36%
File name:EMIESiteListManager.msi
File size:532480
MD5:5a766bf2b4c5eea7fd8bc0dc0e83f5a3
SHA1:f6df037c3f59952e3ce3128cf4825944820134fd
SHA256:53e957ad72d1c96ad76d0f95f221f6bd3a5e05b716c2048b140a8e47743781e7
SHA512:0c99b6aaf5f621e8eaa68858a3983b083e4082f3f0287e51324a6509d1563dca10641964bbc32de608f9627e15d31c693729026eab2f458545ac790c3d3e0d65
SSDEEP:3072:KqBGam/ChswIu9A8zUgGBaoJJ61aGkD3MQnGFRZAc7dofArPpxyeUeVXOeuap2r8:KqLyGoesrizkjQ7Boap2rrfAPvh
TLSH:1DB4197460B1C296C2A283F74B94F1B89DF4FD006DE974D9A36CB3BDC87E940BA25106
File Content Preview:........................>......................................................................................................................................................................................................................................

File Icon

Icon Hash:a2a0b496b2caca72

Static OLE Info

General

Document Type:OLE
Number of OLE Files:1

Authenticode Signature

Signature Valid:true
Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 3/4/2020 10:39:47 AM 3/3/2021 10:39:47 AM
Subject Chain
  • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:3
Thumbprint MD5:AAEE394B1087AC1044A13D09468CDF1E
Thumbprint SHA-1:2485A7AFA98E178CB8F30C9838346B514AEA4769
Thumbprint SHA-256:C0772D3C9E20C3F4EBB09F5816D6DADA0D8FA86563C2D68898539EC1CD355A1B
Serial:3300000187721772155940C709000000000187

OLE File "EMIESiteListManager.msi"

Indicators
Has Summary Info:
Application Name:Windows Installer XML Toolset (3.14.0.1703)
Encrypted Document:False
Contains Word Document Stream:False
Contains Workbook/Book Stream:False
Contains PowerPoint Document Stream:False
Contains Visio Document Stream:False
Contains ObjectPool Stream:False
Flash Objects Count:0
Contains VBA Macros:False
Summary
Code Page:1252
Title:Installation Database
Subject:Enterprise Mode Site List Manager
Author:Microsoft Corporation
Keywords:Installer
Comments:This installer database contains the logic and data required to install Enterprise Mode Site List Manager.
Template:Intel;1033
Revion Number:{F17300D2-411C-429C-8831-4A8B1C62CF4C}
Create Time:2020-04-22 00:49:52
Last Saved Time:2020-04-22 00:49:52
Number of Pages:200
Number of Words:2
Creating Application:Windows Installer XML Toolset (3.14.0.1703)
Security:2

