General Info

File name

setup-emtas-lut-1_3_4.exe

Full analysis
https://app.any.run/tasks/f0851955-a699-451e-a494-dfe78a7550e9
Verdict
Malicious activity
Analysis date
5/15/2019, 12:43:01
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

c8ebd4d7797961c502372402adc508da

SHA1

f9cec388aa10721fa7dadcac090f65cedb271afb

SHA256

9a6a1f49044005795c96c2061daa8f26b095873c77f24822d2519405a6778750

SSDEEP

196608:QVdULhOX+BPX3yt7TPj/yv580RAGaVbCJLQdRo99YnqyAohs3:ayLhi+PSRTPjay0RALNOCJy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • LUTClient.exe (PID: 2300)
Application was dropped or rewritten from another process
  • LUTClient.exe (PID: 2300)
Executable content was dropped or overwritten
  • setup-emtas-lut-1_3_4.tmp (PID: 1508)
  • setup-emtas-lut-1_3_4.exe (PID: 3520)
  • setup-emtas-lut-1_3_4.exe (PID: 3312)
Dropped object may contain Bitcoin addresses
  • setup-emtas-lut-1_3_4.tmp (PID: 1508)
Creates a software uninstall entry
  • setup-emtas-lut-1_3_4.tmp (PID: 1508)
Creates files in the program directory
  • setup-emtas-lut-1_3_4.tmp (PID: 1508)
Application was dropped or rewritten from another process
  • setup-emtas-lut-1_3_4.tmp (PID: 1508)
  • setup-emtas-lut-1_3_4.tmp (PID: 2368)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (77.7%)
.exe
|   Win32 Executable Delphi generic (10%)
.dll
|   Win32 Dynamic Link Library (generic) (4.6%)
.exe
|   Win32 Executable (generic) (3.1%)
.exe
|   Win16/32 Executable Delphi generic (1.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
41472
InitializedDataSize:
14848
UninitializedDataSize:
null
EntryPoint:
0xaa98
OSVersion:
1
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
0.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
emtas GmbH
FileDescription:
License and Update Tool Setup
FileVersion:
LegalCopyright:
ProductName:
License and Update Tool
ProductVersion:
1.3.4
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
emtas GmbH
FileDescription:
License and Update Tool Setup
FileVersion:
null
LegalCopyright:
null
ProductName:
License and Update Tool
ProductVersion:
1.3.4
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x0000A1D0 0x0000A200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.64375
DATA 0x0000C000 0x00000250 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.74012
BSS 0x0000D000 0x00000E94 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0000E000 0x0000097C 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.48608
.tls 0x0000F000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x00010000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.190489
.reloc 0x00011000 0x0000091C 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0
.rsrc 0x00012000 0x00002968 0x00002A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 5.33009
Resources
1

4089

4090

4091

4093

4094

4095

11111

MAINICON

Imports
    kernel32.dll

    user32.dll

    oleaut32.dll

    advapi32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
41
Monitored processes
5
Malicious processes
1
Suspicious processes
0

Behavior graph

+
drop and start start drop and start setup-emtas-lut-1_3_4.exe setup-emtas-lut-1_3_4.tmp no specs setup-emtas-lut-1_3_4.exe setup-emtas-lut-1_3_4.tmp lutclient.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3312
CMD
"C:\Users\admin\AppData\Local\Temp\setup-emtas-lut-1_3_4.exe"
Path
C:\Users\admin\AppData\Local\Temp\setup-emtas-lut-1_3_4.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
emtas GmbH
Description
License and Update Tool Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\setup-emtas-lut-1_3_4.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-uqi2m.tmp\setup-emtas-lut-1_3_4.tmp

PID
2368
CMD
"C:\Users\admin\AppData\Local\Temp\is-UQI2M.tmp\setup-emtas-lut-1_3_4.tmp" /SL5="$7011E,9363892,57344,C:\Users\admin\AppData\Local\Temp\setup-emtas-lut-1_3_4.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-UQI2M.tmp\setup-emtas-lut-1_3_4.tmp
Indicators
No indicators
Parent process
setup-emtas-lut-1_3_4.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-uqi2m.tmp\setup-emtas-lut-1_3_4.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll

PID
3520
CMD
"C:\Users\admin\AppData\Local\Temp\setup-emtas-lut-1_3_4.exe" /SPAWNWND=$801F8 /NOTIFYWND=$7011E
Path
C:\Users\admin\AppData\Local\Temp\setup-emtas-lut-1_3_4.exe
Indicators
Parent process
setup-emtas-lut-1_3_4.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
emtas GmbH
Description
License and Update Tool Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\setup-emtas-lut-1_3_4.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-cj3ma.tmp\setup-emtas-lut-1_3_4.tmp

