Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Sentinel Protection Installer 7.7.1.msi

Overview

General Information

Sample Name:Sentinel Protection Installer 7.7.1.msi
Analysis ID:1309162
MD5:efae62c4ef283892a0f5863d6f79cc5a
SHA1:9ec3b5abba73a8e91d5f78018db5c8bc499dc860
SHA256:796697a69e5b9809798096746d2b2466fd8cbc794034cbc1fc664d151e618739
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Uses netsh to modify the Windows network and firewall settings
Opens the same file many times (likely Sandbox evasion)
Sample is not signed and drops a device driver
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Creates files inside the driver directory
Queries the volume information (name, serial number etc) of a device
Enables driver privileges
Drops PE files
Tries to load missing DLLs
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Drops PE files to the windows directory (C:\Windows)
Creates files inside the system directory
Creates driver files
Sleep loop found (likely to delay execution)
Checks for available system drives (often done to infect USB drives)
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)
Found dropped PE file which has not been started or loaded
Creates a process in suspended mode (likely to inject code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • msiexec.exe (PID: 1892 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Sentinel Protection Installer 7.7.1.msi" MD5: 2D9F692E71D9985F1C6237F063F6FE76)
  • svchost.exe (PID: 2292 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 9520A99E77D6196D0D09833146424113)
  • msiexec.exe (PID: 5620 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 2D9F692E71D9985F1C6237F063F6FE76)
    • msiexec.exe (PID: 1048 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding D589B0777D7FC815E1303B94200E83D5 C MD5: F9A3EEE1C3A4067702BC9A59BC894285)
    • msiexec.exe (PID: 348 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6DAD68CB4402844E208309C37076671F MD5: F9A3EEE1C3A4067702BC9A59BC894285)
      • SentinelDriverInstallSupport.exe (PID: 6060 cmdline: "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe" -c installUSB MD5: 9F196CAABDFAEDDA36987C7E429FAC3E)
        • conhost.exe (PID: 5588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
      • SPNSrvSupport.exe (PID: 5548 cmdline: "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe" -c disable MD5: 7282E8C78BD3E795C883AFA736278724)
        • conhost.exe (PID: 3828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
        • netsh.exe (PID: 2636 cmdline: C:\Windows\System32\netsh.exe" exec "C:\Users\user\AppData\Local\Temp\SPSScript.dat MD5: 718A726FCC5EFCE3529E7A244D87F13F)
          • conhost.exe (PID: 3560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
      • SHKSrvSupport.exe (PID: 6140 cmdline: "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exe" -c disable MD5: 33BC5E6771B08A113CB2046367D2D604)
        • conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
        • netsh.exe (PID: 1800 cmdline: C:\Windows\System32\netsh.exe" exec "C:\Users\user\AppData\Local\Temp\script.dat MD5: 718A726FCC5EFCE3529E7A244D87F13F)
          • conhost.exe (PID: 6108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
  • svchost.exe (PID: 672 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc MD5: 9520A99E77D6196D0D09833146424113)
  • spnsrvnt.exe (PID: 5024 cmdline: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe MD5: A31CA0684D86A07A100729A60030084D)
  • sntlkeyssrvr.exe (PID: 740 cmdline: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe MD5: 8C71AAABD1EB5B0359DDF41A6E84601B)
  • svchost.exe (PID: 2320 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall MD5: 9520A99E77D6196D0D09833146424113)
    • drvinst.exe (PID: 3740 cmdline: DrvInst.exe "4" "8" "C:\Users\user\AppData\Local\Temp\{277a69ef-af6e-1449-b2a4-e0fc604a0f03}\SNTUSB64.INF" "9" "49c45bedf" "00000000000001B0" "WinSta0\Default" "00000000000001B4" "208" "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver" MD5: 100997A8B475B1D1B173BE8941DFE1A6)
  • svchost.exe (PID: 896 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc MD5: 9520A99E77D6196D0D09833146424113)
  • svchost.exe (PID: 1336 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 9520A99E77D6196D0D09833146424113)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Spreading
  • System Summary
  • Persistence and Installation Behavior
  • Boot Survival
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection
  • Lowering of HIPS / PFW / Operating System Security Settings

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SafeNet Sentinel\Sentinel Protection Installer\7.7.1\English\ReadMe.pdf
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\System32\svchost.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{8ba3d81a-b924-9743-acf8-625159fdd068}
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exeProcess token adjusted: Load Driver
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wmi.dll
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\50c4b4.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\50c4b2.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\sntusb64.sys
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeKey opened: HKEY_USERSS-1-5-18\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Sentinel Protection Installer 7.7.1.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D589B0777D7FC815E1303B94200E83D5 C
Source: unknownProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
Source: unknownProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6DAD68CB4402844E208309C37076671F
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe" -c installUSB
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "8" "C:\Users\user\AppData\Local\Temp\{277a69ef-af6e-1449-b2a4-e0fc604a0f03}\SNTUSB64.INF" "9" "49c45bedf" "00000000000001B0" "WinSta0\Default" "00000000000001B4" "208" "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe" -c disable
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\System32\netsh.exe" exec "C:\Users\user\AppData\Local\Temp\SPSScript.dat
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exe "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exe" -c disable
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\System32\netsh.exe" exec "C:\Users\user\AppData\Local\Temp\script.dat
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6DAD68CB4402844E208309C37076671F
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe" -c installUSB
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe" -c disable
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exe "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exe" -c disable
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\System32\netsh.exe" exec "C:\Users\user\AppData\Local\Temp\SPSScript.dat
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\System32\netsh.exe" exec "C:\Users\user\AppData\Local\Temp\script.dat
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3828:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5588:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6008:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3828:120:WilError_02
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeMutant created: \BaseNamedObjects\gnComnMutex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6108:120:WilError_02
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeMutant created: \BaseNamedObjects\myServerProcLck
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3560:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5588:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6008:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3560:304:WilStaging_02
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeMutant created: \BaseNamedObjects\StdDBASE
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeMutant created: \BaseNamedObjects\gnRequestMutex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6108:304:WilStaging_02
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI4DCC.tmp
Source: classification engineClassification label: mal52.evad.winMSI@28/43@0/6
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.ini
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Sentinel Protection Installer 7.7.1.msiStatic file information: File size 7753728 > 1048576