Streams

Stream Path: \x5DigitalSignature, File Type: data, Stream Size: 9169
General
Stream Path:\x5DigitalSignature
File Type:data
Stream Size:9169
Entropy:7.3719050688335095
Base64 Encoded:True
Data ASCII:0 # . . * H . . . . # 0 # . . . 1 . 0 . . . ` H . e . . . . . . 0 w . . + . . . . 7 . . . i 0 g 0 2 . . + . . . . 7 . . . 0 $ . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . 0 1 0 . . . ` H . e . . . . . . . N . " 6 s Q 5 ? . f . . . . R . + ? . 0 . 0 . . . . . . . 3 . . . r . r . Y @ . . . . . . 0 . . . * H . . . . . . 0 ~ 1 . 0 . . . U . . . . U S 1 . 0 . . . U . . . . W a s h i n g t o n 1 . 0 . . . U . . . . R e d m o n d 1 . 0 . . . U . . . . M i c r o s o f t C o r p o r a t
Data Raw:30 82 23 cd 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 23 be 30 82 23 ba 02 01 01 31 0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 30 77 06 0a 2b 06 01 04 01 82 37 02 01 04 a0 69 30 67 30 32 06 0a 2b 06 01 04 01 82 37 02 01 1e 30 24 02 01 02 04 10 f1 10 0c 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 01 00 02 01 00 02 01 00 02 01 00 02 01 00 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01
Stream Path: \x5MsiDigitalSignatureEx, File Type: data, Stream Size: 32
General
Stream Path:\x5MsiDigitalSignatureEx
File Type:data
Stream Size:32
Entropy:4.9375
Base64 Encoded:False
Data ASCII:V 6 F ( $ t . . q . . 3 p D C P : l
Data Raw:d1 56 36 46 28 24 74 14 18 be 71 9d 01 a1 d2 c3 d4 94 33 c4 70 44 d9 43 50 86 3a 6c c9 f1 d4 c1
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 588
General
Stream Path:\x5SummaryInformation
File Type:data
Stream Size:588
Entropy:4.721059046312905
Base64 Encoded:True
Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I n s t a l l a t i o n D a t a b a s e . . . . . . . " . . . E n t e r p r i s e M o d e S i t e L i s t M a n a g e r . . . . . . . . . . . M i c r o s o f t C o r p o r a t
Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 1c 02 00 00 0e 00 00 00 01 00 00 00 78 00 00 00 02 00 00 00 80 00 00 00 03 00 00 00 a0 00 00 00 04 00 00 00 cc 00 00 00 05 00 00 00 ec 00 00 00 06 00 00 00 00 01 00 00 07 00 00 00 74 01 00 00 09 00 00 00 88 01 00 00 0c 00 00 00 b8 01 00 00
Stream Path: \x15758\x15250\x17180\x16951\x17173\x17910\x16662\x16689\x16938\x18357\x16678\x18469, File Type: Microsoft Cabinet archive data, 51860 bytes, 1 file, Stream Size: 51860
General
Stream Path:\x15758\x15250\x17180\x16951\x17173\x17910\x16662\x16689\x16938\x18357\x16678\x18469
File Type:Microsoft Cabinet archive data, 51860 bytes, 1 file
Stream Size:51860
Entropy:7.993891922004338
Base64 Encoded:True
Data ASCII:M S C F . . . . . . . . . . , . . . . . . . . . . . . . . . . . . . E . . . . . . . . . . . . . . . P . . e m i e . e x e . e p ( 6 . C K | . . . u L . 3 2 . { . . r ( . . J . . . u W P . T x h < x # j 1 . w < . . E . . _ U L n > ? . u . ^ U z U U . ~ B . B x w . . o . W r p . . ^ l Z t B . y r . O < ~ Z . . k . W m < h . V ` % c , ! . S 4 # . l . . L i . . U % m c n N U . i U [ S . D C . . . % . . . u B [ 4 . . G U 1 . w ~ . v g u v 0 . + V _ w . 3 6 + O 3 . u E Y Z m ( . . u 0 + . . } . . c . l T s * .
Data Raw:4d 53 43 46 00 00 00 00 94 ca 00 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 01 00 00 00 00 00 00 00 45 00 00 00 08 00 01 00 c0 93 03 00 00 00 00 00 00 00 95 50 08 89 20 00 65 6d 69 65 2e 65 78 65 00 d8 65 70 28 b2 36 00 80 43 4b ac 7c 09 9c 14 c5 f5 7f 75 f7 4c cf b1 33 cb ce cc 32 b3 17 7b cf d2 cc c5 b2 cb b5 a0 72 28 a0 a2 02 82 1c 4a f0 04 05 95 86 99 c5 83 75 57 50 04
Stream Path: \x16786\x17522\x16958\x17200\x18344\x16812\x18482, File Type: MS Windows icon resource - 12 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel, Stream Size: 51382
General
Stream Path:\x16786\x17522\x16958\x17200\x18344\x16812\x18482
File Type:MS Windows icon resource - 12 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
Stream Size:51382
Entropy:2.475464260673703
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . . . . . . . @ @ . . . . . . ( . . . . . . 0 0 . . . . . . . . . . . . . . . . . . . . . ) . . . . . . . . . . . . . . 2 . . . . . . . . . . h . . . 8 . . . . . . . . . . . . ^ > . . @ @ . . . . . ( B . . N B . . 0 0 . . . . . % . . v . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . h . . . N . . P N G . . . . . . . . I H D R . . . . . . . . . . . . . \\ r f . . . . p H Y s . . . . . . . o d . . . I D A T x m @ . @ Q i d L N . . d + { . 9 } . u
