62545b8eb17ddf27d5954ac5f8904814e12c5790d73daf545ef60bd97f4f2e12

Analysis

max time kernel
210s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2023, 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VirtualBox-7.0.10-158379-Win.exe
Size

105.8MB
MD5

8882a55227cccc8a3f7ab69641df19fd
SHA1

5ea28f4fb204e6c50d1306f2e135eb40c8f1fe83
SHA256

62545b8eb17ddf27d5954ac5f8904814e12c5790d73daf545ef60bd97f4f2e12
SHA512

d57a47ebc4ab383efa35b1505426c11207c1ed0d1ad9bd826ec252a6f6aa2bfe0debc379869fbb3cc8cafce17badcfd855d2b85e72d7485643a286ac81278c0c
SSDEEP

3145728:Km59GTfa+aEDsv1Wt+y16flApINSNICSzlKL:L9G4EDsIzoflJNnI

Score

8^/10

persistence

Malware Config

Signatures

Drops file in Drivers directory 12 IoCs

description	ioc	Process
File created	C:\Windows\system32\DRIVERS\SET79DE.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET8AD7.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SET8AD7.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxNetLwf.sys	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET53E7.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SET53E7.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxSup.sys	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET560A.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SET560A.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxUSBMon.sys	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET79DE.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\Z:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\T:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\W:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\L:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\O:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\X:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\M:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\P:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\U:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\I:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\Q:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\G:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\N:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\R:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\Y:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\S:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\V:	VirtualBox-7.0.10-158379-Win.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRVSTORE\VBoxSup_0546760EB02C0C3373103203A7EE1AF83D4C8ED6\VBoxSup.inf	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\SET8383.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_4fb9fb3340e19285\VBoxUSB.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_6d11d06b62e8fa83\VBoxNetLwf.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\VBoxNetAdp6.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_1e5e19be9cdd283b\VBoxNetAdp6.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\SET8384.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\DRVSTORE	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxSup_0546760EB02C0C3373103203A7EE1AF83D4C8ED6\VBoxSup.cat	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\SET57B0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\SET57C2.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\SET74BE.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF	MsiExec.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\netrass.PNF	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\SET74BE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\SET753D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\VBoxNetLwf.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_6d11d06b62e8fa83\VBoxNetLwf.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\SET8385.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF	MsiExec.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\SET57C1.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\VBoxNetAdp6.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\VBoxNetLwf.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\SET8384.tmp	DrvInst.exe
File created	C:\Windows\system32\DRVSTORE\VBoxUSBMon_E4C5F806BFF1977AEF86582E028E9F62CBB550A8\VBoxUSBMon.cat	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\VBoxUSB.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\VBoxUSB.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\SET8383.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\c_netservice.PNF	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxUSBMon_E4C5F806BFF1977AEF86582E028E9F62CBB550A8\VBoxUSBMon.inf	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\SET74FD.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_1e5e19be9cdd283b\VBoxNetAdp6.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxSup_0546760EB02C0C3373103203A7EE1AF83D4C8ED6\VBoxSup.sys	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\SET57C2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\VBoxNetLwf.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_6d11d06b62e8fa83\vboxnetlwf.PNF	MsiExec.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxUSBMon_E4C5F806BFF1977AEF86582E028E9F62CBB550A8\VBoxUSBMon.sys	MsiExec.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_4fb9fb3340e19285\VBoxUSB.PNF	MsiExec.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\SET753D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_4fb9fb3340e19285\VBoxUSB.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\SET57C1.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\SET74FD.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\SET8385.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\SET57B0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\VBoxUSB.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_4fb9fb3340e19285\VBoxUSB.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_1e5e19be9cdd283b\VBoxNetAdp6.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF	MsiExec.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\netnb.PNF	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxSup_0546760EB02C0C3373103203A7EE1AF83D4C8ED6\VBoxSup.inf	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\VBoxNetAdp6.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}	DrvInst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxBugReport.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_cs.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_th.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\License_en_US.rtf	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\x86\VBoxRT-x86.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\lgw_postinstall.sh	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_bg.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\DbgPlugInDiggers.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\vbox-img.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_el.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_th.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_tr.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ol_postinstall.sh	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapi\__init__.py	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxManage.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxRes.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ja.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\platforms\qoffscreen.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_eu.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_fa.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_ko.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\sqldrivers\qsqlite.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxAuth.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxDbg.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxDDR0.r0	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxNetNAT.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_lt.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_sk.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_el.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\rhel4_ks.cfg	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_de.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_es.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_it.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxRT.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\win_postinstall.cmd	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.cat	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxHostChannel.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_da.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VirtualBox.VisualElementsManifest.xml	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_en.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_ca.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_zh_TW.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxAudioTest.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VirtualBox_150px.png	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_nl.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxLibSsh.dll	msiexec.exe

Drops file in Windows directory 42 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e581bc0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3F5B.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File created	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI8D76.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI36CC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI37D7.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3FC9.tmp	msiexec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\Installer\{D989F957-5A0B-4C36-BF71-38BD1A35C2F1}\IconVirtualBox	msiexec.exe
File created	C:\Windows\INF\oem0.PNF	MsiExec.exe
File created	C:\Windows\Installer\e581bc0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI551A.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI43D1.tmp	msiexec.exe
File created	C:\Windows\Installer\e581bc2.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8209.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8249.tmp	msiexec.exe
File created	C:\Windows\INF\oem5.PNF	MsiExec.exe
File created	C:\Windows\INF\oem3.PNF	MsiExec.exe
File opened for modification	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI35A2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5654.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\INF\oem1.PNF	MsiExec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{D989F957-5A0B-4C36-BF71-38BD1A35C2F1}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI447E.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MsiExec.exe
File opened for modification	C:\Windows\Installer\MSI8B72.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI34E6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI39EB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5095.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{D989F957-5A0B-4C36-BF71-38BD1A35C2F1}\IconVirtualBox	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI745C.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File created	C:\Windows\INF\oem2.PNF	MsiExec.exe