Persistence and Installation Behavior

barindex
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\sntusb64.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\loadserv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI4F26.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE52F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI4F06.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\snti386.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\MD5CHAP.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA41.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\DIFxAPI.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SetupSysDriver.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI4DCC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\DrvInstLauncher.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE52F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA41.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SafeNet Sentinel\Sentinel Protection Installer\7.7.1\English\ReadMe.pdf
Source: C:\Windows\System32\msiexec.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeFile opened: \Device\RasAcd count: 71066
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeWindow / User API: threadDelayed 1868
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeWindow / User API: threadDelayed 5996
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe TID: 1808Thread sleep time: -480000s >= -30000s
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe TID: 1560Thread sleep time: -210000s >= -30000s
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe TID: 1560Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe TID: 5980Thread sleep count: 1868 > 30
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe TID: 1560Thread sleep time: -210000s >= -30000s
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe TID: 1808Thread sleep count: 5996 > 30
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe TID: 1808Thread sleep time: -719520000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 5428Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeThread sleep count: Count: 1868 delay: -10
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\loadserv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI4F26.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE52F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\snti386.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\MD5CHAP.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\DIFxAPI.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SetupSysDriver.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\DrvInstLauncher.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeThread delayed: delay time: 120000
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeThread delayed: delay time: 30000
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeThread delayed: delay time: 30000
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeThread delayed: delay time: 30000
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeThread delayed: delay time: 120000
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: unknownProcess created: C:\Windows\System32\drvinst.exe drvinst.exe "4" "8" "c:\users\user\appdata\local\temp\{277a69ef-af6e-1449-b2a4-e0fc604a0f03}\sntusb64.inf" "9" "49c45bedf" "00000000000001b0" "winsta0\default" "00000000000001b4" "208" "c:\program files (x86)\common files\safenet sentinel\sentinel system driver"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe" -c installUSB
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe" -c disable
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exe "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exe" -c disable
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\System32\netsh.exe" exec "C:\Users\user\AppData\Local\Temp\SPSScript.dat
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\System32\netsh.exe" exec "C:\Users\user\AppData\Local\Temp\script.dat
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{8ba3d81a-b924-9743-acf8-625159fdd068}\sntusb64.cat VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\drvinst.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\System32\netsh.exe" exec "C:\Users\user\AppData\Local\Temp\SPSScript.dat

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
1
Replication Through Removable Media		1
Command and Scripting Interpreter		2
Windows Service		2
Windows Service		31
Masquerading		OS Credential Dumping1
Security Software Discovery		1
Replication Through Removable Media		Data from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job1
LSASS Driver		11
Process Injection		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)1
DLL Side-Loading		1
LSASS Driver		131
Virtualization/Sandbox Evasion		Security Account Manager131
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)1
DLL Side-Loading		11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets11
Peripheral Device Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
File Deletion		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem23
System Information Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version
No bigger version
No bigger version
No bigger version

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Sentinel Protection Installer 7.7.1.msi0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\MSI4DCC.tmp2%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI4F06.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI4F26.tmp0%ReversingLabs
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe0%ReversingLabs
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\MD5CHAP.dll3%ReversingLabs
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe0%ReversingLabs
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\loadserv.exe0%ReversingLabs
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\DIFxAPI.dll0%ReversingLabs
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\DrvInstLauncher.exe0%ReversingLabs
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe0%ReversingLabs
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SetupSysDriver.exe0%ReversingLabs
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\snti386.dll0%ReversingLabs
C:\Windows\Installer\MSIE52F.tmp0%ReversingLabs
C:\Windows\Installer\MSIEA41.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.52.160.85
unknownUnited States
16625AKAMAI-ASUSfalse
1.1.1.1
unknownAustralia
13335CLOUDFLARENETUSfalse
23.77.240.155
unknownUnited States
16625AKAMAI-ASUSfalse

Private

IP
127.0.0.1

General Information

Joe Sandbox Version:38.0.0 Beryl
Analysis ID:1309162
Start date and time:2023-09-15 20:21:21 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:26
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample file name:Sentinel Protection Installer 7.7.1.msi
Detection:MAL
Classification:mal52.evad.winMSI@28/43@0/6
Cookbook Comments:
  • Found application associated with file extension: .msi
  • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.52.160.85, 23.77.240.155
  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • VT rate limit hit for: Sentinel Protection Installer 7.7.1.msi

Created / dropped Files

C:\Config.Msi\50c4b3.rbs

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):31494
Entropy (8bit):5.792929253588475
Encrypted:false
SSDEEP:
MD5:29841547DA41A08A97AD22ED9BC6312D
SHA1:E9455C8C7642F5DE95A2178E62F85CD91D59456E
SHA-256:A1F6DE0F51A6852C881E0F02AE19171F9A792ECBE705C5A7FCE20BEDE28FC16B
SHA-512:8C7AC0B72C37379B3810AF90AD40D4558663C479ACEDB27D0A38EF759C256E8993E79F564A9F9B2C83CFB137062D79669CD7416A5991889CCDF8304EB04AFC4D
Malicious:false
Reputation:low
Preview:...@IXOS.@.....@./W.@.....@.....@.....@.....@.....@......&.{030D19D4-E290-4136-B909-B09D437F380A}#.Sentinel Protection Installer 7.7.1'.Sentinel Protection Installer 7.7.1.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{F013BA13-3B5F-45FA-A1C5-7D8CA9AF0666}.....@.....@.....@.....@.......@.....@.....@.......@....#.Sentinel Protection Installer 7.7.1......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F33251C5-DCBF-4D2B-8F17-1D54F8332ACE}&.{030D19D4-E290-4136-B909-B09D437F380A}.@......&.{DBDD908C-77E6-4643-AF39-9EF592E1ED4F}&.{030D19D4-E290-4136-B909-B09D437F380A}.@......&.{D5D01AE5-464D-4904-BE14-493AC1D3F708}&.{030D19D4-E290-4136-B909-B09D437F380A}.@......&.{F236D834-72D1-11D4-82DC-00D0B72E1DB9}&.{030D19D4-E290-4136-B909-B09D437F380A}.@......&.{20E35F30-736E-4F9E-86D2-64A5EC03A40D}&.{030D19D4-E290-4136-B909-B09D437F380A}.@......&.{A6C4253F-8A78-4030-8026-E8C8E9A8D5A1}&.{030D19D4-E290-

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):51552
Entropy (8bit):6.048263027388806
Encrypted:false
SSDEEP:
MD5:7282E8C78BD3E795C883AFA736278724
SHA1:81EF496DD0515277FAE1BCC05C5881F7E25A6B43
SHA-256:2A1CA1F2FB3E60140044F3C93B49CD91A45A1E0827126B41A82156290B7C1F47
SHA-512:08827354710696A24E35079DA8E8085EE83C6F835A2365F63A11E873FA53A1DA53EDDC9E9F3BF6024054A293AAA6C490D28063F597C4402B0C57E89486269DAB
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k......................6.......]...............................6.......f.......Rich............PE..L...Jz.P.................p...0....................@.................................>.......................................D...d.......................`............................................................................................text....f.......p.................. ..`.rdata..............................@..@.data...."..........................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\MD5CHAP.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):44688
Entropy (8bit):4.735035812631525
Encrypted:false
SSDEEP:
MD5:5A6F1746D887EF803636D63F98B1B8E3
SHA1:A546A036FBFC4FA6040DF7A6E47FD184CF791BED
SHA-256:AA2B65FA42375A08D7EB539291D21470F2435BA59B670206550EB9836D7488AC
SHA-512:CB29AEB1E6C54964922C5698672BFC2575D57291A42DB9CC444AA0A447CD3B59E7405738AD1E1EC986AAD227257072C067C88FCA61462A63A1518DFE94DCBDAA
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 3%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\...=..=..=..!..=.."..=..=..=.$"...=.t;..=.$"..=.Rich.=.........................PE..L...R..X...........!.....@...P.......C.......P......................................g................................R......XP..<....................................................................................P..X............................text....4.......@.................. ..`.rdata.......P.......P..............@..@.data........`.......`..............@....rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\root\Cancelinfo.html