Data Raw:00 00 01 00 0c 00 00 00 00 00 01 00 08 00 f0 03 00 00 c6 00 00 00 40 40 00 00 01 00 08 00 28 16 00 00 b6 04 00 00 30 30 00 00 01 00 08 00 a8 0e 00 00 de 1a 00 00 20 20 00 00 01 00 08 00 a8 08 00 00 86 29 00 00 18 18 00 00 01 00 08 00 c8 06 00 00 2e 32 00 00 10 10 00 00 01 00 08 00 68 05 00 00 f6 38 00 00 00 00 00 00 01 00 20 00 f0 03 00 00 5e 3e 00 00 40 40 00 00 01 00 20 00 28 42
Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15103\x17508\x16945\x18485, File Type: PC bitmap, Windows 95/NT4 and newer format, 493 x 58 x 1, Stream Size: 3842
General
Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15103\x17508\x16945\x18485
File Type:PC bitmap, Windows 95/NT4 and newer format, 493 x 58 x 1
Stream Size:3842
Entropy:1.0344734331774141
Base64 Encoded:False
Data ASCII:B M . . . . . . . . . . . l . . . . . . : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B G R s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ? . ? . . . . . ? . ? . . . . . ? . ? . . . . . ? . ? . . . . . ? . ? . . . . . ? . ? . . . . . ? . ? . . . . . ? . ? . . .
Data Raw:42 4d 02 0f 00 00 00 00 00 00 82 00 00 00 6c 00 00 00 ed 01 00 00 3a 00 00 00 01 00 01 00 00 00 00 00 80 0e 00 00 13 0b 00 00 13 0b 00 00 02 00 00 00 02 00 00 00 42 47 52 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c 65 00 00 ff ff
Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15231\x16684\x17583\x18474, File Type: PC bitmap, Windows 95/NT4 and newer format, 493 x 312 x 1, Stream Size: 20098
General
Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15231\x16684\x17583\x18474
File Type:PC bitmap, Windows 95/NT4 and newer format, 493 x 312 x 1
Stream Size:20098
Entropy:1.3721052783374972
Base64 Encoded:False
Data ASCII:B M N . . . . . . . . . l . . . . . . 8 . . . . . . . . . . . . N . . . . . . . . . . . . . . . . . . B G R s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:42 4d 82 4e 00 00 00 00 00 00 82 00 00 00 6c 00 00 00 ed 01 00 00 38 01 00 00 01 00 01 00 00 00 00 00 00 4e 00 00 13 0b 00 00 13 0b 00 00 02 00 00 00 02 00 00 00 42 47 52 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c 65 00 00 ff ff
Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15871\x18088, File Type: MS Windows icon resource - 1 icon, 16x16, 16 colors, Stream Size: 318
General
Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15871\x18088
File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
Stream Size:318
Entropy:2.034441580055181
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . } . . . . . . . . . .
Data Raw:00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x16319\x18483, File Type: MS Windows icon resource - 1 icon, 16x16, 16 colors, Stream Size: 318
General
Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x16319\x18483
File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
Stream Size:318
Entropy:2.0369361465218003
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15295\x16827\x16687\x18480, File Type: MS Windows icon resource - 1 icon, 32x32, 16 colors, Stream Size: 766
General
Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15295\x16827\x16687\x18480
File Type:MS Windows icon resource - 1 icon, 32x32, 16 colors
Stream Size:766
Entropy:3.3484862648999827
Base64 Encoded:True
Data ASCII:. . . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3 1 . . . . . . . . . . . . 3 3 2 3 3 3 3 3 3 3 3 3 3 3 3 . 3 3 $ D D D D D D D D D D D @ 1 . 2 D D D D D D D D D D D D D . . 2 D D D D D D @ D D D D D D C . 2 D D D D D D 3 4 D D D D D C . 2 D D D D D @ 3 0 D D D D D . . 3 $ D D D D D 3 4 D D D D D 1 . 3 $ D D D D D @ D D D D D @
Data Raw:00 00 01 00 01 00 20 20 10 00 00 00 00 00 e8 02 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 c0 c0 00 80 80 80 00 00 80 80 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 33
Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15551\x17009\x18482, File Type: MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors, Stream Size: 1078
General
Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15551\x17009\x18482
File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors
Stream Size:1078