Executes dropped EXE 1 IoCs

pid	Process
1924	VirtualBox.exe

Loads dropped DLL 28 IoCs

pid	Process
460	MsiExec.exe
460	MsiExec.exe
460	MsiExec.exe
460	MsiExec.exe
1416	MsiExec.exe
1416	MsiExec.exe
1416	MsiExec.exe
3972	MsiExec.exe
1416	MsiExec.exe
1416	MsiExec.exe
1484	MsiExec.exe
1484	MsiExec.exe
1484	MsiExec.exe
1484	MsiExec.exe
1484	MsiExec.exe
1484	MsiExec.exe
1484	MsiExec.exe
1484	MsiExec.exe
1484	MsiExec.exe
1416	MsiExec.exe
1924	VirtualBox.exe
1924	VirtualBox.exe
1924	VirtualBox.exe
1924	VirtualBox.exe
1924	VirtualBox.exe
1924	VirtualBox.exe
1924	VirtualBox.exe
1924	VirtualBox.exe

Registers COM server for autorun 1 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxC.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ThreadingModel = "Free"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxProxyStub.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxC.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxSDS.exe\""	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxSVC.exe\""	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ThreadingModel = "Free"	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Filters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MsiExec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{E7932CB8-F6D4-4AB6-9CBF-558EB8959A6A}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{EE37AFB5-7002-4786-A5C4-A9C29E1CCE75}\NumMethods	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxC.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE206A6E-7FF8-4A84-BD34-0C651E118BB5}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50CE4B51-0FF7-46B7-A138-3C6E5AC946B4}\ = "IGuestDnDTarget"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{00391758-00B1-4E9D-0000-11FA00F9D583}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{081FC833-C6FA-430E-6020-6A505D086387}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{69BFB134-80F6-4266-8E20-16371F68FA25}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70401EEF-C8E9-466B-9660-45CB3E9979E4}\ = "IExtPackManager"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C39EF4D6-7532-45E8-96DA-EB5986AE76E4}\ = "IVRDEServerInfo"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C19073DD-CC7B-431B-98B2-951FDA8EAB89}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{01ADB2D6-AEDF-461C-BE2C-99E91BDAD8A1}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{86A98347-7619-41AA-AECE-B21AC5C1A7E6}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08E25756-08A2-41AF-A05F-D7C661ABAEBE}\NumMethods\ = "30"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9EA9227C-E9BB-49B3-BFC7-C5171E93EF38}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D37FE88F-0979-486C-BAA1-3ABB144DC82D}\NumMethods\ = "16"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{234F0627-866D-48C2-91A5-4C9D50F04928}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92F21DC0-44DE-1653-B717-2EBF0CA9B664}\NumMethods\ = "39"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2405F0E5-6588-40A3-9B0A-68C05BA52C4B}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{4DA2DEC7-71B2-4817-9A64-4ED12C17388E}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{2A88033D-82DB-4AC2-97B5-E786C839420E}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A88033D-82DB-4AC2-97B5-E786C839420E}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{CF11D345-0241-4EA9-AC4C-C69ED3D674E3}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEDFB5D9-4C1B-EDF7-FDF3-C1BE6827DC28}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{28935887-782B-4C94-8410-CE557B9CFE44}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CFDE1265-3140-4048-A81F-A1E280DFBD75}\ = "IHostAudioDevice"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\ProgID\ = "VirtualBox.VirtualBox.1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAAF9016-1F04-4191-AA2F-1FAC9646AE4C}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\ProgID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{179F8647-319C-4E7E-8150-C5837BD265F6}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD6A1080-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FA43579A-2272-47C4-A443-9713F19A902F}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{11BE93C7-A862-4DC9-8C89-BF4BA74A886A}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{E54F6256-97A7-4947-8A78-10C013DDF4B8}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{C365FB7B-4430-499F-92C8-8BED814A567A}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{181DFB55-394D-44D3-9EDB-AF2C4472C40A}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxSVC.exe\""	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{14C2DB8A-3EE4-11E9-B872-CB9447AAD965}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{4F529A14-ACE3-407C-9C49-066E8E8027F0}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DDEF35E-4737-457B-99FC-BC52C851A44F}\NumMethods\ = "15"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{0B3CDEB2-808E-11E9-B773-133D9330F849}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4B301A9-5F86-4D65-AD1B-87CA284FB1C8}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{11BE93C7-A862-4DC9-8C89-BF4BA74A886A}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{E8C25D4D-AC97-4C16-B3E2-81BD8A57CC27}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{67C50AFE-3E78-11E9-B25E-7768F80C0E07}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B6E1AEE-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods\ = "14"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE206A6E-7FF8-4A84-BD34-0C651E118BB5}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1D89E2B3-C6EA-45B6-9D43-DC6F70CC9F02}\ = "IGuestProcessRegisteredEvent"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0A7F210-B857-4468-BE26-C29F36A84345}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A54D9CCA-F23F-11EA-9755-EFD0F1F792D9}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{024F00CE-6E0B-492A-A8D0-968472A94DC7}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B0A0904D-2F05-4D28-855F-488F96BAD2B2}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B55CF856-1F8B-4692-ABB4-462429FAE5E9}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{0FE2DA40-5637-472A-9736-72019EABD7DE}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D782DBA7-CD4F-4ACE-951A-58321C23E258}\NumMethods\ = "46"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{DDCA7247-BF98-47FB-AB2F-B5177533F493}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B0A0904D-2F05-4D28-855F-488F96BAD2B2}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{67099191-32E7-4F6C-85EE-422304C71B90}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{B0A0904D-2F05-4D28-855F-488F96BAD2B2}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{B14290AD-CD54-400C-B858-797BCB82570E}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF398A9A-6B76-4805-8FAB-00A9DCF4732B}\NumMethods\ = "31"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6DCF6E8-416B-4181-8C4A-45EC95177AEF}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{537707F7-EBF9-4D5C-7AEA-877BFC4256BA}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{C1BCC6D5-7966-481D-AB0B-D0ED73E28135}\NumMethods	msiexec.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	VirtualBox-7.0.10-158379-Win.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	VirtualBox-7.0.10-158379-Win.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	VirtualBox-7.0.10-158379-Win.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	VirtualBox-7.0.10-158379-Win.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c00000001000000040000000008000004000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	VirtualBox-7.0.10-158379-Win.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3076	msiexec.exe
