Analysis Overview
SHA256
316e21b3e68b522fc33f29723770f031ca472f39c6b192f3e4534b5198652372
Threat Level: Known bad
The file Antidetect Patreon Premium Edition 2022.exe was found to be: Known bad.
Malicious Activity Summary
RevengeRAT
RevengeRat Executable
Drops file in Drivers directory
Loads dropped DLL
Registers COM server for autorun
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: LoadsDriver
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-04 12:43
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-04 12:43
Reported
2023-09-04 12:45
Platform
win7-20230831-en
Max time kernel
67s
Max time network
75s
Command Line
Signatures
RevengeRAT
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Intel Security Corporation = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Explorer = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\explorer.exe" | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe | N/A |
Enumerates connected drives
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022.exe
"C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe
"C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | capeturk.com | udp |
| SG | 45.76.189.18:80 | capeturk.com | tcp |
| SG | 45.76.189.18:80 | capeturk.com | tcp |
| US | 8.8.8.8:53 | aaaaaaaaaaaaabbbbbbbbbbbbbb.blogspot.com | udp |
| NL | 142.251.36.33:443 | aaaaaaaaaaaaabbbbbbbbbbbbbb.blogspot.com | tcp |
| NL | 142.251.36.33:443 | aaaaaaaaaaaaabbbbbbbbbbbbbb.blogspot.com | tcp |
| US | 8.8.8.8:53 | blog.capeturk.com | udp |
| VN | 103.190.107.26:1111 | blog.capeturk.com | tcp |
| VN | 103.190.107.26:1111 | blog.capeturk.com | tcp |
Files
memory/2224-0-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2224-1-0x0000000000970000-0x00000000009F0000-memory.dmp
memory/2224-2-0x0000000000D20000-0x0000000006168000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | ada0cbc54989b2cd2959601c7a5b8499 |
| SHA1 | 9c8739d476016fe0a87b176bb95f3a5bcbeff0de |
| SHA256 | a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96 |
| SHA512 | f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e |
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | ada0cbc54989b2cd2959601c7a5b8499 |
| SHA1 | 9c8739d476016fe0a87b176bb95f3a5bcbeff0de |
| SHA256 | a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96 |
| SHA512 | f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e |
memory/2364-10-0x0000000000F90000-0x0000000000FFE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | ada0cbc54989b2cd2959601c7a5b8499 |
| SHA1 | 9c8739d476016fe0a87b176bb95f3a5bcbeff0de |
| SHA256 | a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96 |
| SHA512 | f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e |
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | ada0cbc54989b2cd2959601c7a5b8499 |
| SHA1 | 9c8739d476016fe0a87b176bb95f3a5bcbeff0de |
| SHA256 | a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96 |
| SHA512 | f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e |
memory/2364-12-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2364-13-0x0000000000AE0000-0x0000000000B60000-memory.dmp
memory/2364-14-0x0000000000A90000-0x0000000000AB8000-memory.dmp
memory/2364-16-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2604-17-0x0000000000B50000-0x0000000000BD0000-memory.dmp
memory/2604-18-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2604-19-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2364-20-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
| MD5 | 1303779b354738a8c93cc522ffb21f11 |
| SHA1 | ce29a26e1363ddfdc830e2934fed935f15032187 |
| SHA256 | 0a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5 |
| SHA512 | b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
| MD5 | 1303779b354738a8c93cc522ffb21f11 |
| SHA1 | ce29a26e1363ddfdc830e2934fed935f15032187 |
| SHA256 | 0a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5 |
| SHA512 | b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d |
memory/2528-31-0x0000000000F90000-0x0000000000FDE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
| MD5 | 1303779b354738a8c93cc522ffb21f11 |
| SHA1 | ce29a26e1363ddfdc830e2934fed935f15032187 |
| SHA256 | 0a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5 |
| SHA512 | b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d |
memory/2528-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2604-32-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2528-34-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2528-35-0x0000000000AD0000-0x0000000000B50000-memory.dmp
memory/2528-36-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2224-37-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2224-38-0x0000000000970000-0x00000000009F0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
| MD5 | 8e3d99e6a1064f89744ccb24dc6802bb |
| SHA1 | 1b6c31ab4236538c8423c19575c1e19a031b3876 |
| SHA256 | d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8 |
| SHA512 | f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
| MD5 | 8e3d99e6a1064f89744ccb24dc6802bb |
| SHA1 | 1b6c31ab4236538c8423c19575c1e19a031b3876 |