PID
1508
CMD
"C:\Users\admin\AppData\Local\Temp\is-CJ3MA.tmp\setup-emtas-lut-1_3_4.tmp" /SL5="$60284,9363892,57344,C:\Users\admin\AppData\Local\Temp\setup-emtas-lut-1_3_4.exe" /SPAWNWND=$801F8 /NOTIFYWND=$7011E
Path
C:\Users\admin\AppData\Local\Temp\is-CJ3MA.tmp\setup-emtas-lut-1_3_4.tmp
Indicators
Parent process
setup-emtas-lut-1_3_4.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-cj3ma.tmp\setup-emtas-lut-1_3_4.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msls31.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\emtas\licenseandupdatetool\lutclient.exe
c:\program files\emtas\licenseandupdatetool\unins000.exe
c:\windows\system32\netutils.dll

PID
2300
CMD
"C:\Program Files\emtas\LicenseAndUpdateTool\LUTClient.exe"
Path
C:\Program Files\emtas\LicenseAndUpdateTool\LUTClient.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\emtas\licenseandupdatetool\lutclient.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\emtas\licenseandupdatetool\qt5core.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\program files\emtas\licenseandupdatetool\libgcc_s_dw2-1.dll
c:\program files\emtas\licenseandupdatetool\libwinpthread-1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\emtas\licenseandupdatetool\libstdc++-6.dll
c:\program files\emtas\licenseandupdatetool\qt5gui.dll
c:\program files\emtas\licenseandupdatetool\qt5network.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\program files\emtas\licenseandupdatetool\qt5widgets.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\emtas\licenseandupdatetool\platforms\qwindows.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll

Registry activity

Total events
581
Read events
550
Write events
30
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
E4050000640520070B0BD501
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
442644D68434D465677DAD64C300F497B81CB484F9CDB074912CA36FFC8C7698
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\Program Files\emtas\LicenseAndUpdateTool\LUTClient.exe
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
61576A6ED3F687572DD3430257C0DE50B22E25EEED1FA51A1E9056E1F7069FAA
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
Inno Setup: Setup Version
5.5.9 (a)
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
Inno Setup: App Path
C:\Program Files\emtas\LicenseAndUpdateTool
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
InstallLocation
C:\Program Files\emtas\LicenseAndUpdateTool\
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
Inno Setup: Icon Group
emtas
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
Inno Setup: User
admin
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
Inno Setup: Selected Tasks
desktopicon
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
Inno Setup: Deselected Tasks
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
Inno Setup: Language
english
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
DisplayName
License and Update Tool version 1.3.4
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
UninstallString
"C:\Program Files\emtas\LicenseAndUpdateTool\unins000.exe"
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
QuietUninstallString
"C:\Program Files\emtas\LicenseAndUpdateTool\unins000.exe" /SILENT
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
DisplayVersion
1.3.4
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
Publisher
emtas GmbH
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
URLInfoAbout
http://www.emtas.de
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
HelpLink
http://www.emtas.de
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
URLUpdateInfo
http://www.emtas.de
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
NoModify
1
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
NoRepair
1
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
InstallDate
20190515
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
MajorVersion
1
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
MinorVersion
3
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
VersionMajor
1
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
VersionMinor
3
1508
setup-emtas-lut-1_3_4.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{011EA9EB-A81E-499E-831D-5BFB8719853F}}_is1
EstimatedSize
31043
1508
setup-emtas-lut-1_3_4.tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
2300
LUTClient.exe
write
HKEY_CURRENT_USER\Software\emtas\License and Update Tool\Proxysettings
proxy
0;server;3128;;;0;;