3076	msiexec.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
680	Process not Found
680	Process not Found
680	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeIncreaseQuotaPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSecurityPrivilege	3076	msiexec.exe
Token: SeCreateTokenPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeAssignPrimaryTokenPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeLockMemoryPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeIncreaseQuotaPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeMachineAccountPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeTcbPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSecurityPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeTakeOwnershipPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeLoadDriverPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSystemProfilePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSystemtimePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeProfSingleProcessPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeIncBasePriorityPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeCreatePagefilePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeCreatePermanentPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeBackupPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeRestorePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeShutdownPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeDebugPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeAuditPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSystemEnvironmentPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeChangeNotifyPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeRemoteShutdownPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeUndockPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSyncAgentPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeEnableDelegationPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeManageVolumePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeImpersonatePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeCreateGlobalPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeCreateTokenPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeAssignPrimaryTokenPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeLockMemoryPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeIncreaseQuotaPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeMachineAccountPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeTcbPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSecurityPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeTakeOwnershipPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeLoadDriverPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSystemProfilePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSystemtimePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeProfSingleProcessPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeIncBasePriorityPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeCreatePagefilePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeCreatePermanentPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeBackupPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeRestorePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeShutdownPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeDebugPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeAuditPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSystemEnvironmentPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeChangeNotifyPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeRemoteShutdownPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeUndockPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeSyncAgentPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeEnableDelegationPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeManageVolumePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeImpersonatePrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeCreateGlobalPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeCreateTokenPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeAssignPrimaryTokenPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe
Token: SeLockMemoryPrivilege	4180	VirtualBox-7.0.10-158379-Win.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4180	VirtualBox-7.0.10-158379-Win.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3076 wrote to memory of 460	3076	msiexec.exe	88
PID 3076 wrote to memory of 460	3076	msiexec.exe	88
PID 3076 wrote to memory of 1416	3076	msiexec.exe	92
PID 3076 wrote to memory of 1416	3076	msiexec.exe	92
PID 3076 wrote to memory of 3972	3076	msiexec.exe	93
PID 3076 wrote to memory of 3972	3076	msiexec.exe	93
PID 3076 wrote to memory of 3972	3076	msiexec.exe	93
PID 3076 wrote to memory of 1484	3076	msiexec.exe	94
PID 3076 wrote to memory of 1484	3076	msiexec.exe	94
PID 1780 wrote to memory of 4468	1780	svchost.exe	96
PID 1780 wrote to memory of 4468	1780	svchost.exe	96
PID 3076 wrote to memory of 3328	3076	msiexec.exe	98
PID 3076 wrote to memory of 3328	3076	msiexec.exe	98
PID 3076 wrote to memory of 3328	3076	msiexec.exe	98
PID 1780 wrote to memory of 4268	1780	svchost.exe	99
PID 1780 wrote to memory of 4268	1780	svchost.exe	99
PID 1780 wrote to memory of 4248	1780	svchost.exe	103
PID 1780 wrote to memory of 4248	1780	svchost.exe	103
PID 4180 wrote to memory of 1924	4180	VirtualBox-7.0.10-158379-Win.exe	105
PID 4180 wrote to memory of 1924	4180	VirtualBox-7.0.10-158379-Win.exe	105

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.10-158379-Win.exe
"C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.10-158379-Win.exe"
1⤵
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
  "C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1924

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Registers COM server for autorun
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3076
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 6B50A11145DDA522FB89C03A78A492CA C
  2⤵
  - Loads dropped DLL
  PID:460
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding C5B76912BA47870FE058DB198BE073EA
  2⤵
  - Loads dropped DLL
  PID:1416
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding CB8D2CAEF3355A1763256B9A1713B349
  2⤵
  - Loads dropped DLL
  PID:3972
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding B7E4E0F0AD600246F383566AC8E91282 E Global\MSI0000
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Loads dropped DLL
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1484
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7401855852D635EFB378760CC4620090 M Global\MSI0000
  2⤵
  PID:3328

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4580

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "48f6bcb47" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4468
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000158" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4268
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "0000000000000160" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4248

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39a3855 /state1:0x41c64e6d
1⤵
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e581bc1.rbs

Filesize
2.5MB

MD5
9eced252047d853d0cbd7af1cfaed2d5

SHA1
9449089dd819ae0d6a891bf82498f8e5446b11b2

SHA256
9d4f9e4be1085010a59dba6a3857a0eb5138f085643469e22fbe4d1725bee80e

SHA512
40292436dc6cfcea0262c7cfebb48d57025625c6859610d571e3b1e0acbb5cc8b188e35404e02ecb11eb50c31d50b2c21f5d109e635d2fe133a85b7ce15ce00a