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:HTML document, ASCII text, with very long lines (344), with CRLF line terminators
Category:dropped
Size (bytes):3879
Entropy (8bit):5.438163307357986
Encrypted:false
SSDEEP:
MD5:53EF163DEFFBE8816724E81BE9BE1326
SHA1:DA4A311AF5EC8C159FB5B8C9895CEEA7E62078DD
SHA-256:9143A8EEC71CD73F4528FB7668FAD85BB0DEBCF01AB6E5A5074EC594E013329F
SHA-512:8CCE656704E25FF55DAB231089D56F69398AAB9E31671343603B628AE44ABAEBC70B9958B1C57A9C2815C6A2D14940ABE3508814D61D87AAF4A2F58BD44605AD
Malicious:false
Reputation:low
Preview: ../*******************************************************************/../* */../* Copyright (C) 2016 SafeNet, Inc. All Rights Reserved. */../* */../*******************************************************************/..-->..<!DOCTYPE html>..<HTML>..<HEAD>..<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252" />..<meta http-equiv='cache-control' content='no-cache'>...<meta http-equiv='expires' content='0'>...<meta http-equiv='pragma' content='no-cache'>..<TITLE>Sentinel License Monitor</TITLE>....<META HTTP-EQUIV="Pragma" CONTENT="no-cache">.. <style type="text/css" media="all">.. .RowData{...padding: 2px 3px 3px 2px;...height: 680px;...margin: 10px 10px 10px 0px;..}...MainWindow{...margin: 10px 10px 10px 0px;...height: 755px;...float: left;...padding: 4px 4px 4px 4px;...cursor:default;...}...InnerFrame{...margin: 10px 10px 10

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\root\keyinfo.html

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):3668
Entropy (8bit):5.305978365928665
Encrypted:false
SSDEEP:
MD5:247CC29033F4F9EE7C17192A88AE6598
SHA1:2994D29C61CDE84DA216FD84D23B3491807DD1DE
SHA-256:A4E1CCCE1F8D76219AE802F795D8C07656D5E55E921490323B4536D7DBE78462
SHA-512:17662FD542103FB62A7125956712DC5B42CB8F385084FAE48D1CDEA8A66C9A9A1094AD7F33B3C2F33EAA4D9FBEDB034DAF82D97862BA7F05EAD787FC257D2EE6
Malicious:false
Reputation:low
Preview: ../*******************************************************************/../* */../* Copyright (C) 2016 SafeNet, Inc. All Rights Reserved. */../* */../*******************************************************************/..-->..<!DOCTYPE html>..<html>.. <head>.. <meta http-equiv="Content-Type" content="text/html; charset=Windows-1252" />.. <meta http-equiv="x-ua-compatible" content="IE=Edge" >.. <meta http-equiv='cache-control' content='no-cache'>.. <meta http-equiv='expires' content='0'>.. <meta http-equiv='pragma' content='no-cache'>..<title>Sentinel License Monitor</title>..<style type="text/css">...title { color: white; font-family:"Times New Roman", Times, serif; font-size: 30px;font-weight: bold;background-color:#00005b;width:100% } ...header { color: #00005b; font-family:"Times New Roman", Times, serif; font-size: 14px;font-weight: bold;

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):359416
Entropy (8bit):6.496777703066146
Encrypted:false
SSDEEP:
MD5:A31CA0684D86A07A100729A60030084D
SHA1:7A5B77B88556193F6FFC811C64907FDEE919B6F1
SHA-256:C0BB63DABF79224C42A6066F9C462838858DA09AFEF93BCA261694639338D048
SHA-512:F8F84F1C43674C51BA2C667418577641382E5963267B24D8DFEFC315A21767996AAFB926B8B91BB26D2B0264CDA450AF21EAFE5C9270CC6CEEB6F74B1E4E9286
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................s....3.........R.....&..H....Rich...................PE..L...;\.`............................>"............@..........................P..................................................d....@...............`..................................................................H............................text.............................. ..`.rdata...4.......@..................@..@.data... 8.......P..................@....rsrc........@.......P..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\loadserv.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):55648
Entropy (8bit):5.9283177359507295
Encrypted:false
SSDEEP:
MD5:8F64DFE81D584056586D28E92ED1B16E
SHA1:44562F0C89F1ECFF49B36597188748B9D1F781FE
SHA-256:1B7ADB9CCA74E2A127751E4D31E78699E19A2717EDC318942C4DE87CCD82FB38
SHA-512:29A78FC2C1850BC6E31136801D63249ECE767944155FF2EA697A781BB0B92BCB4726FFC60C184E757FCCC723C89B19BFAB07DCAC75217B2844DE0BC35CC78D9B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<sK.R K.R K.R ..Y J.R ..\ _.R ).A D.R K.S ;.R ..X 0.R ..T J.R RichK.R ................PE..L...Ez.P.................p...p......J1............@..................................%..................................................................`...............................................................t............................text....n.......p.................. ..`.rdata..............................@..@.data...(E....... ..................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\loadserv.exe.manifest

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):527
Entropy (8bit):4.81780545449084
Encrypted:false
SSDEEP:
MD5:28A3B4EDBA72E16A780E58D75BCC79C4
SHA1:4231767D11D0EF1D3905CDB0D78E5C10E0AA6F18
SHA-256:438DDC8BE2A7253566272133429D1F044F8146ECE031DFCC87CA080E17068ACC
SHA-512:13337B7DF6F75A87C033678BFC89BCD600D68CCA6EA1752D11313747592E8A0BD953893404B94EEBEE35E92B5C68CB7755148D9B5227DC1366763EA46ADF97D3
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">.. <ms_asmv2:security>.. <ms_asmv2:requestedPrivileges>.. <ms_asmv2:requestedExecutionLevel level="requireAdministrator" uiAccess="false">.. </ms_asmv2:requestedExecutionLevel>.. </ms_asmv2:requestedPrivileges>.. </ms_asmv2:security>.. </ms_asmv2:trustInfo>..</assembly>..