Files activity

Executable files
18
Suspicious files
2
Text files
2
Unknown types
4

Dropped files

PID
Process
Filename
Type
3312
setup-emtas-lut-1_3_4.exe
C:\Users\admin\AppData\Local\Temp\is-UQI2M.tmp\setup-emtas-lut-1_3_4.tmp
executable
MD5: af615d2eefde6248f1184bb823d7b9f1
SHA256: 946c256db68f0512315b9145ac1ac5916b145ec52808195ac89e794b1eaa5864
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\libwinpthread-1.dll
executable
MD5: a8b06665266ff02d5e9847ad828f9ee0
SHA256: 712003aa990c4f9a1ee3cd044b8fd6abc44531710b7e42688b3767348330564b
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\libGLESV2.dll
executable
MD5: 8f56063524a4a5b1ada8fce03e682e51
SHA256: cf0b091176869e3bd0f2518634a7b94f00a64e5c1c06257410a0db1dbc0a1444
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\libgcc_s_dw2-1.dll
executable
MD5: 043b39434829ce93637b1801d57b2082
SHA256: 4d2e2d408d399d066b0aaef2047f7a33515c13c589832de0d9f1ba87a530c394
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\libeay32.dll
executable
MD5: 9c8b228d392411aeec50905c2d80cf5d
SHA256: 2c125702a00050b7175befb29e58749c8b63e33d51e6093ac04175c303084a83
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\quazip.dll
executable
MD5: c29a9e8c0c9fb4ccbac8153f5252da9d
SHA256: ff1c394cd7f89be8571978b24ab6827b48b5b125305df1cec40778bd8a22ee89
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\ssleay32.dll
executable
MD5: 4f6c3a3d796010f3f451ff9c2a71fbe1
SHA256: 9587a5260090e72dae77a9bd9296e5f7810b656443b08ff5bc61b11b7b53ffaa
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\LUTClient.exe
executable
MD5: d9b8e5bce9c99ab477c66bcd59788d86
SHA256: 85ecc4baa7f8f78fee78f6dbf4b0aef72ada1e785da3ef1bae9ca76f432d0bd5
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\platforms\qwindows.dll
executable
MD5: 30655abf47ddc1c27332e1fab171c7e4
SHA256: 03a861c6c1c6a8328fdab21496cfbf757aa1f8067f66e503edcd6e3a9235942f
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\unins000.exe
executable
MD5: dc067699e5b7befa0869e48ce023b50c
SHA256: 7f1e406925fb37208f4b4e248b366b82877989f99daee9e8953f5c060fe33d19
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\WINDOWS\7za.exe
executable
MD5: 42badc1d2f03a8b1e4875740d3d49336
SHA256: c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\Qt5Core.dll
executable
MD5: c1cc73e298723fb3bb2804797c4c2cbe
SHA256: 803004f14202bfa7a0db8963dc440f33df343f9e0429dd51d53472310df4fc48
3520
setup-emtas-lut-1_3_4.exe
C:\Users\admin\AppData\Local\Temp\is-CJ3MA.tmp\setup-emtas-lut-1_3_4.tmp
executable
MD5: af615d2eefde6248f1184bb823d7b9f1
SHA256: 946c256db68f0512315b9145ac1ac5916b145ec52808195ac89e794b1eaa5864
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\Qt5Gui.dll
executable
MD5: d016a0c2f7b5f81dcd292e8f8827fb8a
SHA256: fc81ffbf740a94c58273025126168369706b0107368a3a9f836dfd4e0ccd4b38
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\libstdc++-6.dll
executable
MD5: 63b4f37587334014fda842a04b1baae4
SHA256: 544d488fcfd76749c5ef2cd6bf9f73cc9fe59a86a819d369d710cca6e43cf4b1
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\Qt5Network.dll
executable
MD5: c2266816096c0d2c83ee9498ee05d25b
SHA256: f7c7554385f22d882211e64071998e5a587d8b8e9e82d226a358b6af6cdfb364
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\Qt5Widgets.dll
executable
MD5: 177b34689133bc2165e45e47b755423d
SHA256: 285219f7917e9b0cdb4501e65174639c0663444d0a9d5f18db482fa0f02cab98
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\libEGL.dll
executable
MD5: a50465c870cb4a18e2b327ecaa1036e5
SHA256: 5b2b6be895e36d71c7fbd9468cb6bcadc11208dc686968c902825c2b1493fb0a
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\unins000.dat
dat
MD5: c1755cf08667b0547b467908002830f3
SHA256: a6c304d9be2448381d040f5ba3a4a5eaf2a7e968c255b138853c1403410308d4
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-0EPF6.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\WINDOWS\is-C2T46.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-MNM1B.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\emtas\Uninstall License and Update Tool.lnk
lnk
MD5: a459257a5210f37d5aebafcc4ebacaff
SHA256: f207bd594dc17a842925d02dd7beb9159f5f7482917fd7b2626463c64b4a57da
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-DO1SE.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\platforms\is-TS9BQ.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-LPTFG.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\LICENCE\README_licence.txt
text
MD5: cc5175c0404b8420e12ee74e5d9f1204
SHA256: 36a7b49be690aaeeeab3f39eddaf6f369ac5d6bc73bfe90f1fbe02c6073e23ba
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-C301I.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-7AP81.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\LICENCE\is-PPPPC.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\doc\manual_lut_en.pdf
pdf
MD5: 8e6126f5ce2bd5cf384e03345d359070
SHA256: 9ab448f29fee3ea53bc2b3bf01fbc0c3289cf69bc156734fb8d683399e0583f6
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-1LPUC.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-A3FU3.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\LICENCE\lgpl-2.1.txt
text
MD5: 4fbd65380cdd255951079008b364516c
SHA256: dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-DQA9S.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\LICENCE\is-384LH.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-P9H33.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\doc\is-4FV2Q.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\doc\manual_lut_de.pdf
pdf
MD5: 318a0ccf80dca7b4f29e0ddc985b7a2f
SHA256: 6c1c87ceaa83ef4832d839b0a7fa0da563208c8cdbd180ce5bd45e5af8401586
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-DM5KC.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-BR30M.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\doc\is-PKMVA.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-F39PD.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\emtas\License and Update Tool.lnk
lnk
MD5: 3adf0092d512f6550e8ddc1627b22f82
SHA256: 200b9c7a9a7e527c67b0378df256154a6db39f13abaff193b03b4a1fa89ab891
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-4UP2P.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Program Files\emtas\LicenseAndUpdateTool\is-8SBUM.tmp
––
MD5:  ––
SHA256:  ––
1508
setup-emtas-lut-1_3_4.tmp
C:\Users\Public\Desktop\License and Update Tool.lnk
lnk
MD5: 8e42d0fe17ffe564a0939bd5a78bcce8
SHA256: 6e3d4a99f3a92560563527b3fc74596b379fd59e2d554a813ad5bfe432dcb676

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.