Download Submit
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.cat

Filesize
11KB

MD5
a667a6c98befbd255f723c0c6a445fba

SHA1
fe5d0992cc8e01ee21b6cfb0a7a1db3118077baf

SHA256
16d0088a8aed257b92c6448448ce6a1d804bb88790bebdce1169024493158eb9

SHA512
e8546ebc14fd5b5f30e4f12eb76d8499368168a11cedfce9f0710a1b8b01d4a6d84407ded2d21d086f07d8be118ddf2d5f6d55c6f2b9ac52a337dbd84b13bad8

Download Submit
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.sys

Filesize
183KB

MD5
3eae7d169c309c1239dd26615a6ac14d

SHA1
494ced5955a550ba781a6c104a8e46341da0770e

SHA256
0a4e8741aaf66b3938649b17050a034010977d4375960f5b511dad063ba32551

SHA512
82d00ede69a60b5cd2489b19d046fa944933e9e4d69bfc3be12bb4b79eb8bb3fc695c466e5b88ced4639411203b8087086d0bbe1e94b17356758b8fea1e1b09f

Download Submit
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.cat

Filesize
11KB

MD5
8b9211e4e70453fec1e905b542b4a7e4

SHA1
043fba633def947fa547600d873f2f6ca8807672

SHA256
231ebbe77041aae79178eca71af0cf71269bdb200e75520a8ae40fb864ddeccf

SHA512
1322f6ea9f67b5ec63869ca4eedec931a7a4458985a50e8f87703dd57951e10a9166cb3415ac05d01db42dc8d440e948f3305ba46f352efe6fc76fb8b37958c1

Download Submit
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.sys

Filesize
247KB

MD5
57e0c4a8c0c3c4675377035b1cc0e0e7

SHA1
5195f9f397f94054e5c58654c62cfcfb141c0e25

SHA256
62c6104a81672da45fae9f743bf74a7c2e176c01dd041c8cba5e37af3265a8c9

SHA512
0ed9d4a2e970eb50033b16d06878275919e9b1ca97019138a19aa338460d53158c263b8c89d9434f2708596cb9b2207b7045592b472c710c8d93649192e49726

Download Submit
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netlwf\VBoxNetLwf.cat

Filesize
11KB

MD5
a3033c0b7b42d6c12d5378de2bea2e4e

SHA1
3995c4c91874e0fa53aacff5e4f8aec44b05efcc

SHA256
fa4c6f477f0daa976be5f8a5bce89ba8545868af13888dd6d1abb039f965d6a8

SHA512
780ead0ddf213c17724e7b565209b8cf0a1ea755588a8ac326148572188c020a42ae95e2f5bdc06ed46139f6edb8323ac10da8026db1e90a35227859ed5ebf65

Download Submit
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netlwf\VBoxNetLwf.sys

Filesize
257KB

MD5
6b1c6b93c6fb58487ffbbbb84eb3aaed

SHA1
f2b982540f3e51f8cc1ec03cc611dbe26b1d5551

SHA256
d7f1fd43e76354943b111bdc15d6bf486caa99c2293aee03299becffc62fdc7e

SHA512
e547eace64bfdfdc4f7b51733f15262d47234ebdadd0ce4cbe65a90cd0ffded4d61a57eb8b623ed52429ec04cff5a1338c1dc48a583f5f27fc70f8e976721cf8

Download Submit
C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll

Filesize
889KB

MD5
5a2d5b2821a81704340d70af208095f1

SHA1
b194072b4ff1a1597ed4668a8f70abeca9a6e574

SHA256
583dfe689ebdd50fab9b83216d096ebb7739bbcc3789d0a1abc179cfc8c94d1f

SHA512
aa98f035c94e6579517fc338d9c0a19285d7279dd51db6041985aede2a1758ae1e3c2e8a17f35dd03f9dd8955301e3618901b01d422ed41001b0d1628b4ff5df

Download Submit
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe

Filesize
2.6MB

MD5
94919d1092a9b0c815d7c66e193005f5

SHA1
59e00dec1dae002958ca1da5fcafa55db35e1a69

SHA256
b75bb074c2238412fb37d843c0cf6f78c37006d52c09ada43d6e8c7cc3e43249

SHA512
f29c3111d30a88e4f54f8f3ca738bdf2612e890cc4da78b6a5569f00ac5ed9b49c48c3c4be9cb66a270ab71124351b3c31ab21dd73894c1fd0e4999004575f42

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf

Filesize
2KB

MD5
98ba99dfbcfac07f6e1ab78970aa7cc7

SHA1
8a1ae901c7964a7391c9064fe3e50c9243efa0e5

SHA256
57bdeeaa082ee8c8373f6a982b268277f4b4f9f06ec86768d9c3f5cfe6ae6aa8

SHA512
ea41fc6516c6b04d689c7f152a8ae9d366e1d53c1818ea3ddc7ea20715277378d8d12e33b11005371215b82d1cc256e80aa25fcd95ea48973b179c8b99e10b39

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat

Filesize
11KB

MD5
58291a63bbce234a1642fd684900a20b

SHA1
e4c5f806bff1977aef86582e028e9f62cbb550a8

SHA256
bd221d576ab1a314791a386ea36b8fc3e16c6d5e2bead94febb4196ad47ae9e0

SHA512
bee1be72cf8c5d00b6752b137dacd6cc197b0d78f6f27b8c14219c5e5270e33f25e4d79ea7a6ff2491bdf447b8384180afc59fb8a4433c7a2924d8d5d25da06e