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\DIFxAPI.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):519048
Entropy (8bit):6.042930086191067
Encrypted:false
SSDEEP:
MD5:1A2E5109C2BB5C68D499E17B83ACB73A
SHA1:EFA15CFA23606DFC355D11580B509E768A50DDBB
SHA-256:E70BBCEE0D01658CCD201EBE0F0E547B9DAFF01B7C593A0FDD0C64E5F45D6F11
SHA-512:47317D24D02C4122FE175BCD7F5B3DD8823063E7EA63F83961E40F10872642D2D6F6E6ABAF5FB7630CF0E9D8CEC0D112889600B14ECB8698B81597F52D54815B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h...;...;...;..6;...;...;...;..0;...;..';...;.. ;...;..1;...;..);...;.0.;...;..7;...;..2;...;Rich...;........................PE..d.....pK.........." .................W.........a....................................x>....@..................................................................@.........................................................................0............................text............................... ..`.data...X.... ......................@....pdata......@......................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\DrvInstLauncher.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (console) x86-64, for MS Windows
Category:dropped
Size (bytes):63776
Entropy (8bit):5.982858445289493
Encrypted:false
SSDEEP:
MD5:590BC131589A7FB2D28DE4CD3A54DC66
SHA1:FACC1580EA9F6309CC3B66F95BDE939DF0D77BDB
SHA-256:B3FA7F214C70648296CCE778D3C48FC19945EECAE36D1091A554FCFF3A9B32E2
SHA-512:BD5EA38DCB3050D50757050CE382DF967105C26F2A3E0879C5850E003872443123A27BF515F58C3636A8C69839C5507240DFCF5524DF31D8222730EC6EE0B3B8
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........G.v.G.v.G.v.1,..F.v.1,..L.v.1,..B.v.G.w...v.1,....v.1,..F.v.1,..F.v.RichG.v.........PE..d...J..P..........#..........z.......%........@..............................0..............................................................T...<.... ..`............... ............................................................... ............................text.............................. ..`.rdata...(.......*..................@..@.data....?..........................@....pdata..............................@..@.rsrc...`.... ......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\DrvInstLauncher.exe.manifest

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):516
Entropy (8bit):4.821940652298173
Encrypted:false
SSDEEP:
MD5:1C1D2BBDF37D402260871D2D2092CCA1
SHA1:204686A2DED74D9619CC8CA2E0F7153BCDA1CC08
SHA-256:67D01C78DE9843533B6F59F95E328918076D8B124338EB4BCC1E29262AF390E9
SHA-512:3007B8471D858836A59EC80C7C0516F444D206C40F04D8AB3A05A16F2B25AFB98C4F171F640BAEA78892E22C421ACBF65A1221BC3E0A6E8B1F2FBC48B3325D6A
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">.. <ms_asmv2:security>.. <ms_asmv2:requestedPrivileges>.. <ms_asmv2:requestedExecutionLevel level="asInvoker" uiAccess="false">.. </ms_asmv2:requestedExecutionLevel>.. </ms_asmv2:requestedPrivileges>.. </ms_asmv2:security>.. </ms_asmv2:trustInfo>..</assembly>..

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (console) x86-64, for MS Windows
Category:dropped
Size (bytes):77600
Entropy (8bit):6.042457368139116
Encrypted:false
SSDEEP:
MD5:9F196CAABDFAEDDA36987C7E429FAC3E
SHA1:5414E988C0C63D36B747FC8474B6BEE2EE28F015
SHA-256:7B68CD46B1879C8E198B8C8E096396A8AFE1ADE6D22FB0FBBBB4DBD9BB0C600C
SHA-512:7F262C350EC984540ACF574FED326F46C32EA5CA86A0006FCE1C085CED96B29EA35892211B42DA817B18CE14EDC89A2E540D91241DB16AA48E7CFB3CA9397B29
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m..()..{)..{)..{_v.{v..{_v.{#..{.-.{+..{_v.{ ..{)..{T..{_v.{+..{_v.{(..{_v.{(..{Rich)..{........................PE..d...M..P..........#..................J........@..............................p..................................................................x....`..P....P.......... ............................................................................................text.............................. ..`.rdata...B.......D..................@..@.data....4..........................@....pdata.......P......................@..@.rsrc...P....`......................@..@........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SetupSysDriver.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):354592
Entropy (8bit):5.645642901807265
Encrypted:false
SSDEEP:
MD5:F56F6A88DA4040D3AE7EBE7EA3A6587D
SHA1:DA19A3566FE891C2C01DBA9D446FA6F9233E332D
SHA-256:670301F809CF87ED4EB6EC9B7E161B365F3D497281CB9F9DED3A94FA65F7541A
SHA-512:337915C3B64338735AC86A27B88A9A2358E677C5E9277AE29431D5F5C3AC3AF686740C3E689D28966798AC348EC2D42F2132D04B50C443A11EE4B378F208169A
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.j....[...[...[j..[...[...[...[...[...[...[...[...[...[...[\..[...[...[Rich...[........PE..L...@..P............................._............@.........................................................................0%.......................P.. ............................................................................................text............................... ..`.rdata..............................@..@.data....^...P... ...P..............@....rsrc................p..............@..@........................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\sentinel.chm

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows HtmlHelp Data
Category:dropped
Size (bytes):44287
Entropy (8bit):7.277459184983422
Encrypted:false
SSDEEP:
MD5:1B1864EAAC0AD2A85DB8E1D20716DA42
SHA1:9AF92E2425E903D6EB1CEA3735F829A5B8E21FD3
SHA-256:C78739BF279E42A77D1FAFD33BF18DDA13CF5D8544D2CBDE353C494E996DB00C
SHA-512:6A3F6CA3A1AA041102242136B6FA3E64F00AB44211341961B17D4A3887B6A6346449B1194CD723BE4A7404097137A1E39377457727849D3B8CFC0591026B4625
Malicious:false
Reputation:low
Preview:ITSF....`........=.........|.{.......".....|.{......."..`...............x.......T.......................................ITSP....T...........................................j..].!......."..T...............PMGL................./..../#BSSC..q../#IDXHDR...B.../#ITBITS..../#STRINGS...x.../#SYSTEM..V.1./#TOPICS...Bp./#URLSTR.....r./#URLTBL...2T./#WINDOWS...d.L./$FIftiMain.....$./$OBJINST...8.f./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...4../$WWKeywordLinks/..../$WWKeywordLinks/Property...0../eHelp.xml..z.s./ehlpdhtm.js.....R./RoboHHRE.lng..m.../sentinel.brs..o../sentinel.glo..../sentinel.hhc..z.../sentinel.hhk.....%/sentinelAdding_or_Editing_a_Port.htm....m./sentinelOverview.htm..$.i./sentinelRemoving_a_Port.htm..1.s./sentinelSentinel_Driver.htm....../sentineluntitled00000004.htm....}./sentineluntitled00000005.htm..$.t.::DataSpace/NameList..<(::DataSpace/Storage/MSCompressed/Content.....,,::DataSpace/Storage/MSCompressed/ControlData.j.)::DataSpace/Storage/MSCompressed/SpanInfo.b

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\snti386.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):45568
Entropy (8bit):5.686072811062115
Encrypted:false
SSDEEP:
MD5:AAE7C9F31DF6DBE2BA46BCC4F9770884
SHA1:11E355072C68A6136844DC94AF0035E784FDDA53
SHA-256:DF570C1018976672FF87E280CA38CF3E9C149790E2090825EDE890FA14E2B247
SHA-512:1A00FAD34E9363AC0D0E3086D9B714BBB8DA2DFF0BF99E54A9C896D7188CE0D1BA866343A5D69357F29B7DFAA0349CF0CAED6AE9BD030989264FACD40FE9EE41
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8..P...........!...2.t...:...0.................k.........................@..........................................I................!...................0.......................................................................................text....s.......t.................. ..`.bss.....................................rdata..?............x..............@..@.data...$............z..............@....idata...............|..............@....edata..I...........................@..@.rsrc....!......."..................@....reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SafeNet Sentinel\Sentinel Protection Installer\7.7.1\English\Help\SPInstaller.chm