Entropy:2.8642269548572474
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . . & . . . . . . . . . . . ( . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . w p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . p . . . . . . . . . . . . . . p . . . . . . . . . . w w . . w w . . . . . . . . w p . . w w w . . . . . . . . . . w w p . . . . . . . w w .
Data Raw:00 00 01 00 02 00 20 20 10 00 00 00 00 00 e8 02 00 00 26 00 00 00 10 10 10 00 00 00 00 00 28 01 00 00 0e 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 80 80 80 00 c0 c0 c0 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00
Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x17184\x16827\x18468, File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Stream Size: 108032
General
Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x17184\x16827\x18468
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Stream Size:108032
Entropy:6.520387807172719
Base64 Encoded:True
Data ASCII:M Z . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . L ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . M V S . 7 = . 7 = . 7 = . . 7 = . ~ 7 = . . 7 = C R > . 7 = C R 9 . 7 = C R 8 . 7 = . O . 7 = . 7 < 7 = . Q 8 . 7 = . Q = . 7 = . Q . . 7 = . 7 . 7 = . Q ? . 7 = R i c h . 7 = . . . . . . . . . . . . . . . . P E . . L . . . . Z . . . . . . . . . . ! . . . . . . . . . . . .
Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
Stream Path: \x18496\x15167\x17394\x17464\x17841, File Type: data, Stream Size: 1432
General
Stream Path:\x18496\x15167\x17394\x17464\x17841
File Type:data
Stream Size:1432
Entropy:5.022908429193589
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . . . . . . . " . " . " . ) . ) . ) . * . * . * . + . + . , . , . 1 . 1 . 5 . 5 . 9 . 9 . 9 . 9 . 9 . 9 . ? . ? . ? . G . G . G . G . G . G . G . G . G . G . G . G . I . I . I . I . I . I . I . I . I . I . [ . [ . [ . [ . b . b . b . b . b . b . k . k . k . k . k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 22 00 22 00 22 00 29 00 29 00 29 00 2a 00 2a 00 2a 00 2b 00 2b 00 2c 00 2c 00 31 00 31 00 35 00 35 00 39 00 39 00 39 00 39 00 39 00 39 00 3f 00 3f 00 3f 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 5b 00 5b 00 5b 00 5b 00 62 00 62 00
Stream Path: \x18496\x15518\x16925\x17915, File Type: 370 XA sysV executable, Stream Size: 204
General
Stream Path:\x18496\x15518\x16925\x17915
File Type:370 XA sysV executable
Stream Size:204
Entropy:4.577260359586477
Base64 Encoded:False
Data ASCII:_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:5f 01 af 02 b0 02 b1 02 b2 02 b3 02 b4 02 b6 02 b8 02 ba 02 bc 02 be 02 c0 02 c2 02 c5 02 c7 02 c9 02 cb 02 cd 02 cf 02 d1 02 d3 02 d5 02 d7 02 d9 02 db 02 dd 02 df 02 e1 02 e3 02 e5 02 e7 02 e9 02 eb 02 ed 02 ef 02 f1 02 f3 02 f5 02 f7 02 f9 02 fb 02 fd 02 ff 02 01 03 03 03 05 03 07 03 09 03 0b 03 0d 03 c4 02 00 00 b0 02 b1 02 b2 02 b3 02 b5 02 b7 02 b9 02 bb 02 bd 02 bf 02 c1 02
Stream Path: \x18496\x16191\x17783\x17516\x15210\x17892\x18468, File Type: ASCII text, with very long lines, with CRLF line terminators, Stream Size: 222419
General
Stream Path:\x18496\x16191\x17783\x17516\x15210\x17892\x18468
File Type:ASCII text, with very long lines, with CRLF line terminators
Stream Size:222419
Entropy:5.096008466807066
Base64 Encoded:True
Data ASCII:N a m e T a b l e T y p e C o l u m n V a l u e _ V a l i d a t i o n N P r o p e r t y I d _ S u m m a r y I n f o r m a t i o n D e s c r i p t i o n S e t C a t e g o r y K e y C o l u m n M a x V a l u e N u l l a b l e K e y T a b l e M i n V a l u e I d e n t i f i e r N a m e o f t a b l e N a m e o f c o l u m n Y ; N W h e t h e r t h e c o l u m n i s n u l l a b l e Y M i n i m u m v a l u e a l l o w e d M a x i m u m v a l u e a l l o w e d F o r f o r e i g n k e y
Data Raw:4e 61 6d 65 54 61 62 6c 65 54 79 70 65 43 6f 6c 75 6d 6e 56 61 6c 75 65 5f 56 61 6c 69 64 61 74 69 6f 6e 4e 50 72 6f 70 65 72 74 79 49 64 5f 53 75 6d 6d 61 72 79 49 6e 66 6f 72 6d 61 74 69 6f 6e 44 65 73 63 72 69 70 74 69 6f 6e 53 65 74 43 61 74 65 67 6f 72 79 4b 65 79 43 6f 6c 75 6d 6e 4d 61 78 56 61 6c 75 65 4e 75 6c 6c 61 62 6c 65 4b 65 79 54 61 62 6c 65 4d 69 6e 56 61 6c 75 65
Stream Path: \x18496\x16191\x17783\x17516\x15978\x17586\x18479, File Type: data, Stream Size: 3144