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf

Filesize
3KB

MD5
10e544e0601b6c8e1f0d0784dc3797d0

SHA1
4b8719bc625cbb81398e4b3a93c821ee5503b97b

SHA256
71d12ab69f8b4cbe322b1a2fa17d1a716ca6311cc68d55a73c47c0555922942a

SHA512
42592ffeebbea1448ea0ee8d1ae2e00567418d3a1e504db992ae4d64cd7f50abe2410e0a80594f0f454f1c729bdac66be421f4f0c56ea21bb7db05fb4eb5830b

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys

Filesize
198KB

MD5
4a00a9fbd5b4c4452f728fceef68bf73

SHA1
0a16df3a04c955764ab9cf497a892ab23c27c7d8

SHA256
24aaddf10e369d98f6bf8d4332cb0f7f03cbb6859e2a0d7cbd3035e81aba49c7

SHA512
673056f0448e849f8b54ca4de0a21cbcbcfec497ce654dbcfb214479b4ccde2898a28e4bbe6195de4ec834913241e3eb70fc906e0f4acfe0329dd701c63fb1fb

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf

Filesize
3KB

MD5
ff226ccaba3a6abdc22b3a97f6db268f

SHA1
9c7615faab7ebe75f8cb1643fa3955a71f1e7fd0

SHA256
ac03bdd6415cd1334dd909cf737ab5cfc97dd848535d8ca8110a5c27de19263e

SHA512
410831fb97b4034ad1b0b70af60ac40e543300a81dff16479d6ca979ea498bae985a2a9c08f056d76e25bbc36c6558b54332e587f6b789f26c3bd0b7fa5f06cf

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf

Filesize
4KB

MD5
4b53b007fb829996b66fccca2fd30f9d

SHA1
f7d09dce68a06d8708f7c93e1e455b04d952ab81

SHA256
c939c11907d3ae395196cc43cde360809a64ed0f920121542d83a412bb84626b

SHA512
0ac8b128d773ab441a60e17f109013aade42bdb067b1a6d6969703f9d6fe8ea0750a91f9ce58c993c17f3241b6235d3aec6b8ea63f9b4fd0c818fc14d7cbaa27

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.cat

Filesize
11KB

MD5
d6b90c2efa68bcc69c87c799d5a38b1f

SHA1
0546760eb02c0c3373103203a7ee1af83d4c8ed6

SHA256
a72e1f931451bddd1bdbce87319468c1dffdac70d1e83c46497f9e789cf327be

SHA512
fceea1a5e06c51c0c1312062c8ccb00cb00516c811a9c2c9061a8613201ddc37f3693a53c1532ba123d08bb881825c5bdf0a3717beba26622f3499ff59589ae8

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf

Filesize
3KB

MD5
38cacfc90f52d8e2010d8bfb84723dda

SHA1
915be30fa730de58cf4867bc2b30e8e13c5359ae

SHA256
0c8ec6d0bfd88263524487b66f3aa9c5b42653c06d9869f33116b1851b9742f1

SHA512
f884bb40befedb5476f2fee186e939c9676e10931a9dc1d2cb248ee409352655d451d16aef9697a3a21402fa6a7f88e326447c6c328db3b2a907398fb3c40183

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.sys

Filesize
1.0MB

MD5
f63c50f95365ed23bd9f07d54c032a55

SHA1
4a46dbe61439a27a07955fba5478ce1918dca45a

SHA256
19bc33016a0f71ba8694c083c0471adb6334018234b248d4858973cc7fab795e

SHA512
3b8a487750242d49418778779bb03a23aca597da8dbdd895dfed8258472f9112e9293920ddcecc19d14499187ce209b9c102a7daa260fa2845fd07f77d0d5c66

Download Submit
C:\Program Files\Oracle\VirtualBox\x86\VBoxProxyStub-x86.dll

Filesize
663KB

MD5
ef03e1b4ae4245ce2c70fd35c27a8d93

SHA1
25612e84df9bf667e0d304ccb25f514d384a170c

SHA256
1ba93088e1e8408d92f7f04717af2f937b53b58e2110a0f36e656f9065a1dc37

SHA512
a6507ca4b62c64ac2afd8379379b2a343dfa039bd4908c12c52f540eb835a6552a85c5a9d35181376dd0cfc1897485b921792f6d0166bdd97649089c2050ed1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
471B

MD5
aa020a14f25918f659a1e1dbd11f967b

SHA1
a2af300003d92bb0be06d4337975760b857920c5

SHA256
e476e56f2b45501c6e18e0b31553d0cb2ef36a223268d6310a9c70d9abffc705

SHA512
0c58f2fa9dad6663bce240e4533069a5c8c8d846de262b7f954c3ae4b19344d8029bc350327b88ad3bc66b05fbcb024bb91211c866527b3a2bf5e33c79e3a527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B

Filesize
471B

MD5
a96361555dfd85bf3066ed0fdafb8e63

SHA1
727fb62cc7900068491b6ffbed5dcfa5ce4a3cdb

SHA256
ae0289b2da2de8dbcbed9ed4728c1ab40c926fc1a49634e8c8c274f0395b3718

SHA512
05bedfef261e6bdb79affa8cacc295638f1ef0553648e702960f685708ae206bbd0ed0750cf4ca898530a410d5916f27f06c066825ed74c960ada05e90afe4d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
404B

MD5
f00feb797a16b43343b0adc9e374c826

SHA1
297d89161705ebc3e12868fe2a855c9a852ff4b5

SHA256
1c0ff5dc376a70a10137b7f05b7d13e1fb2ec313c5e5e26406bdc3a3d971a610

SHA512
fd2fac5bfcf3f79d1016051030e4a40b42b01ada7db273c75e038136015009d48c670cfb9808bff7297ed1b03444cb557fd0f6198795a39a7bfac735298357f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B