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows HtmlHelp Data
Category:dropped
Size (bytes):795855
Entropy (8bit):7.990226043749416
Encrypted:true
SSDEEP:
MD5:7414904840993D24CCA034AAC943F6BF
SHA1:FBA7481299306DBF4E680E076D3E784594989229
SHA-256:2352F4469E7590928309955585923A55FDD15D67063C6BF6A3D00B52C072FF06
SHA-512:73E5AA190BC3252C6EB30099B58E1C009073F9768B354D61DC6D509B07EE5A819064ABC35813E46886941543717F25128076CCCE5224FDE913FE6CDF2F62F1F3
Malicious:false
Reputation:low
Preview:ITSF....`........,.........|.{.......".....|.{......."..`...............x.......T0.......0...............$..............ITSP....T...........................................j..].!......."..T...............PMGL:................/..../#IDXHDR....%.../#ITBITS..../#IVB..../#STRINGS...s.@./#SYSTEM...!.r./#TOPICS......p./#URLSTR...3.../#URLTBL...M.T./#WINDOWS......../$FIftiMain....f..?./$OBJINST....'.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....#../$WWKeywordLinks/..../$WWKeywordLinks/BTree......L./$WWKeywordLinks/Data....h.../$WWKeywordLinks/Map....i../$WWKeywordLinks/Property..... ./_Temp.hhc...A.B./_Temp.hhk....G.z./About_Combo_Installer.htm...`.*./Adding_a_Custom_Action.htm......&/Command-Line_Installation_Options.htm....>..*/Compatibility_and_Upgrade_Information.htm......D!/Contacting_Technical_Support.htm.....&"/Conventions_Used_in_This_Help.htm...D.../Copyright.htm...&.N./Data/Alias.xml...LI./Data/HelpSystem.xml.....T./Data/SkinSafeNet_Silver/..."/Data/SkinSafeNet_Si

C:\Program Files (x86)\SafeNet Sentinel\Sentinel Protection Installer\7.7.1\English\ReadMe.pdf

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PDF document, version 1.5, 17 pages
Category:dropped
Size (bytes):983383
Entropy (8bit):7.946229171662728
Encrypted:false
SSDEEP:
MD5:1F4E1FD319A7E83B94D179D546BC50F7
SHA1:3AF7EA24D550B3BE643AB227EF5AEA3074F29D2B
SHA-256:69ABB9553B8AE32C61B77DB6544DF8E7893270917CEFDA6343420C12FD29C3DD
SHA-512:C776A51B330BF075011A6432E27B12F1004E65E15FE304E5E8C9EF7D771A4FEB00D3DCB8FC8081689D044ACC8DA63954C420982EA6B35AB1355D2B4BAB419FB3
Malicious:false
Reputation:low
Preview:%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 108 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 17/Kids[ 3 0 R 27 0 R 29 0 R 33 0 R 40 0 R 42 0 R 58 0 R 62 0 R 64 0 R 67 0 R 73 0 R 88 0 R 92 0 R 94 0 R 96 0 R 98 0 R 100 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 13 0 R/F5 15 0 R/F6 17 0 R/F7 19 0 R/F8 21 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image26 26 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 594.96 842.04] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2472>>..stream..x..[Y..H.~WD..z...D....{f.;..V.....,aI.j.H.....Y...I.@.1m.:..*++..~Zf.o.(#o..~.h4.....1].1x......d.D.,M....._}..q.|....}O...y....@k...J.j.HN=I..M...Hr.{.x..........M..h.0..H...j....~..d.........M.C.?..?nz?......A. ..,K..e.%M..d.>UR.Y..G8'.......-.2"..P4.@....hChM}.\z..Y{

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File
Process:C:\Windows\System32\svchost.exe
File Type:data
Category:dropped
Size (bytes):1310720
Entropy (8bit):0.9441420358921558
Encrypted:false
SSDEEP:
MD5:5F6D6A6B21E8D38F309BDAB20EF7A278
SHA1:8B75DC5527C85873645039E4286777A61D8E220A
SHA-256:3A83E24B48BA5C1DC5FA6E75AFE338AE5CCA785DD33BF7440C21B73535FDAE85
SHA-512:2526F9A3575C9D7916EA2E39AB594CB156F3183459838B43620A9DC3E3F700C695C7BA2F9BD7BD494A0DFD3A142ABA5A66801220815F3E70ED703E149298CAAA
Malicious:false
Reputation:low
Preview:.!..........@..@.....y......................n........y..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@............................P.............#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File
Process:C:\Windows\System32\svchost.exe
File Type:Extensible storage engine DataBase, version 0x620, checksum 0xd180fe6f, page size 16384, DirtyShutdown, Windows version 10.0
Category:dropped
Size (bytes):786432
Entropy (8bit):0.6428990004420879
Encrypted:false
SSDEEP:
MD5:8A1947D309B47E74244FC7DAB1F3DC45
SHA1:F7CBB1ACF9BE65F2BEADF780A9B4A00181C05F57
SHA-256:42D760640F291D78F2C65213D402418500DF7D8D55D51411E5BB2135016BACCB
SHA-512:B2DFB834E6EBF32F7579020D88AE540323D4EA86B26BC5752AEB434BC877ED6B3C92FF193E102D938FB4C6C5EE2FFA4A7AF09DE214FE98FC20681A7D94C1BD10
Malicious:false
Reputation:low
Preview:..o... .......).........ah.....y......................6....... ....{.......{..h...........................n........y...........................................................................................................G......P....@...................................................................................................... ............y.......................................................................................................................................................................................................................................7.M.....{.................c.4q.....{...........................#..............................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File
Process:C:\Windows\System32\svchost.exe
File Type:data
Category:dropped
Size (bytes):16384
Entropy (8bit):0.07903024606711997
Encrypted:false
SSDEEP:
MD5:C4F4569BEF5E3BF320133AECF06A5F04
SHA1:26D8E4830EE63C4DCC6DC9EB653E3DE51F5F8D5A
SHA-256:7287AADE59295CED14368EFA23D275A26A59D2C70F99C3EB12DC605329E5063C
SHA-512:96FEC4D2F1477A7902ADE3A88830C8FDAAB735BB94E4AC467505D0EA328E774DF5D7DE5F01AE54907BE226AE01CEDBC691B31B2A5AD0CD22CD6D551C133469C4
Malicious:false
Reputation:low
Preview:>.pc.........................................y.......{.. ....{.......... ....{.. ....{....H. ....{..................c.4q.....{..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI4DCC.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):169168
Entropy (8bit):6.059248911529191
Encrypted:false
SSDEEP:
MD5:9AC43E9F162F01EB026D136B819A9E1E
SHA1:E63F01850981FB921EE15710844BA97CD5DBD664
SHA-256:1CE5A14E6A556722280B67C6A146DCC0A5A09E7E6A84B3B15FF36F3055EE5EEA
SHA-512:65B6E48C1416C76E9D19E388DEE9055345DCC62BF057DAEC9CD22DB210BE63076308FE0DE1AE4EB311C75A0BA2DA51C92414C2962DF638941CA01F7F5037FF0E
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 2%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._`,"..Bq..Bq..Bq..q..Bq<.q..Bq..q..Bq..q/.Bq..qh.Bq.y.q..Bq.y.q..Bq..Cq..Bq..q..Bq..q..Bq..q..Bq...q..Bq..q..BqRich..Bq........PE..L......[...........!.....p...$.....................................................i]..................................m............`..p............x.......p..........................................@............................................text....o.......p.................. ..`.rdata..M............t..............@..@.data....1... ......................@....rsrc...p....`.......$..............@..@.reloc...L...p...N...*..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI4F06.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):131072
Entropy (8bit):6.181763619906049
Encrypted:false
SSDEEP:
MD5:E830557C42FF5C43CC1899D18B9F7DAF
SHA1:7478FA73E57514FC80E25F12B344C497C6015772
SHA-256:4E02F63B112CF42E9BB062A8F597BDAEC9A2D96FCADBC1B301162DE49FD4B479
SHA-512:D81EA8C03B6FBE576E434CC24666E518381B5D187FC29A4D7A076EB8D49D77D4680ECD8DAF89458D9E00EEA7C6B4866CD45DBB303ED78813947713EB93A312DF
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..W[.W[.W[.,G.S[..D..[..G.B[.W[.Z[.5D.\[.W[..[..D.T[..].V[..D.V[.RichW[.................PE..L.....\...........!.....`..........@........p............................... ..............................................Dw.......................................................................................p...............................text....V.......`.................. ..`.rdata.......p... ...p..............@..@.data....Q.......@..................@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI4F26.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):131072
Entropy (8bit):6.1818300975634415
Encrypted:false
SSDEEP:
MD5:17ABC6EBEB355C504B51146CAD37AC1B
SHA1:0C8D302A3450199AC2F168E2937529200489F8A4
SHA-256:0EAAEBC9257CCA697798450D3070B9E1D92A72C11A4A666B6399CB331D9B8028
SHA-512:2F7746718306F48E970929D33D178D9C93EDC44EE98AC5179E10B0168940D176CD56AD627C256389562925615C249FFADC164835CC1A1E0175E10ACB34186301
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..W[.W[.W[.,G.S[..D..[..G.B[.W[.Z[.5D.\[.W[..[..D.T[..].V[..D.V[.RichW[.................PE..L...z..Y...........!.....`..........@........p............................... ..............................................Dw.......................................................................................p...............................text....V.......`.................. ..`.rdata.......p... ...p..............@..@.data....Q.......@..................@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\SPSScript.dat