General
Stream Path:\x18496\x16191\x17783\x17516\x15978\x17586\x18479
File Type:data
Stream Size:3144
Entropy:3.4890606864159133
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ; . . . . . . . . . . . . . . . . . . . W . . . . . . . . . 6 . . . $ . . . . . . . . . . . . r . . . . . . . . . . . . . . . . B . . . . . . . . . . . . . . o . . . . . . . . . . . . . . . . . . . ( . . . . . . . 5 . . . . . . . . . . ' . . . . . . . . . . . . . . . ( . . . . . . . * . . . . . . . ; . . . . . . . . . . . > . . . . . . . . . . . . . . .
Data Raw:e4 04 00 00 04 00 0a 00 05 00 02 00 00 00 00 00 04 00 06 00 06 00 02 00 05 00 0b 00 0b 00 15 00 01 00 66 00 0a 00 01 00 13 00 02 00 0b 00 1a 00 03 00 02 00 08 00 02 00 09 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 0a 00 3b 00 0d 00 01 00 0e 00 01 00 03 00 01 00 1e 00 01 00 01 00 57 00 15 00 01 00 15 00 01 00 36 00 01 00 24 00 01 00 f5 00 01 00 0f 00 01 00 04 00 72 00
Stream Path: \x18496\x16255\x16740\x16943\x18486, File Type: data, Stream Size: 68
General
Stream Path:\x18496\x16255\x16740\x16943\x18486
File Type:data
Stream Size:68
Entropy:3.746187578481873
Base64 Encoded:False
Data ASCII:. . " . ) . * . + . , . 1 . 5 . 9 . ? . G . I . [ . b . k . . . . . . . . . . . . . . . . . . . . " . % .
Data Raw:07 00 22 00 29 00 2a 00 2b 00 2c 00 31 00 35 00 39 00 3f 00 47 00 49 00 5b 00 62 00 6b 00 8a 00 8f 00 9d 00 a2 00 b0 00 b3 00 b4 00 b5 00 b8 00 be 00 cc 00 d5 00 df 00 e2 00 ed 00 07 01 18 01 22 01 25 01
Stream Path: \x18496\x16383\x17380\x16876\x17892\x17580\x18481, File Type: data, Stream Size: 4344
General
Stream Path:\x18496\x16383\x17380\x16876\x17892\x17580\x18481
File Type:data
Stream Size:4344
Entropy:2.5704117611289377
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . " . " . " . ) . ) . ) . * . * . * . + . + . , . , . 1 . 1 . 5 . 5 . 9 . 9 . 9 . 9 . 9 . 9 . ? . ? . ? . G . G . G . G . G . G . G . G . G . G . G . G . I . I . I . I . I . I . I . I . I . I . [ . [ . [ . [ . b . b . b . b . b . b . k . k . k . k . k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 0a 00 0a 00 22 00 22 00 22 00 29 00 29 00 29 00 2a 00 2a 00 2a 00 2b 00 2b 00 2c 00 2c 00 31 00 31 00 35 00 35 00 39 00 39 00 39 00 39 00 39 00 39 00 3f 00 3f 00 3f 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 47 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 5b 00 5b 00 5b 00 5b 00
Stream Path: \x18496\x16661\x17528\x17126\x17548\x16881\x17900\x17580\x18481, File Type: data, Stream Size: 8
General
Stream Path:\x18496\x16661\x17528\x17126\x17548\x16881\x17900\x17580\x18481
File Type:data
Stream Size:8
Entropy:2.0
Base64 Encoded:False
Data ASCII:. . . .
Data Raw:88 02 8a 02 89 02 8b 02
Stream Path: \x18496\x16667\x17191\x15090\x17912\x17591\x18481, File Type: data, Stream Size: 36
General
Stream Path:\x18496\x16667\x17191\x15090\x17912\x17591\x18481
File Type:data
Stream Size:36
Entropy:3.2805913228033257
Base64 Encoded:False
Data ASCII:. . . . . . . . . . ' ' . . . . . . . .
Data Raw:94 01 94 01 01 80 02 80 9c 02 a0 02 00 80 00 80 00 80 14 80 27 81 27 81 10 80 10 80 9f 02 a1 02 00 00 00 00
Stream Path: \x18496\x16786\x17522, File Type: data, Stream Size: 4
General
Stream Path:\x18496\x16786\x17522
File Type:data
Stream Size:4
Entropy:2.0
Base64 Encoded:False
Data ASCII:w . . .
Data Raw:77 02 01 00
Stream Path: \x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 48
General
Stream Path:\x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934
File Type:data
Stream Size:48
Entropy:3.569235677759417
Base64 Encoded:False
Data ASCII:2 . 3 . 4 . 5 . 6 . 7 . 8 . 9 . . . . . . . . . . . . . . . . . x . < .
Data Raw:32 01 33 01 34 01 35 01 36 01 37 01 38 01 39 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 83 84 83 e8 83 78 85 dc 85 3c 8f a0 8f c8 99
Stream Path: \x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 42
General
Stream Path:\x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472
File Type:data
Stream Size:42
Entropy:3.428883414027889
Base64 Encoded:False
Data ASCII:2 . 3 . 4 . : . ; . < . = . . . . . . . . . . . . . . . . . . .
Data Raw:32 01 33 01 34 01 3a 01 3b 01 3c 01 3d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 83 84 83 e8 83 fd 7f fe 7f ff 7f 14 85
Stream Path: \x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 48