| SHA256 | d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8 |
| SHA512 | f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
| MD5 | 8e3d99e6a1064f89744ccb24dc6802bb |
| SHA1 | 1b6c31ab4236538c8423c19575c1e19a031b3876 |
| SHA256 | d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8 |
| SHA512 | f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134 |
memory/3028-49-0x0000000000840000-0x0000000000858000-memory.dmp
memory/3028-50-0x00000000007A0000-0x00000000007A8000-memory.dmp
memory/3028-51-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/3028-52-0x00000000003B0000-0x0000000000430000-memory.dmp
memory/3028-53-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2528-57-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/2528-58-0x0000000000AD0000-0x0000000000B50000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe
| MD5 | fc409978e611a143502044848f8d470f |
| SHA1 | dae419b77c277fe1fba610c2da94586dcef16701 |
| SHA256 | bb7c477ce05a95f3079fd90327c734fd120e1895437792c388d943dc26a20f70 |
| SHA512 | e49f7e9f7ba9de786ce52bba768c4ed38c8ef4c3ded3babadbdbe85635d349c46b61fcca3fe46a29b25c21efdda295279bcf6df42ffd9d019197bc669e263442 |
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe
| MD5 | fc409978e611a143502044848f8d470f |
| SHA1 | dae419b77c277fe1fba610c2da94586dcef16701 |
| SHA256 | bb7c477ce05a95f3079fd90327c734fd120e1895437792c388d943dc26a20f70 |
| SHA512 | e49f7e9f7ba9de786ce52bba768c4ed38c8ef4c3ded3babadbdbe85635d349c46b61fcca3fe46a29b25c21efdda295279bcf6df42ffd9d019197bc669e263442 |
memory/2224-64-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/3028-65-0x0000000002130000-0x000000000213C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VirtualBox\VirtualBox-6.1.28-r147628.msi
| MD5 | 577825097157487c7afd2c591ee413bb |
| SHA1 | 6b4c3f8b88edb5925b05338fd1e9b1f3e5c665db |
| SHA256 | 3ccd35abf2dcfff22ad6d3ffda5cf79f3fdc4fac4244caf6ac4bde72f05b402d |
| SHA512 | 5d2f72b490e06bc0f69cdf0528fe43332b7420f92f21f573c9fe890b00b6ae002ef21566e1ba1be27ee61aa2e85535102c8b12661e4f101143e62a7c4a5748e8 |
C:\Users\Admin\AppData\Local\Temp\CabC90.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarE77.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
memory/2528-140-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/3028-141-0x000007FEF54A0000-0x000007FEF5E3D000-memory.dmp
memory/3028-142-0x00000000003B0000-0x0000000000430000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-04 12:43
Reported
2023-09-04 12:46
Platform
win10v2004-20230831-en
Max time kernel
148s
Max time network
155s
Command Line
Signatures
RevengeRAT
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\SET4656.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET5AAA.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetLwf.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETF5C5.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETF930.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETF930.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETF5C5.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxDrv.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET4656.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET5AAA.tmp | C:\Windows\System32\MsiExec.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe | N/A |
| N/A | N/A | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Vektor T13\VirtualBox\VBoxSVC.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ = "C:\\Program Files\\Vektor T13\\VirtualBox\\VBoxProxyStub.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32 | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ = "C:\\Program Files\\Vektor T13\\VirtualBox\\VBoxC.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32\ = "\"C:\\Program Files\\Vektor T13\\VirtualBox\\VBoxSDS.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32 | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32\ = "\"C:\\Program Files\\Vektor T13\\VirtualBox\\VBoxSVC.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ = "C:\\Program Files\\Vektor T13\\VirtualBox\\VBoxC.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Intel Security Corporation = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Intel Security Corporation = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Explorer = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\explorer.exe" | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_e9194d6fe801980a\VBoxNetAdp6.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\c_netservice.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\netrass.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_a1623fc1066c21c4\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\SET429D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_a1623fc1066c21c4\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\SET429D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949}\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_52cd6779cf12d0c8\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\SET42BD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\SETFB26.