Filesize
404B

MD5
8255b0ab4c8260427971c09fe9324017

SHA1
f493f685c6656ee57024309bd50613ba3587cde3

SHA256
647267ff2c8bd1ea3dfdf7d201b684186fe09c97ec18ee252b615332aeae9983

SHA512
5d7e4969ac44eca04ade4acd0071a6e765e5b1648b173bf57e3e921695341cf3f9014107a4352bd490b9872da5db8c32a7ff976c7897952b0899cb06a63f9049

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICAC2.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICAC2.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICD05.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICD05.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICD45.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICD45.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICD45.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICDB3.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICDB3.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\g1ytcpb3rdke15v5s7bjey8r\p7shk1n7bkw8pr1h7jwofpsr.msi

Filesize
105.2MB

MD5
e33ca3622e761ce1f7b44a1ece2d0fed

SHA1
14e2cc29750c2b9d1e01fef43789e850bd51de91

SHA256
bf4a80ae3e732d8dc5df123cdb07695906f3577851815b2c908efb795f7140c2

SHA512
252aba577b57cb9799ce69f4ae8e814d34fb7e43c4a81861b7be316fc8a8c3e68a7cd2cc65f6cae31f2124cfc739100b7414368cb42973eee8c9149ec9c43755

Download Submit
C:\Users\Admin\AppData\Local\Temp\g1ytcpb3rdke15v5s7bjey8r\p7shk1n7bkw8pr1h7jwofpsr.msi

Filesize
105.2MB

MD5
e33ca3622e761ce1f7b44a1ece2d0fed

SHA1
14e2cc29750c2b9d1e01fef43789e850bd51de91

SHA256
bf4a80ae3e732d8dc5df123cdb07695906f3577851815b2c908efb795f7140c2

SHA512
252aba577b57cb9799ce69f4ae8e814d34fb7e43c4a81861b7be316fc8a8c3e68a7cd2cc65f6cae31f2124cfc739100b7414368cb42973eee8c9149ec9c43755

Download Submit
C:\Windows\INF\oem3.inf

Filesize
2KB

MD5
98ba99dfbcfac07f6e1ab78970aa7cc7

SHA1
8a1ae901c7964a7391c9064fe3e50c9243efa0e5

SHA256
57bdeeaa082ee8c8373f6a982b268277f4b4f9f06ec86768d9c3f5cfe6ae6aa8

SHA512
ea41fc6516c6b04d689c7f152a8ae9d366e1d53c1818ea3ddc7ea20715277378d8d12e33b11005371215b82d1cc256e80aa25fcd95ea48973b179c8b99e10b39

Download Submit
C:\Windows\Installer\MSI34E6.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI34E6.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI35A2.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI35A2.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI36CC.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI36CC.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI37D7.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI37D7.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI39EB.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI39EB.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI3FC9.tmp

Filesize
149KB

MD5
418322f7be2b68e88a93a048ac75a757

SHA1
09739792ff1c30f73dacafbe503630615922b561

SHA256
ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b

SHA512
253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef

Download Submit
C:\Windows\Installer\MSI3FC9.tmp

Filesize
149KB

MD5
418322f7be2b68e88a93a048ac75a757

SHA1
09739792ff1c30f73dacafbe503630615922b561

SHA256
ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b

SHA512
253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef

Download Submit
C:\Windows\Installer\MSI43D1.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI43D1.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI447E.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI447E.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI5095.tmp

Filesize
690KB

MD5
8deb7d2f91c7392925718b3ba0aade22

SHA1
fc8e9b10c83e16eb0af1b6f10128f5c37b389682

SHA256
cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4

SHA512
37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

Download Submit
C:\Windows\Installer\MSI5095.tmp

Filesize
690KB

MD5
8deb7d2f91c7392925718b3ba0aade22

SHA1
fc8e9b10c83e16eb0af1b6f10128f5c37b389682

SHA256
cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4

SHA512
37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

Download Submit
C:\Windows\Installer\MSI551A.tmp

Filesize
690KB

MD5
8deb7d2f91c7392925718b3ba0aade22

SHA1
fc8e9b10c83e16eb0af1b6f10128f5c37b389682

SHA256
cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4

SHA512
37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

Download Submit
C:\Windows\Installer\MSI551A.tmp

Filesize
690KB

MD5
8deb7d2f91c7392925718b3ba0aade22

SHA1
fc8e9b10c83e16eb0af1b6f10128f5c37b389682

SHA256
cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4

SHA512
37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

Download Submit
C:\Windows\Installer\MSI5654.tmp

Filesize
690KB

MD5
8deb7d2f91c7392925718b3ba0aade22

SHA1
fc8e9b10c83e16eb0af1b6f10128f5c37b389682

SHA256
cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4

SHA512
37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

Download Submit
C:\Windows\Installer\MSI5654.tmp

Filesize
690KB

MD5
8deb7d2f91c7392925718b3ba0aade22

SHA1
fc8e9b10c83e16eb0af1b6f10128f5c37b389682

SHA256
cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4

SHA512
37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

Download Submit
C:\Windows\Installer\MSI5654.tmp

Filesize
690KB

MD5
8deb7d2f91c7392925718b3ba0aade22

SHA1
fc8e9b10c83e16eb0af1b6f10128f5c37b389682

SHA256
cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4

SHA512
37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

Download Submit
C:\Windows\Installer\MSI745C.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI745C.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI8209.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI8209.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI8249.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\Installer\MSI8249.tmp