General
Stream Path:\x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472
File Type:data
Stream Size:48
Entropy:3.5123194111116605
Base64 Encoded:False
Data ASCII:2 . 4 . 5 . 6 . 9 . > . ? . @ . . . . . . . . . . . . . . . . . x . . .
Data Raw:32 01 34 01 35 01 36 01 39 01 3e 01 3f 01 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 83 e8 83 78 85 dc 85 c8 99 94 91 9c 98 00 99
Stream Path: \x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486, File Type: data, Stream Size: 8
General
Stream Path:\x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486
File Type:data
Stream Size:8
Entropy:2.25
Base64 Encoded:False
Data ASCII:s . s . M . Q .
Data Raw:73 02 73 02 4d 01 51 01
Stream Path: \x18496\x16911\x17892\x17784\x18472, File Type: data, Stream Size: 16
General
Stream Path:\x18496\x16911\x17892\x17784\x18472
File Type:data
Stream Size:16
Entropy:2.1774212838293647
Base64 Encoded:False
Data ASCII:s . . . t . . . . . . . .
Data Raw:73 02 00 00 74 02 00 00 02 80 01 80 00 00 00 80
Stream Path: \x18496\x16918\x17191\x18468, File Type: MIPSEB Ucode, Stream Size: 14
General
Stream Path:\x18496\x16918\x17191\x18468
File Type:MIPSEB Ucode
Stream Size:14
Entropy:1.8073549220576044
Base64 Encoded:False
Data ASCII:. . . . . . . . . . .
Data Raw:01 80 01 00 00 80 00 00 8c 02 00 00 00 00
Stream Path: \x18496\x16923\x15722\x16818\x17892\x17778, File Type: basic-16 executable, Stream Size: 10
General
Stream Path:\x18496\x16923\x15722\x16818\x17892\x17778
File Type:basic-16 executable
Stream Size:10
Entropy:2.446439344671015
Base64 Encoded:False
Data ASCII:B . . . . .
Data Raw:42 01 02 80 a4 02 bb 01 02 80
Stream Path: \x18496\x16923\x17194\x17910\x18229, File Type: Encore unsupported executable, Stream Size: 12
General
Stream Path:\x18496\x16923\x17194\x17910\x18229
File Type:Encore unsupported executable
Stream Size:12
Entropy:2.8553885422075336
Base64 Encoded:False
Data ASCII:U . . . . . . Q .
Data Raw:55 01 01 80 a2 02 a3 02 00 00 51 01
Stream Path: \x18496\x16923\x17584\x16953\x17167\x16943, File Type: data, Stream Size: 20
General
Stream Path:\x18496\x16923\x17584\x16953\x17167\x16943
File Type:data
Stream Size:20
Entropy:2.941446071165522
Base64 Encoded:False
Data ASCII:. . Q . Q . . . . S . S . . .
Data Raw:a5 02 a7 02 51 01 51 01 a6 02 00 00 53 01 53 01 02 80 02 80
Stream Path: \x18496\x16925\x17915\x17884\x17404\x18472, File Type: data, Stream Size: 36
General
Stream Path:\x18496\x16925\x17915\x17884\x17404\x18472
File Type:data
Stream Size:36
Entropy:2.607017709595356
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:98 02 ad 02 ae 02 ac 02 ac 02 ac 02 08 80 0c 80 09 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 80
Stream Path: \x18496\x17100\x16808\x15086\x18162, File Type: iAPX 286 executable small model (COFF), Stream Size: 8
General
Stream Path:\x18496\x17100\x16808\x15086\x18162
File Type:iAPX 286 executable small model (COFF)
Stream Size:8
Entropy:1.75
Base64 Encoded:False
Data ASCII:J . L . K . K .
Data Raw:4a 01 4c 01 4b 01 4b 01
Stream Path: \x18496\x17116\x17778\x16823\x17912, File Type: data, Stream Size: 64
General
Stream Path:\x18496\x17116\x17778\x16823\x17912
File Type:data
Stream Size:64
Entropy:2.0297436758692484
Base64 Encoded:False
Data ASCII:. . g . j . . . M . M . s . s . . . . . . . . . . . . . w . w . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:a8 02 aa 02 67 02 6a 02 a9 02 ab 02 4d 01 4d 01 73 02 73 02 00 00 00 00 00 00 00 00 00 00 00 00 77 02 77 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Stream Path: \x18496\x17163\x16689\x18229, File Type: basic-16 executable (TV) not stripped, Stream Size: 28
General
Stream Path:\x18496\x17163\x16689\x18229
File Type:basic-16 executable (TV) not stripped
Stream Size:28
Entropy:2.201838730514401
Base64 Encoded:False
Data ASCII:C . D . E . F . G . H . I . . . . . . . . . . . . . . .
Data Raw:43 01 44 01 45 01 46 01 47 01 48 01 49 01 01 00 01 00 01 00 01 00 01 00 01 00 01 00
Stream Path: \x18496\x17165\x16949\x17894\x17778\x18492, File Type: data, Stream Size: 42
General
Stream Path:\x18496\x17165\x16949\x17894\x17778\x18492
File Type:data
Stream Size:42
Entropy:2.947834315626417
Base64 Encoded:False
Data ASCII:O . S . g . h . j . k . m . k . m . h . . . h . h . h . l . n . i . o . i . i . i .