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949}\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_a1623fc1066c21c4\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE\VBoxDrv_256ADCB0C73AC91BD2ED7B3C97C603E386E609E4\VBoxDrv.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4E4DFAD311D140B5C1E14C2EC604833042CE3C58\VBoxUSBMon.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ndiscap.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\SET42ED.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_a1623fc1066c21c4\VBoxUSB.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\SET42BD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\VBoxNetAdp6.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\SET42ED.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_52cd6779cf12d0c8\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_52cd6779cf12d0c8\vboxnetlwf.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\SETFB14.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949}\SET53B5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxDrv_256ADCB0C73AC91BD2ED7B3C97C603E386E609E4\VBoxDrv.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\SETFB14.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949}\SET53C5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db | C:\Windows\system32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\VBoxNetAdp6.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_e9194d6fe801980a\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\SETFB25.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\SETFB25.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949}\SET53A4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949}\SET53B5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxDrv_256ADCB0C73AC91BD2ED7B3C97C603E386E609E4\VBoxDrv.cat | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db | C:\Windows\system32\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxNetNAT.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_th.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\UnattendedTemplates\ol_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_da.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_ko.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\platforms\qwindows.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\sdk\install\vboxapi\VirtualBox_constants.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VMMR0.r0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_es.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_pl.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxDTrace.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\drivers\USB\device\VBoxUSB.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_cs.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_it.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_hr_HR.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_ja.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_zh_TW.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\UnattendedTemplates\rhel4_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxAuthSimple.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\drivers\USB\device\VBoxUSB.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_el.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_en.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\UnattendedTemplates\win_postinstall.cmd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxBugReport.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxDbg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_lt.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxHostChannel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxSDL.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxVMM.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_bg.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxAutostartSvc.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxCAPI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxDD.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxSharedFolders.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_ca.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_zh_CN.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_el.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\UnattendedTemplates\fedora_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxBalloonCtrl.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\x86\VBoxRT-x86.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_ca.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\Qt5WinExtras.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\drivers\vboxdrv\VBoxDrv.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxSupLib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\UnattendedTemplates\debian_preseed.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\Qt5Gui.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\drivers\vboxdrv\VBoxDrv.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\platforms\qminimal.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\UICommon.