Filesize
296KB

MD5
373d5e78cfb20ea43c9cce4d7d255472

SHA1
22a286f7e3aa5a43fbfdbab3e9a887f3317f9dca

SHA256
ccaa9a1740d375cd14869dba8e985884dad34f9597ff916f39a9ff896ad338d5

SHA512
7793f0da6cb12f12d7ec0029921d15dfa9592dee0ac9f069fb6c7cf8eb3b13d6240f11394fde029eae1f41860f74f338b6fa35301d269f2114b267ddff2cc33a

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
148KB

MD5
d685ffe6bceb6d0ed4cf030972a81f73

SHA1
7c43d60a9e58785f63a0a8ef032266d648860ea5

SHA256
6b9cb91a552e91867a407042acb1bcc65c323b2e8c8a34bd0066b4a1e72e342c

SHA512
3e0e7dda68ba7fd043196a970f1848e2c9a52fc2f7bcb549c55056f8c0de98a0eab52107ef6e4c322106370b0c6a4c86b31a9e7e2d48f71ef924c856e78a511f

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
148KB

MD5
060a04cc0aa590bd2ba680567dfa64e4

SHA1
13dca54ab44882f45f26d90c6b791c7d2c2c2346

SHA256
349027cf735012f2988b7c32d8efce16c7bae55aef383311a9360c1beab4cdf6

SHA512
3abe5070d22157d25c91e551821dcffea536a9ca967145c4bd241d2112aeba031f103506d7dfd21c5971317f7b7931bdf2cdb39847b43cebfccd80189ca25e18

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
149KB

MD5
49a52165ec44f887f49f4e81a513fec5

SHA1
211dc7fd2ead64b22cc433aac021234a77a7fa6c

SHA256
01cfce04a322866945a4a5d148dae73b6dee67b3275726d963bc90e0839b1cb0

SHA512
c434f1dac41e1028a455a37c3d26549e8ca0439a99c7e8543846109d85e0515742e3e264946ad6b82df2514d2e5ea2d7b65db10af74140b60963e9c51c620982

Download Submit
C:\Windows\System32\DRVSTORE\VBoxSup_0546760EB02C0C3373103203A7EE1AF83D4C8ED6\VBoxSup.sys

Filesize
1.0MB

MD5
f63c50f95365ed23bd9f07d54c032a55

SHA1
4a46dbe61439a27a07955fba5478ce1918dca45a

SHA256
19bc33016a0f71ba8694c083c0471adb6334018234b248d4858973cc7fab795e

SHA512
3b8a487750242d49418778779bb03a23aca597da8dbdd895dfed8258472f9112e9293920ddcecc19d14499187ce209b9c102a7daa260fa2845fd07f77d0d5c66

Download Submit
C:\Windows\System32\DRVSTORE\VBoxUSBMon_E4C5F806BFF1977AEF86582E028E9F62CBB550A8\VBoxUSBMon.sys

Filesize
198KB

MD5
4a00a9fbd5b4c4452f728fceef68bf73

SHA1
0a16df3a04c955764ab9cf497a892ab23c27c7d8

SHA256
24aaddf10e369d98f6bf8d4332cb0f7f03cbb6859e2a0d7cbd3035e81aba49c7

SHA512
673056f0448e849f8b54ca4de0a21cbcbcfec497ce654dbcfb214479b4ccde2898a28e4bbe6195de4ec834913241e3eb70fc906e0f4acfe0329dd701c63fb1fb

Download Submit
C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_4fb9fb3340e19285\VBoxUSB.cat

Filesize
11KB

MD5
a667a6c98befbd255f723c0c6a445fba

SHA1
fe5d0992cc8e01ee21b6cfb0a7a1db3118077baf

SHA256
16d0088a8aed257b92c6448448ce6a1d804bb88790bebdce1169024493158eb9

SHA512
e8546ebc14fd5b5f30e4f12eb76d8499368168a11cedfce9f0710a1b8b01d4a6d84407ded2d21d086f07d8be118ddf2d5f6d55c6f2b9ac52a337dbd84b13bad8

Download Submit
C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_4fb9fb3340e19285\VBoxUSB.inf

Filesize
2KB

MD5
98ba99dfbcfac07f6e1ab78970aa7cc7

SHA1
8a1ae901c7964a7391c9064fe3e50c9243efa0e5

SHA256
57bdeeaa082ee8c8373f6a982b268277f4b4f9f06ec86768d9c3f5cfe6ae6aa8

SHA512
ea41fc6516c6b04d689c7f152a8ae9d366e1d53c1818ea3ddc7ea20715277378d8d12e33b11005371215b82d1cc256e80aa25fcd95ea48973b179c8b99e10b39

Download Submit
C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\VBoxUSB.cat

Filesize
11KB

MD5
a667a6c98befbd255f723c0c6a445fba

SHA1
fe5d0992cc8e01ee21b6cfb0a7a1db3118077baf

SHA256
16d0088a8aed257b92c6448448ce6a1d804bb88790bebdce1169024493158eb9

SHA512
e8546ebc14fd5b5f30e4f12eb76d8499368168a11cedfce9f0710a1b8b01d4a6d84407ded2d21d086f07d8be118ddf2d5f6d55c6f2b9ac52a337dbd84b13bad8

Download Submit
C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\VBoxUSB.inf