Data Raw:4f 01 53 01 67 02 68 02 6a 02 6b 02 6d 02 6b 02 6d 02 68 02 00 00 68 02 68 02 68 02 6c 02 6e 02 69 02 6f 02 69 02 69 02 69 02
Stream Path: \x18496\x17165\x17380\x17074, File Type: data, Stream Size: 484
General
Stream Path:\x18496\x17165\x17380\x17074
File Type:data
Stream Size:484
Entropy:4.066499976746061
Base64 Encoded:False
Data ASCII:: . ; . < . V . l . s . . . . . . . . . . . . . . . . . . . . 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 r r r r r . r r r . r r . r r . r r r r r r . . . . . i . . . U . . U . . U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . . f . f . f . f . f . f . f . f . f . f . f . f . f . f . f . f . f . f . f . f . f . f . . . . W . Y . t . . Y . [ . . [ . . . . Y . Y . . e .
Data Raw:3a 01 3b 01 3c 01 56 01 6c 01 73 01 87 01 91 01 96 01 9d 01 a1 01 ba 01 c0 01 c5 01 c9 01 cd 01 d5 01 d9 01 e3 01 02 02 0b 02 1d 02 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80
Stream Path: \x18496\x17167\x16943, File Type: data, Stream Size: 20
General
Stream Path:\x18496\x17167\x16943
File Type:data
Stream Size:20
Entropy:3.5086949695628418
Base64 Encoded:False
Data ASCII:P . M . u . . v . J . . . . .
Data Raw:50 01 4d 01 75 02 c0 93 03 80 76 02 4a 02 00 82 01 00 00 80
Stream Path: \x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 144
General
Stream Path:\x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934
File Type:data
Stream Size:144
Entropy:4.359944291357535
Base64 Encoded:False
Data ASCII:+ . 2 . 3 . 4 . 5 . 6 . 8 . 9 . > . ? . @ . x . y . z . { . | . } . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 x . . . . d @ . ( p . .
Data Raw:2b 00 32 01 33 01 34 01 35 01 36 01 38 01 39 01 3e 01 3f 01 40 01 78 02 79 02 7a 02 7b 02 7c 02 7d 02 7e 02 7f 02 80 02 81 02 82 02 83 02 84 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 32 80 20 83 84 83 e8 83 78 85 dc 85 a0 8f c8 99 94 91 9c 98 00 99 19 80 64 80 bc 82 b0 84 40 86
Stream Path: \x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 102
General
Stream Path:\x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472
File Type:data
Stream Size:102
Entropy:4.319927825575774
Base64 Encoded:False
Data ASCII:+ . 2 . 3 . 4 . : . ; . < . = . . . . . . . x . y . z . { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . 1 . . . . . d
Data Raw:2b 00 32 01 33 01 34 01 3a 01 3b 01 3c 01 3d 01 96 01 a1 01 ba 01 d5 01 1d 02 78 02 79 02 7a 02 7b 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 86 02 85 02 87 02 00 00 00 00 00 00 00 00 32 80 20 83 84 83 e8 83 fd 7f fe 7f ff 7f 14 85 31 80 13 85 11 85 12 85 10 85 19 80 64 80 bc 82 b0 84
Stream Path: \x18496\x17548\x17648\x17522\x17512\x18487, File Type: data, Stream Size: 24
General
Stream Path:\x18496\x17548\x17648\x17522\x17512\x18487
File Type:data
Stream Size:24
Entropy:3.1147869792568117
Base64 Encoded:False
Data ASCII:M . Q . N . R . O . S . . . . . T . P . U .
Data Raw:4d 01 51 01 4e 01 52 01 4f 01 53 01 00 80 04 80 00 00 54 01 50 01 55 01
Stream Path: \x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522, File Type: data, Stream Size: 504
General
Stream Path:\x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522
File Type:data
Stream Size:504
Entropy:4.11406484024026
Base64 Encoded:False
Data ASCII:< . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . . . * . , . . . . . . . 2 . . . . . 2 . . . . . 2 . . . . . 2 . . . . . 2 . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:3c 01 3c 01 a1 01 a1 01 a1 01 a1 01 a1 01 a1 01 a1 01 a1 01 a1 01 a1 01 ba 01 ba 01 d5 01 d5 01 d5 01 d5 01 d9 01 d9 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 0b 02 0b 02 0b 02 0b 02 0b 02 0b 02 0b 02 0b 02 0b 02 cf 01
Stream Path: \x18496\x17548\x17905\x17589\x15279\x16953\x17905, File Type: data, Stream Size: 1536
General
Stream Path:\x18496\x17548\x17905\x17589\x15279\x16953\x17905
File Type:data
Stream Size:1536
Entropy:4.256812776365888
Base64 Encoded:False
Data ASCII:: . ; . < . V . V . V . V . V . V . V . V . l . s . s . s . s . s . s . s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . Y . Y . Y . Y . [ . [ . _ . Y . . . . . w . x . { . ~ . . . . . . Y . Y . [ . [ . . . [ . [ . . . . . . . . . . . . . . . . . Y . Y . [ . . . . [ . . . . . . . . . . . . .