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\UnattendedTemplates\redhat_postinstall.sh | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_hu.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\x86\VBoxClient-x86.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\SDL.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_da.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_id.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\drivers\USB\device\VBoxUSB.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_de.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxSVC.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\sdk\install\vboxapisetup.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\VBoxNetDHCP.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\VirtualBox_ko.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_fa.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vektor T13\VirtualBox\nls\qt_ru.qm | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIF81B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF9A2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\{650FF4A9-7502-4AFB-8ACA-57414EC42BD1}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5169.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem5.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE9C1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI414B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5BCB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE26C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI51E7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem3.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{650FF4A9-7502-4AFB-8ACA-57414EC42BD1} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE367.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem2.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58dbd4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF3E4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem0.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\INF\oem1.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\e58dbd4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{650FF4A9-7502-4AFB-8ACA-57414EC42BD1}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58dbd6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5DB1.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000520669ec286f84810000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000520669ec0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900520669ec000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d520669ec000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000520669ec00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1E775EA3-9070-4F9C-B0D5-53054496DBE0}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C354A762-3FF2-4F2E-8F09-07382EE25088}\NumMethods\ = "14" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\progId_VirtualBox.Shell.ovf\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4EE3CBCB-486F-40DB-9150-DEEE3FD24189}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08E25756-08A2-41AF-A05F-D7C661ABAEBE}\ = "IVRDEServer" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD6A1080-E1B7-4339-A549-F0878115596E}\TypeLib | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{b55cf856-1f8b-4692-abb4-462429fae5e9} | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{35CF4B3F-4453-4F3E-C9B8-5686939C80B6}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{455F8C45-44A0-A470-BA20-27890B96DBA9}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{35CF4B3F-4453-4F3E-C9B8-5686939C80B6}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D095CB0-0126-43E0-B05D-326E74ABB356}\NumMethods\ = "28" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9A4FF0562057BFA4A8AC7514E44CB21D\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{d05c91e2-3e8a-11e9-8082-db8ae479ef87} | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{179F8647-319C-4E7E-8150-C5837BD265F6}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1D89E2B3-C6EA-45B6-9D43-DC6F70CC9F02}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CAC21692-7997-4595-A731-3A509DB604E5}\ = "IClipboardModeChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C40C2B86-73A5-46CC-8227-93FE57D006A6}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DA61B-6679-422A-B629-51B06B0C6D93}\TypeLib | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{081FC833-C6FA-430E-6020-6A505D086387} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8FAEF61E-6E15-4F71-A6A5-94E707FAFBCC}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9622225A-5409-414B-BD16-77DF7BA3451E}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F05D7E60-1BCF-4218-9807-04E036CC70F1}\ = "IProgressPercentageChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{01510F40-C196-4D26-B8DB-4C8C389F1F82}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01ADB2D6-AEDF-461C-BE2C-99E91BDAD8A1}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000_Classes\CLSID | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C19073DD-CC7B-431B-98B2-951FDA8EAB89}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB6F0F2C-8384-11E9-921D-8B984E28A686}\NumMethods\ = "37" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\VersionIndependentProgID | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BB335CC-1C58-440C-BB7B-3A1397284C7B}\NumMethods\ = "14" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{BC68370C-8A02-45F3-A07D-A67AA72756AA}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D70F7915-DA7C-44C8-A7AC-9F173490446A}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DDCA7247-BF98-47FB-AB2F-B5177533F493}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{806DA61B-6679-422A-B629-51B06B0C6D93} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{431685DA-3618-4EBC-B038-833BA829B4B2}\ProxyStubClsid32 | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{89A63ACE-0C65-11EA-AD23-0FF257C71A7F}\ProxyStubClsid32 | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{2514881B-23D0-430A-A7FF-7ED7F05534BC}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{CAC21692-7997-4595-A731-3A509DB604E5}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DC83C2C-81A9-4005-9D52-FC45A78BF3F5}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D095CB0-0126-43E0-B05D-326E74ABB356}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{91F33D6F-E621-4F70-A77E-15F0E3C714D5}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AD47AD09-787B-44AB-B343-A082A3F2DFB1}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE8A0EB5-F4F4-4DD0-9D30-C89B873247EC}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\progId_VirtualBox.Shell.vdi\DefaultIcon\ = "\"C:\\Program Files\\Vektor T13\\VirtualBox\\VBoxRes.dll\",-303" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6620DB85-44E0-CA69-E9E0-D4907CECCBE5}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{24EEF068-C380-4510-BC7C-19314A7352F1}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{81314D14-FD1C-411A-95C5-E9BB1414E632}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{97C78FCD-D4FC-485F-8613-5AF88BFCFCDC} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D05C91E2-3E8A-11E9-8082-DB8AE479EF87}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32\ = "\"C:\\Program Files\\Vektor T13\\VirtualBox\\VBoxSVC.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{1E8D3F27-B45C-48AE-8B36-D35E83D207AA} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{3890B2C8-604D-11E9-92D3-53CB473DB9FB}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{92F21DC0-44DE-1653-B717-2EBF0CA9B664} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\progId_VirtualBox.Shell.ovf\ = "Open Virtualization Format" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59A235AC-2F1A-4D6C-81FC-E3FA843F49AE}\TypeLib | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{11BE93C7-A862-4DC9-8C89-BF4BA74A886A}\ = "IMediumFormat" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{93BADC0C-61D9-4940-A084-E6BB29AF3D83}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{890ed3dc-cc19-43fa-8ebf-baecb6b9ec87} | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{89A63ACE-0C65-11EA-AD23-0FF257C71A7F}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{2405F0E5-6588-40A3-9B0A-68C05BA52C4B}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59A235AC-2F1A-4D6C-81FC-E3FA843F49AE}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{9EA9227C-E9BB-49B3-BFC7-C5171E93EF38}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9709DB9B-3346-49D6-8F1C-41B0C4784FF2}\NumMethods | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B31C4052-7BDC-11E9-8BC2-8FFDB8B19219}\ProxyStubClsid32 | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41A033B8-CC87-4F6E-A0E9-47BB7F2D4BE5}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022.exe
"C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe
"C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 845AE8FB33007546A017AF743BC0A214
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 048399A32A6C7690B7A3C218724F786C E Global\MSI0000
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Vektor T13\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "44c03ccb3" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Vektor T13\VirtualBox\drivers\USB\device"
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{56ebb0bf-f7d3-604d-9cd2-94ce2d197eaa} Global\{ad33cbad-e106-cc4f-a07b-b37a72d341b2} C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.inf C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.cat
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 05EE6663CED6F6CCDAC5FD63B0A0045E M Global\MSI0000
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "414293377" "0000000000000168" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netadp6"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "442d4ec77" "000000000000015C" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netlwf"
C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe
"C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe"
C:\Program Files\Vektor T13\VirtualBox\VBoxSVC.exe
"C:\Program Files\Vektor T13\VirtualBox\VBoxSVC.exe" -Embedding