Download File
Process:C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\SPNSrvSupport.exe
File Type:ASCII text, with no line terminators
Category:modified
Size (bytes):193
Entropy (8bit):4.75536933732641
Encrypted:false
SSDEEP:
MD5:1D90AE1B8FF94D5444CC2C4F1AEBF6D8
SHA1:D3954E24F9EFE2AD5D468893697AA7EE763F926A
SHA-256:0776CAA4CFDBEB7DD1371B647CAD7A439607CE0701C3C99BFEBA317D83712252
SHA-512:C01C5F98E6C6AA28FDDCC9B6B3F405A08E6801FDF9115507E3A1AC15B3B974247C42A0DBE569BA09995EBEF93960A0F2666ACC2A35C3B8C2DDEB29E2BA213063
Malicious:true
Reputation:low
Preview:firewall add allowedprogram program="C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" name="Sentinel Protection Server" mode=DISABLE scope=ALL

C:\Users\user\AppData\Local\Temp\script.dat

Download File
Process:C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\SHKSrvSupport.exe
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):179
Entropy (8bit):4.774302628679745
Encrypted:false
SSDEEP:
MD5:B65370797FB8505478EFFF98C9422121
SHA1:3AB1F7D1B73156DB24E40445791BEB5E94F7B3A6
SHA-256:D7FDA51621A20B826C7DBB9DFFBB38E614FEADF73FC4CDFE41D6B06BED8C50BC
SHA-512:773CBBCE356A56D46F8E4C9DE65F1AEABA7C595ACE44D1A35265B148A11247861A948002BE375CECC133943B8A40054A7A3E91A9923DA82B381F71D34243C9C5
Malicious:false
Reputation:low
Preview:firewall add allowedprogram program="C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" name="Sentinel Keys Server" mode=DISABLE scope=ALL

C:\Windows\INF\setupapi.dev.log

Download File
Process:C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDriverInstallSupport.exe
File Type:Generic INItialization configuration [BeginLog]
Category:dropped
Size (bytes):114087
Entropy (8bit):5.218266003801537
Encrypted:false
SSDEEP:
MD5:F6101B292809F63E57DAA13CE17EED0B
SHA1:565858986E02CFEA3DDCF3A41E922AD2F4F4EEED
SHA-256:5D25DCAF064095C6CA935531AE904819198DBA7F741CBA76C348F3D705D0F3E3
SHA-512:CD447710A68062D9C35522C5C5A88C03E87F62F0DD4C716CB5B9C2576272F10B98F82A8C6830E55AC88ABF4CCCF732BCCD638A12C5AB0AF104186D4F8317D8B8
Malicious:false
Reputation:low
Preview:[Device Install Log].. OS Version = 10.0.18363.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2021/05/27 07:15:46.500]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2021/05/27 07:18:03.852.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.18362.1.. inf: Catalog File: prnms009.cat.. pol: {Driver package policy check} 07:18:03.883.. pol: {Driver package policy check - exit(0x00000000)} 07:18:03.883.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 07:18:03.915.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 07:18:03.915.. inf: Driver package 'prnms009.Inf' is