Data Raw:3a 01 3b 01 3c 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 6c 01 73 01 73 01 73 01 73 01 73 01 73 01 73 01 87 01 87 01 87 01 91 01 91 01 91 01 96 01 9d 01 9d 01 a1 01 ba 01 ba 01 ba 01 ba 01 ba 01 ba 01 ba 01 ba 01 ba 01 ba 01 ba 01 ba 01 ba 01 c0 01 c5 01 c5 01 c5 01 c9 01 cd 01 d5 01 d5 01 d5 01 d5 01 d9 01 d9 01 d9 01 d9 01 d9 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01 e3 01
Stream Path: \x18496\x17548\x17905\x17589\x18479, File Type: data, Stream Size: 5590
General
Stream Path:\x18496\x17548\x17905\x17589\x18479
File Type:data
Stream Size:5590
Entropy:4.247527185772455
Base64 Encoded:True
Data ASCII:: . : . : . : . : . : . : . ; . ; . ; . ; . ; . ; . ; . < . < . < . < . < . < . < . < . < . V . V . V . V . V . V . V . V . V . V . V . V . V . V . l . l . l . l . l . l . l . l . s . s . s . s . s . s . s . s . s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:3a 01 3a 01 3a 01 3a 01 3a 01 3a 01 3a 01 3b 01 3b 01 3b 01 3b 01 3b 01 3b 01 3b 01 3c 01 3c 01 3c 01 3c 01 3c 01 3c 01 3c 01 3c 01 3c 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 56 01 6c 01 6c 01 6c 01 6c 01 6c 01 6c 01 6c 01 6c 01 73 01 73 01 73 01 73 01 73 01 73 01 73 01 73 01 73 01 87 01 87 01 87 01 87 01 87 01 87 01 87 01 87 01 87 01 87 01
Stream Path: \x18496\x17610\x16179\x16680\x16821\x18475, File Type: data, Stream Size: 4
General
Stream Path:\x18496\x17610\x16179\x16680\x16821\x18475
File Type:data
Stream Size:4
Entropy:1.5
Base64 Encoded:False
Data ASCII:A . B .
Data Raw:41 01 42 01
Stream Path: \x18496\x17630\x17770\x16868\x18472, File Type: Atari ATR image, Stream Size: 32
General
Stream Path:\x18496\x17630\x17770\x16868\x18472
File Type:Atari ATR image
Stream Size:32
Entropy:2.3871987351738495
Base64 Encoded:False
Data ASCII:. . . . v . v . . . . . . . . . . . . . . . . . . . . .
Data Raw:96 02 96 02 00 00 76 02 76 02 00 00 00 00 00 00 01 00 00 80 02 00 00 80 00 00 00 00 0f 03 10 03
Stream Path: \x18496\x17753\x17650\x17768\x18231, File Type: data, Stream Size: 60
General
Stream Path:\x18496\x17753\x17650\x17768\x18231
File Type:data
Stream Size:60
Entropy:3.7477426785812726
Base64 Encoded:False
Data ASCII:& . . . . % . : . . . . . . . . . . . . . O . K . K . w . . . . t . v . . . s . .
Data Raw:26 01 94 01 08 02 25 02 3a 02 8d 02 8e 02 90 02 92 02 94 02 95 02 97 02 99 02 9b 02 9d 02 96 02 9c 02 4f 01 4b 01 4b 01 77 02 8f 02 91 02 93 02 74 02 76 02 98 02 9a 02 73 01 9e 02
Stream Path: \x18496\x17932\x17910\x17458\x16778\x17207\x17522, File Type: data, Stream Size: 24
General
Stream Path:\x18496\x17932\x17910\x17458\x16778\x17207\x17522
File Type:data
Stream Size:24
Entropy:2.91829583405449
Base64 Encoded:False
Data ASCII:> . _ . A A C . C . d . e . . . . . . . . .
Data Raw:3e 02 5f 02 41 80 41 80 43 01 43 01 64 02 65 02 00 00 00 00 00 00 00 00
Stream Path: \x18496\x17998\x17512\x15799\x17636\x17203\x17073, File Type: data, Stream Size: 40
General
Stream Path:\x18496\x17998\x17512\x15799\x17636\x17203\x17073
File Type:data
Stream Size:40
Entropy:3.2815408113833335
Base64 Encoded:False
Data ASCII:V . . . . . ^ . . . . . p . . . . q . p . . . . . . . r .
Data Raw:56 01 96 01 96 01 a1 01 a1 01 5e 01 9b 01 9c 01 9c 01 b6 01 70 02 9b 01 9c 01 9c 01 71 02 70 02 1f 00 1f 00 1f 00 72 02

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:22:30:09
Start date:23/06/2022
Path:C:\Windows\System32\msiexec.exe
Wow64 process (32bit):false
Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\EMIESiteListManager.msi"
Imagebase:0x7ff6d4b80000
File size:66048 bytes
MD5 hash:4767B71A318E201188A0D0A420C8B608
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high

General

Target ID:1
Start time:22:30:12
Start date:23/06/2022
Path:C:\Windows\System32\msiexec.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\msiexec.exe /V
Imagebase:0x7ff6d4b80000
File size:66048 bytes
MD5 hash:4767B71A318E201188A0D0A420C8B608
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high

General

Target ID:11
Start time:22:30:30
Start date:23/06/2022
Path:C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):true
Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 4B2D4FDED6AF48E1A8084D401C783CB7 C
Imagebase:0x12b0000
File size:59904 bytes
MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high

Disassembly

No disassembly