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39ab055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | capeturk.com | udp |
| SG | 45.76.189.18:80 | capeturk.com | tcp |
| SG | 45.76.189.18:80 | capeturk.com | tcp |
| SG | 45.76.189.18:80 | capeturk.com | tcp |
| US | 8.8.8.8:53 | aaaaaaaaaaaaabbbbbbbbbbbbbb.blogspot.com | udp |
| NL | 142.251.36.33:443 | aaaaaaaaaaaaabbbbbbbbbbbbbb.blogspot.com | tcp |
| US | 8.8.8.8:53 | 18.189.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.36.251.142.in-addr.arpa | udp |
| NL | 142.251.36.33:443 | aaaaaaaaaaaaabbbbbbbbbbbbbb.blogspot.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blog.capeturk.com | udp |
| VN | 103.190.107.26:1111 | blog.capeturk.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| VN | 103.190.107.26:1111 | blog.capeturk.com | tcp |
| US | 8.8.8.8:53 | 224.104.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| VN | 103.190.107.26:1111 | blog.capeturk.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 3.4.5.7.8.2.d.d.d.f.8.2.c.8.5.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa | udp |
| N/A | 255.255.255.255:67 | udp | |
| VN | 103.190.107.26:1111 | blog.capeturk.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
memory/3164-0-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/3164-1-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/3164-2-0x00000000066D0000-0x00000000066E0000-memory.dmp
memory/3164-3-0x00000000008B0000-0x0000000005CF8000-memory.dmp
memory/3164-4-0x0000000020D30000-0x0000000020DD6000-memory.dmp
memory/3164-5-0x00000000212B0000-0x000000002177E000-memory.dmp
memory/3164-6-0x0000000021820000-0x00000000218BC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | ada0cbc54989b2cd2959601c7a5b8499 |
| SHA1 | 9c8739d476016fe0a87b176bb95f3a5bcbeff0de |
| SHA256 | a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96 |
| SHA512 | f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e |
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | ada0cbc54989b2cd2959601c7a5b8499 |
| SHA1 | 9c8739d476016fe0a87b176bb95f3a5bcbeff0de |
| SHA256 | a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96 |
| SHA512 | f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e |
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | ada0cbc54989b2cd2959601c7a5b8499 |
| SHA1 | 9c8739d476016fe0a87b176bb95f3a5bcbeff0de |
| SHA256 | a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96 |
| SHA512 | f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e |
memory/4344-18-0x0000000000F20000-0x0000000000F8E000-memory.dmp
memory/4344-19-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/4344-20-0x0000000001960000-0x0000000001970000-memory.dmp
memory/4344-22-0x000000001BEC0000-0x000000001BEE8000-memory.dmp
memory/4344-21-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | ada0cbc54989b2cd2959601c7a5b8499 |
| SHA1 | 9c8739d476016fe0a87b176bb95f3a5bcbeff0de |
| SHA256 | a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96 |
| SHA512 | f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e |
memory/1108-27-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/1108-29-0x00000000016B0000-0x00000000016C0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
| MD5 | 1303779b354738a8c93cc522ffb21f11 |
| SHA1 | ce29a26e1363ddfdc830e2934fed935f15032187 |
| SHA256 | 0a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5 |
| SHA512 | b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d |
memory/1108-35-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe
| MD5 | fc409978e611a143502044848f8d470f |
| SHA1 | dae419b77c277fe1fba610c2da94586dcef16701 |
| SHA256 | bb7c477ce05a95f3079fd90327c734fd120e1895437792c388d943dc26a20f70 |
| SHA512 | e49f7e9f7ba9de786ce52bba768c4ed38c8ef4c3ded3babadbdbe85635d349c46b61fcca3fe46a29b25c21efdda295279bcf6df42ffd9d019197bc669e263442 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
| MD5 | 1303779b354738a8c93cc522ffb21f11 |
| SHA1 | ce29a26e1363ddfdc830e2934fed935f15032187 |
| SHA256 | 0a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5 |
| SHA512 | b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d |
memory/3164-48-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/2620-49-0x0000000000BC0000-0x0000000000C0E000-memory.dmp
memory/2620-50-0x000000001BD60000-0x000000001BD68000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
| MD5 | 1303779b354738a8c93cc522ffb21f11 |
| SHA1 | ce29a26e1363ddfdc830e2934fed935f15032187 |
| SHA256 | 0a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5 |
| SHA512 | b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d |
memory/4352-56-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/1108-55-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/4344-54-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/2620-53-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Setup.exe.log
| MD5 | 70f08e6585ed9994d97a4c71472fccd8 |
| SHA1 | 3f44494d4747c87fb8b94bb153c3a3d717f9fd63 |
| SHA256 | 87fbf339c47e259826080aa2dcbdf371ea47a50eec88222c6e64a92906cb37fa |
| SHA512 | d381aec2ea869f3b2d06497e934c7fe993df6deac719370bd74310a29e8e48b6497559922d2cb44ace97c4bd7ad00eae8fe92a31081f2119de3ddbb5988af388 |