Filesize
2KB

MD5
98ba99dfbcfac07f6e1ab78970aa7cc7

SHA1
8a1ae901c7964a7391c9064fe3e50c9243efa0e5

SHA256
57bdeeaa082ee8c8373f6a982b268277f4b4f9f06ec86768d9c3f5cfe6ae6aa8

SHA512
ea41fc6516c6b04d689c7f152a8ae9d366e1d53c1818ea3ddc7ea20715277378d8d12e33b11005371215b82d1cc256e80aa25fcd95ea48973b179c8b99e10b39

Download Submit
C:\Windows\System32\DriverStore\Temp\{813bd405-1900-2b46-80c1-e79064671f18}\VBoxUSB.sys

Filesize
183KB

MD5
3eae7d169c309c1239dd26615a6ac14d

SHA1
494ced5955a550ba781a6c104a8e46341da0770e

SHA256
0a4e8741aaf66b3938649b17050a034010977d4375960f5b511dad063ba32551

SHA512
82d00ede69a60b5cd2489b19d046fa944933e9e4d69bfc3be12bb4b79eb8bb3fc695c466e5b88ced4639411203b8087086d0bbe1e94b17356758b8fea1e1b09f

Download Submit
C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\VBoxNetAdp6.cat

Filesize
11KB

MD5
8b9211e4e70453fec1e905b542b4a7e4

SHA1
043fba633def947fa547600d873f2f6ca8807672

SHA256
231ebbe77041aae79178eca71af0cf71269bdb200e75520a8ae40fb864ddeccf

SHA512
1322f6ea9f67b5ec63869ca4eedec931a7a4458985a50e8f87703dd57951e10a9166cb3415ac05d01db42dc8d440e948f3305ba46f352efe6fc76fb8b37958c1

Download Submit
C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\VBoxNetAdp6.inf

Filesize
3KB

MD5
ff226ccaba3a6abdc22b3a97f6db268f

SHA1
9c7615faab7ebe75f8cb1643fa3955a71f1e7fd0

SHA256
ac03bdd6415cd1334dd909cf737ab5cfc97dd848535d8ca8110a5c27de19263e

SHA512
410831fb97b4034ad1b0b70af60ac40e543300a81dff16479d6ca979ea498bae985a2a9c08f056d76e25bbc36c6558b54332e587f6b789f26c3bd0b7fa5f06cf

Download Submit
C:\Windows\System32\DriverStore\Temp\{9af6bc21-dde9-df4c-9fa6-e59ae9cf8c96}\VBoxNetAdp6.sys

Filesize
247KB

MD5
57e0c4a8c0c3c4675377035b1cc0e0e7

SHA1
5195f9f397f94054e5c58654c62cfcfb141c0e25

SHA256
62c6104a81672da45fae9f743bf74a7c2e176c01dd041c8cba5e37af3265a8c9

SHA512
0ed9d4a2e970eb50033b16d06878275919e9b1ca97019138a19aa338460d53158c263b8c89d9434f2708596cb9b2207b7045592b472c710c8d93649192e49726

Download Submit
C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\VBoxNetLwf.cat

Filesize
11KB

MD5
a3033c0b7b42d6c12d5378de2bea2e4e

SHA1
3995c4c91874e0fa53aacff5e4f8aec44b05efcc

SHA256
fa4c6f477f0daa976be5f8a5bce89ba8545868af13888dd6d1abb039f965d6a8

SHA512
780ead0ddf213c17724e7b565209b8cf0a1ea755588a8ac326148572188c020a42ae95e2f5bdc06ed46139f6edb8323ac10da8026db1e90a35227859ed5ebf65

Download Submit
C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\VBoxNetLwf.inf

Filesize
4KB

MD5
4b53b007fb829996b66fccca2fd30f9d

SHA1
f7d09dce68a06d8708f7c93e1e455b04d952ab81

SHA256
c939c11907d3ae395196cc43cde360809a64ed0f920121542d83a412bb84626b

SHA512
0ac8b128d773ab441a60e17f109013aade42bdb067b1a6d6969703f9d6fe8ea0750a91f9ce58c993c17f3241b6235d3aec6b8ea63f9b4fd0c818fc14d7cbaa27

Download Submit
C:\Windows\System32\DriverStore\Temp\{d967c338-db3b-ec49-ab98-db39fb77accf}\VBoxNetLwf.sys

Filesize
257KB

MD5
6b1c6b93c6fb58487ffbbbb84eb3aaed

SHA1
f2b982540f3e51f8cc1ec03cc611dbe26b1d5551

SHA256
d7f1fd43e76354943b111bdc15d6bf486caa99c2293aee03299becffc62fdc7e

SHA512
e547eace64bfdfdc4f7b51733f15262d47234ebdadd0ce4cbe65a90cd0ffded4d61a57eb8b623ed52429ec04cff5a1338c1dc48a583f5f27fc70f8e976721cf8

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
149KB

MD5
49a52165ec44f887f49f4e81a513fec5

SHA1
211dc7fd2ead64b22cc433aac021234a77a7fa6c

SHA256
01cfce04a322866945a4a5d148dae73b6dee67b3275726d963bc90e0839b1cb0

SHA512
c434f1dac41e1028a455a37c3d26549e8ca0439a99c7e8543846109d85e0515742e3e264946ad6b82df2514d2e5ea2d7b65db10af74140b60963e9c51c620982

Download Submit
memory/1924-534-0x00007FF685DF0000-0x00007FF686074000-memory.dmp

Filesize
2.5MB

Download
memory/1924-533-0x00007FFE69310000-0x00007FFE69851000-memory.dmp

Filesize
5.3MB

Download
memory/1924-535-0x00007FFE69860000-0x00007FFE6B43A000-memory.dmp

Filesize
27.9MB

Download
memory/1924-536-0x000002209B5F0000-0x000002209B600000-memory.dmp

Filesize
64KB

Download