C:\Windows\Installer\50c4b2.msi

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Comments: Installs the Sentinel System Driver and Sentinel Protection Server., Keywords: Sentinel Protection Installer, Subject: Sentinel Protection Installer 7.7.1, Author: SafeNet, Inc., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2018 - Premier Edition with Virtualization Pack 24, Revision Number: {F013BA13-3B5F-45FA-A1C5-7D8CA9AF0666}, Last Saved Time/Date: Mon Jul 5 14:03:43 2021, Create Time/Date: Mon Jul 5 14:03:43 2021, Last Printed: Mon Jul 5 14:03:43 2021, Code page: 1252, Template: Intel;1033
Category:dropped
Size (bytes):7753728
Entropy (8bit):7.160427738397249
Encrypted:false
SSDEEP:
MD5:EFAE62C4EF283892A0F5863D6F79CC5A
SHA1:9EC3B5ABBA73A8E91D5F78018DB5C8BC499DC860
SHA-256:796697A69E5B9809798096746D2B2466FD8CBC794034CBC1FC664D151E618739
SHA-512:54629262C7EBA2288E91B6096060EBE83D94367B8853CD4471246EBABE5592DBF07B3F5B2214B6191F0F8AB230534DA8D672EBE77E703BDA49CC42260AA61AFD
Malicious:false
Reputation:low
Preview:......................>...................w...............8........6..................................L...............................................................................L........................................................................................................................................................ ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........;...............................................................................................................!... ...)..."...#...$...%...&...'...(.......*...3...,...-......./...0...1...2...A...4...5...6...7...>...M...:...<.......=.......?...@...C...B...X...D...E...F...G...H...I...J...N...L...........O...P...Q...R...S...T...U...V...W...Z...Y...j...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...l...k...~...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Windows\Installer\MSIC917.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):128627
Entropy (8bit):5.266557350142717
Encrypted:false
SSDEEP:
MD5:8B25BD65CCE393683F029E06D41B78CE
SHA1:384B04E582929446DDFAEF563FA132FF697FC84B
SHA-256:AE972CCC2EAEDBB25CDFA60E8FCBC29425D582B86A469DC07B4A4D7650EC840F
SHA-512:C34A5967BFAAF13FAE94D89ADAAE3B040AFC60A2746D095CE22078BD4297FCEF9C285B86F10F7EE55B57C97FABA301CA12F20A19B04C7D978706A3C8E8A1702F
Malicious:false
Reputation:low
Preview:...@IXOS.@.....@./W.@.....@.....@.....@.....@.....@......&.{030D19D4-E290-4136-B909-B09D437F380A}#.Sentinel Protection Installer 7.7.1'.Sentinel Protection Installer 7.7.1.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{F013BA13-3B5F-45FA-A1C5-7D8CA9AF0666}.....@.....@.....@.....@.......@.....@.....@.......@....#.Sentinel Protection Installer 7.7.1......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{51D8ED98-63A6-47CF-984F-50052E95FA3E}&.{030D19D4-E290-4136-B909-B09D437F380A}..&.{51D8ED98-63A6-47CF-984F-50052E95FA3E}...@.....@......&.{BEDF2316-F2EC-466C-8997-1142931BCF5C}&.{030D19D4-E290-4136-B909-B09D437F380A}..&.{BEDF2316-F2EC-466C-8997-1142931BCF5C}...@.....@......&.{1885E4B2-6955-11D4-82CB-00D0B72E1DB9}&.{030D19D4-E290-4136-B909-B09D437F380A}..&.{1885E4B2-6955-11D4-82CB-00D0B72E1DB9}...@.....@......&.{1885E4B4-6955-11D4-82CB-00D0B72E1DB9}&.{030D

C:\Windows\Installer\MSIE52F.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):131072
Entropy (8bit):6.181778090112811
Encrypted:false
SSDEEP:
MD5:25AE4066F2057C81A4D8ACBBFF5D48E2
SHA1:1819BD4E5879F6CE80FC42F847FA756867FB1BFD
SHA-256:5C036EEAF850208899203EB75DCFE5912AD05EF0748F80E9CA561D9BBE2D8BB1
SHA-512:B1FFBC90F943DFCDFEBAFA790A475B377EB93D1F1F21BD90AD4A111921D4E54747F544053C56B3B1910271835FFB9C9EFA6F6FBFD577D0FF8361DCA1843ECB1B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..W[.W[.W[.,G.S[..D..[..G.B[.W[.Z[.5D.\[.W[..[..D.T[..].V[..D.V[.RichW[.................PE..L...?..`...........!.....`..........@........p............................... ..............................................Dw.......................................................................................p...............................text....V.......`.................. ..`.rdata.......p... ...p..............@..@.data....Q.......@..................@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIEA41.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:modified
Size (bytes):137792
Entropy (8bit):6.285782721335636
Encrypted:false
SSDEEP:
MD5:5CA635BF10EEF0DCEF481354B4AC9F8F
SHA1:EB2075BD27F40EF4BF0884C7CBDA08DCC53D26DF
SHA-256:CE53543ECA68A1F589FAB9722196C6DF44A6998BCF5DCCD3F67006124C736218
SHA-512:8C72ACA7F0550518800494E2D91E16BF4F2908D6BCEBDD688992570EB16D5EDE51430718CADF90D4690F3C0B7B49B3C4D8FD7D8A1B1E63FBF2E1445AB868E6DD
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..W[.W[.W[.,G.S[..D..[..G.B[.W[.Z[.5D.\[.W[..[..D.T[..].V[..D.V[.RichW[.................PE..L...z..Y...........!.....`..........@........p............................... ......r?......................................Dw..........................@............................................................p...............................text....V.......`.................. ..`.rdata.......p... ...p..............@..@.data....Q.......@..................@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{030D19D4-E290-4136-B909-B09D437F380A}

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.1776366394091928
Encrypted:false
SSDEEP:
MD5:47A317671A7901F638F1263EF1D59165
SHA1:3C60736ECC4B54157770E18CB135A49175301D52
SHA-256:6D53774A97A85EC4D160AE9DD6251A905D72C16029105762420B9C9C934D3C5C
SHA-512:E9A38AB817FC97C1D4E0AAC10A1200C412C008708EE2ED8AA7AE2E4DD88557D67A1D5E4E28F16F96A2C323CA5DEA72ECD2B01571E415FFDCC3ED20210C3DB6FE
Malicious:false
Reputation:low
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.3558395591563919
Encrypted:false
SSDEEP:
MD5:9686A934323134E77658FDA7B596BA32
SHA1:4D1B7AEEB1DD316F0613EAF26F39ECC8C328E0C7
SHA-256:7E1E8B9B47B3F6B2773E15CC03B4FA8111EE79D7F3DA84DF91C00AA778345D71
SHA-512:737C8789C331722FC4CDB9F2283FD41BF1AAB16C085297269BD17A5D35E83C694FAC35A6286C3B6716D048230057D9ADF301A387CF7AE648C36B6472294803F4
Malicious:false
Reputation:low
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):323399
Entropy (8bit):5.392651444566567
Encrypted:false
SSDEEP:
MD5:73824B46A4750606BAE8E936C8EAA3EC
SHA1:E8300FFE913E898688219DA0D627A7EDC116C569
SHA-256:00A0082BB64791FC6B6EC4AC103F68A8400F50ED8EF0FEE21B45919C37429D57
SHA-512:3024570BCC22500CE8457E5CE9A2A58921AA6289576736E19F4CC28D71037C7DBCDC7BC3938F3F6488142BD8766A93EE21EC62899210BD4507B233852E90F0DB
Malicious:false
Reputation:low
Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..03/19/2019 06:29:48.034 [4768]: Command line: D:\wd\compilerTemp\BMT.thr2gc0c.r44\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..03/19/2019 06:29:48.065 [4768]: Executing command from offline queue: install "System.IdentityModel.Selectors, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:3..03/19/2019 06:29:48.065 [4768]: Exclusion list entry found for System.IdentityModel.Selectors, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil; it will not be installed..03/19/2019 06:29:48.065 [4768]: Executing command from offline queue: install "System.AddIn.Contract, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:3..03/19/2019 06:29:48.065 [4768]: Exclusion

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File
Process:C:\Windows\System32\svchost.exe
File Type:JSON data
Category:dropped
Size (bytes):55
Entropy (8bit):4.306461250274409
Encrypted:false
SSDEEP:
MD5:DCA83F08D448911A14C22EBCACC5AD57
SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:false
Reputation:low
Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\System32\catroot2\dberr.txt