memory/2620-57-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/4352-58-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe
| MD5 | fc409978e611a143502044848f8d470f |
| SHA1 | dae419b77c277fe1fba610c2da94586dcef16701 |
| SHA256 | bb7c477ce05a95f3079fd90327c734fd120e1895437792c388d943dc26a20f70 |
| SHA512 | e49f7e9f7ba9de786ce52bba768c4ed38c8ef4c3ded3babadbdbe85635d349c46b61fcca3fe46a29b25c21efdda295279bcf6df42ffd9d019197bc669e263442 |
C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition 2022 .exe
| MD5 | fc409978e611a143502044848f8d470f |
| SHA1 | dae419b77c277fe1fba610c2da94586dcef16701 |
| SHA256 | bb7c477ce05a95f3079fd90327c734fd120e1895437792c388d943dc26a20f70 |
| SHA512 | e49f7e9f7ba9de786ce52bba768c4ed38c8ef4c3ded3babadbdbe85635d349c46b61fcca3fe46a29b25c21efdda295279bcf6df42ffd9d019197bc669e263442 |
memory/3164-64-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VirtualBox\VirtualBox-6.1.28-r147628.msi
| MD5 | 577825097157487c7afd2c591ee413bb |
| SHA1 | 6b4c3f8b88edb5925b05338fd1e9b1f3e5c665db |
| SHA256 | 3ccd35abf2dcfff22ad6d3ffda5cf79f3fdc4fac4244caf6ac4bde72f05b402d |
| SHA512 | 5d2f72b490e06bc0f69cdf0528fe43332b7420f92f21f573c9fe890b00b6ae002ef21566e1ba1be27ee61aa2e85535102c8b12661e4f101143e62a7c4a5748e8 |
memory/2620-74-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
| MD5 | 8e3d99e6a1064f89744ccb24dc6802bb |
| SHA1 | 1b6c31ab4236538c8423c19575c1e19a031b3876 |
| SHA256 | d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8 |
| SHA512 | f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
| MD5 | 8e3d99e6a1064f89744ccb24dc6802bb |
| SHA1 | 1b6c31ab4236538c8423c19575c1e19a031b3876 |
| SHA256 | d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8 |
| SHA512 | f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
| MD5 | 8e3d99e6a1064f89744ccb24dc6802bb |
| SHA1 | 1b6c31ab4236538c8423c19575c1e19a031b3876 |
| SHA256 | d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8 |
| SHA512 | f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134 |
memory/1904-92-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/1904-94-0x0000000000DA0000-0x0000000000DB8000-memory.dmp
memory/1904-95-0x00000000016D0000-0x00000000016D8000-memory.dmp
memory/1904-93-0x0000000001700000-0x0000000001710000-memory.dmp
memory/1904-97-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/1904-98-0x000000001BCA0000-0x000000001BCAC000-memory.dmp
memory/1904-102-0x000000001D890000-0x000000001D8F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\svchost.exe.log
| MD5 | 2f142977932b7837fa1cc70278e53361 |
| SHA1 | 0a3212d221079671bfdeee176ad841e6f15904fc |
| SHA256 | 961ca2c0e803a7201adb3b656ed3abafc259d6d376e8ade66f0afff10a564820 |
| SHA512 | a25e45e41933902bcc0ea38b4daa64e96cbcd8900b446e1326cffb8c91eb1886b1e90686190bdba30d7014490001a732f91f2869bb9987c0213a8d798c7b3421 |
memory/4352-120-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/1904-121-0x00007FFC42880000-0x00007FFC43221000-memory.dmp
memory/1904-122-0x0000000001700000-0x0000000001710000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VirtualBox\VirtualBox-6.1.28-r147628.msi
| MD5 | 577825097157487c7afd2c591ee413bb |
| SHA1 | 6b4c3f8b88edb5925b05338fd1e9b1f3e5c665db |
| SHA256 | 3ccd35abf2dcfff22ad6d3ffda5cf79f3fdc4fac4244caf6ac4bde72f05b402d |
| SHA512 | 5d2f72b490e06bc0f69cdf0528fe43332b7420f92f21f573c9fe890b00b6ae002ef21566e1ba1be27ee61aa2e85535102c8b12661e4f101143e62a7c4a5748e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_72694C6727E2E7C86AB39E0B21D2306A
| MD5 | 259b65bc8c235312437d2ffc604721fc |
| SHA1 | 7fd304131e49972410e214a40859509923be2326 |
| SHA256 | 99000a65f341375fb5ec68540ed091ce873f7924d46cba252e93e415ca50c183 |
| SHA512 | f3129d54e6acf1edc9cc9a93c962fe5fcc48db72b50ceaf4ee2a7e48ea37f9973f061bd27e72cee8029b84a1c9b066579cd3e01a7082d4ee7f84908b3a189df4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_72694C6727E2E7C86AB39E0B21D2306A
| MD5 | febbec29d168d9a2865f6debd9364936 |
| SHA1 | 40ecd053469fcf82c19d19b05ecfd2592806eb9f |
| SHA256 | afd572632b3df1b46d93e6ed183237207cc284fa807c9fe86b0ecb09f412a847 |
| SHA512 | 42205bba18e90c5eb11a9d7cad088003daf42b00f3ed4b8818ee0d29f98f67e71022c5732c5b55ffc32b104c27fa681911cdb5134a8edfa027003f7375de6ba5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
| MD5 | 088405ee532b866febb7d355770a5b9b |
| SHA1 | ea4c95cbfea8928e941f9d4a2781d5bf88323e6a |
| SHA256 | 34541aade2fdc72195b5810b0c6cfc84ed0fe7ac8365521cf88e2627bd073aba |
| SHA512 | 9328097721928bc8e30d9034eceed09ab366122313593076346ce8dae145625510fc5f2877b0d3c81d228a3f660900588b11895d9d5fbe1ad9370fd5d05f387b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
| MD5 | dfa9010cf1980e4a68cc89e9eaab895e |
| SHA1 | b57ab47345beb161d4e81fdf72133b45ed3b8863 |
| SHA256 | 97546c684b77c8e0fa996e160740fbf251620b2fc4a7f3033dc1817d381064e0 |
| SHA512 | ea7a6dcf76b19edb0ad577de89efe42973d45d0c3395aea184956f39faf1acb413dae747c3e6e455ac9db1d7746f82c5802d27f43253905f316451ed42ea9161 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C
| MD5 | 4ee47adfaaa7d60aeaf49d3ea01c7b82 |