Download File
Process:C:\Windows\System32\drvinst.exe
File Type:ASCII text, with CRLF line terminators
Category:modified
Size (bytes):184155
Entropy (8bit):5.36224162441172
Encrypted:false
SSDEEP:
MD5:3BC75446858B05FF3CA4BBC7C6CD2078
SHA1:2968E2733C3C484F93C8F8773261147025CA7D4D
SHA-256:5C97B20DA3C5F3FCB921FB49EDCAF60BB5BCA61FAEC21C93A90A053C415DE2FA
SHA-512:822BCDFEC26660B19E445A5E8DD6235D19F2644ED87EBDAB777EA6827E23A0BF40208D16D50884505E6DF985535323F84FA8DAF7225AF45C84C536579DA52B27
Malicious:false
Reputation:low
Preview:CatalogDB: 7:15:57 AM 5/27/2021: SyncDB:: DeleteCatalog: Containers-ApplicationGuard-Package~31bf3856ad364e35~amd64~~10.0.18362.1.cat..CatalogDB: 7:15:59 AM 5/27/2021: SyncDB:: DeleteCatalog: Containers-ApplicationGuard-Shared-Package~31bf3856ad364e35~amd64~~10.0.18362.1.cat..CatalogDB: 7:15:59 AM 5/27/2021: SyncDB:: DeleteCatalog: Containers-ApplicationGuard-Shared-windows-Package~31bf3856ad364e35~amd64~~10.0.18362.1.cat..CatalogDB: 7:15:59 AM 5/27/2021: SyncDB:: DeleteCatalog: Containers-Client-Manager-onecore-Package~31bf3856ad364e35~amd64~~10.0.18362.1.cat..CatalogDB: 7:15:59 AM 5/27/2021: catdbsvc.cpp at line #1470 encountered error 0x0000012f..CatalogDB: 7:15:59 AM 5/27/2021: catdbsvc.cpp at line #2046 encountered error 0x0000012f..CatalogDB: 7:15:59 AM 5/27/2021: catdbsvc.cpp at line #2359 encountered error 0x0000012f..CatalogDB: 7:15:59 AM 5/27/2021: catdbsvc.cpp at line #1245 encountered JET error -1601..CatalogDB: 7:15:59 AM 5/27/2021: catdbsvc.cpp at line #1245 encounter

C:\Windows\Temp\~DF4514201210CF4DB7.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.081329234080489
Encrypted:false
SSDEEP:
MD5:27040B6F879A0F1348DA84709CD88EC6
SHA1:9C299B1107854AC617E8C52912956BE676F61156
SHA-256:A3F16CA04DAB4C201FFB194B73538D0148D5A929B13DBBD38FF6FA78BD440C06
SHA-512:C85EFC42DAD721ADB9E0F5AC8061A895D9E88C396212109B3635BB9D4F3C3C197B09E7EBBFE3749E26DCC9211683282469FAA57BB4B04FEA34F2BD879BE644AD
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF81310A80FF017894.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):65536
Entropy (8bit):1.9767319518331856
Encrypted:false
SSDEEP:
MD5:E0C2ECB28C7A3A17ADFFDE573471AE01
SHA1:69CA10B3B3694FDD3BFCD03613FD011D833E0322
SHA-256:D2EDF7EC75526B7B6878D89B7BAA9837A0E5122A98765459300E98E7EAE4B8CC
SHA-512:201D8DC0BE527C7CA11CA66219B0E7286C8087C6E629914517A65D9733C9AEB3C5B64605A211998DBF081668908D30CF97E4CE1E212A29ACE92163B93DBB49AD
Malicious:false
Reputation:low
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFCFFD9069FA89B9A0.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Reputation:low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFFB3866580618CCD9.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):94208
Entropy (8bit):1.0106101005472101
Encrypted:false
SSDEEP:
MD5:7F3BA996F0C87CADEE60EBC68A62EA9A
SHA1:5F8BAB0BEF3C704536CB0457864D2CED91E8E459
SHA-256:5EF2BF7A7C44D6E6EAE2760B3558C9F6EEFDCF18F03F0C06B01F0DC266161B58
SHA-512:4F7D21248EE78D81B3E6D43403751EF8F37E0B0B44017037E5F811DDAF3C24C1FC7A905DBC4306B436ED438337FF691A98D32482A25E66CE9256933518E48410
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv

Download File
Process:C:\Windows\SysWOW64\netsh.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):308
Entropy (8bit):4.953397043011803
Encrypted:false
SSDEEP:
MD5:DB5E44074A6297B954B50CD3180DC2F1
SHA1:807A43DFDD83D558FD79E94A2205A4932C071DBB
SHA-256:CCFEC1ED9898EDE159D664F8872F8F44F9774BDD3E76491A23D530A3AFF46F28
SHA-512:07DB4DACFE39E3B692A11F61E6288DC28D80C7AEADE53161F5215544BDDD018A44CC8332A40C2636EFF3D3D5FD61EE804A326451B1D0ED248E502F7C24724891
Malicious:false
Reputation:low
Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .......

Static File Info

General

File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Comments: Installs the Sentinel System Driver and Sentinel Protection Server., Keywords: Sentinel Protection Installer, Subject: Sentinel Protection Installer 7.7.1, Author: SafeNet, Inc., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2018 - Premier Edition with Virtualization Pack 24, Revision Number: {F013BA13-3B5F-45FA-A1C5-7D8CA9AF0666}, Last Saved Time/Date: Mon Jul 5 14:03:43 2021, Create Time/Date: Mon Jul 5 14:03:43 2021, Last Printed: Mon Jul 5 14:03:43 2021, Code page: 1252, Template: Intel;1033
Entropy (8bit):7.160427738397249
TrID:
  • Windows SDK Setup Transform Script (63028/2) 47.91%
  • Microsoft Windows Installer (60509/1) 46.00%
  • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
File name:Sentinel Protection Installer 7.7.1.msi
File size:7'753'728 bytes
MD5:efae62c4ef283892a0f5863d6f79cc5a
SHA1:9ec3b5abba73a8e91d5f78018db5c8bc499dc860
SHA256:796697a69e5b9809798096746d2b2466fd8cbc794034cbc1fc664d151e618739
SHA512:54629262c7eba2288e91b6096060ebe83d94367b8853cd4471246ebabe5592dbf07b3f5b2214b6191f0f8ab230534da8d672ebe77e703bda49cc42260aa61afd
SSDEEP:98304:HdbALCBSz1Yy8GqwwSqs3otFfHK5oYyAIIjWTiCGm3fvrUIgCEB25r5mQSU3xADI:H+zPXYtocTiCZ3fvII6g5j3s515u
TLSH:FA76D01272C58071E0FB063B94FA1771073AFD746B36C28B77A07D5D9CB2A90952A7B2
File Content Preview:........................>...................w...............8........6..................................L...............................................................................L......................................................................

File Icon

Icon Hash:2d2e3797b32b2b99