| SHA1 | b69c838e71dde3e84426815b7d3e29f315e2f67a |
| SHA256 | 879749391ef3479ebe3a88492b42ebdb565bca17de526049b4e02fae84b41bc9 |
| SHA512 | 0042f195d7bad948cd73772563f6023cd3fdd7b62d1b849988ce0ec55d000d4d35c08da444533f728f8250c9ba882c2e9cf6b61f6f891dab2038225090c29f49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C
| MD5 | 410a7217946514d8f1b656052006bed1 |
| SHA1 | f6d542a533f23aaf563a5e55528d7a4fbdda16ab |
| SHA256 | 1ca1b2afe753ed9eb544ac01ae7e40a1ea0c36d6e7c06a6cb6cf44075c653001 |
| SHA512 | 32d9f882296febe16f85008b0552bc8f37e20f4ec6983a53e11a2838a5530e5445759ff967a3183f1390520d9f11fd25ad50f12bb4593e8c0c398fc38c5aca72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
| MD5 | dcc4206ffd9093e1a350f79fa919666c |
| SHA1 | 0502a8bd400e92c5b96c5aeb3a2061600feefd2f |
| SHA256 | fc895a406c613a70898726966d79cbc7bff0c2d57309a182ba7f452363fbb51b |
| SHA512 | aa5406b192c95bc4ba0b2bd1231528ce171894aea0a9351d62ebe7246dcbe5b8f911bce842f2c046cbeb636f21e01bbd1314ad817c17e3b0c91f2347ed004296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
| MD5 | 53692790dee7f0b9286980ed137bb373 |
| SHA1 | 2fee4c8607152362aef28409f628c03bf2ef979f |
| SHA256 | d9bc2c1dd0d7d9c6159c9e280918c2a0aed4f6d0f409489e7b82d340e24d5d6c |
| SHA512 | ac53c117ae5e8160276315c0251f736aa94c22187d5554be5bae905164fd5b6af18e0e8da6675d9283ad7cf8c69b6d136acaa6c9ddf15ba8f2b06891405e7b2a |
C:\Windows\Installer\MSIE367.tmp
| MD5 | 418322f7be2b68e88a93a048ac75a757 |
| SHA1 | 09739792ff1c30f73dacafbe503630615922b561 |
| SHA256 | ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b |
| SHA512 | 253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef |
C:\Windows\Installer\MSIE367.tmp
| MD5 | 418322f7be2b68e88a93a048ac75a757 |
| SHA1 | 09739792ff1c30f73dacafbe503630615922b561 |
| SHA256 | ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b |
| SHA512 | 253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef |
C:\Windows\Installer\MSIE9C1.tmp
| MD5 | f97b9cde9f9de44a9de69363eb66dce5 |
| SHA1 | 846fb6f0ef3c704d97779034ac48464fd1bdb881 |
| SHA256 | e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9 |
| SHA512 | 5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1 |
C:\Windows\Installer\MSIE9C1.tmp
| MD5 | f97b9cde9f9de44a9de69363eb66dce5 |
| SHA1 | 846fb6f0ef3c704d97779034ac48464fd1bdb881 |
| SHA256 | e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9 |
| SHA512 | 5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1 |
C:\Windows\Installer\MSIF3E4.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Windows\Installer\MSIF3E4.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Program Files\Vektor T13\VirtualBox\drivers\vboxdrv\VBoxDrv.inf
| MD5 | 2bb7330b6796d8018f50723b4300bce1 |
| SHA1 | a268682f991c3ef8fed568e7213c146846819f18 |
| SHA256 | a74ed746efd1b0713c0ec23171bc4311853936ff41dcd024e63ebf65bf5893ad |
| SHA512 | eed5a7ceb88fdbb4c9fa942d52d568e1a63214130f8525cccf6de3b0a3bac45e954ea1d6d6e184fc4cef51d2765fae548161b56b465be37d176d5d7129289a65 |
C:\Program Files\Vektor T13\VirtualBox\drivers\vboxdrv\VBoxDrv.cat
| MD5 | da6c40b2b2962b8b9eb21ef56b7b3dcf |
| SHA1 | 256adcb0c73ac91bd2ed7b3c97c603e386e609e4 |
| SHA256 | afe786fb69e3dba876abb3c49979a08b42270abbe7c37274955c013de3ef3670 |
| SHA512 | 084dff20aa145a12832020448172bffa2d3d4589e36d692e323bb0f6fce2eedb9eb87fbd28d21f16cfdfa93ee005c1311cac3917302235db29533b1d9dc14753 |
C:\Program Files\Vektor T13\VirtualBox\drivers\vboxdrv\VBoxDrv.sys
| MD5 | 53b6d078510da6f9da9de35fc286f6df |
| SHA1 | 26dbabf8a40d2203e745f6ea66b888794a23973c |
| SHA256 | bf083aba584e5cb31a26c4d7ae2bbf0f4dff3ae0d0f9bd8922203b463f59021b |
| SHA512 | 4420be234eade61663e8bedc5f62878df5fa1764058f2ab0a0195f96ebfb228b450a58cdce2baaab8cf5694b7b059032d9fd440946b102569acb73878c657c2e |
C:\Windows\System32\DRVSTORE\VBoxDrv_256ADCB0C73AC91BD2ED7B3C97C603E386E609E4\VBoxDrv.sys
| MD5 | 53b6d078510da6f9da9de35fc286f6df |
| SHA1 | 26dbabf8a40d2203e745f6ea66b888794a23973c |
| SHA256 | bf083aba584e5cb31a26c4d7ae2bbf0f4dff3ae0d0f9bd8922203b463f59021b |
| SHA512 | 4420be234eade61663e8bedc5f62878df5fa1764058f2ab0a0195f96ebfb228b450a58cdce2baaab8cf5694b7b059032d9fd440946b102569acb73878c657c2e |
C:\Windows\Installer\MSIF81B.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Windows\Installer\MSIF81B.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Program Files\Vektor T13\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf
| MD5 | ac4abd3f90352559932287fb97d527d1 |
| SHA1 | 276d8a42b659eafc5fed20406c17eed77c68530a |
| SHA256 | f66796576e7307da709aec482724b4af17c5ea59fd016df042819be9d7e6df9b |
| SHA512 | 08940c1667debfa7039b91a09bd31ea5b6efc7f3002b8606e2d37f7d3700dcc10dccf2d681b70271bd95528875a7113530babc340240ce4b7f76f80a22cc2d83 |
C:\Program Files\Vektor T13\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat
| MD5 | 2efae31236f042ce07eb23fcb562c630 |
| SHA1 | 4e4dfad311d140b5c1e14c2ec604833042ce3c58 |
| SHA256 | 7326823e899a8e0a59f9d64d6164cc60267ea37a9c20842d85b60d91dcd1c0a6 |
| SHA512 | 1f7dfe83528b4230e555001ca8add6b5aabb6be99ffd2168861a008fbdacc33f21c5dba86fc992dede14bd7ffd5be765810d07f794e7f195e04dec5f88a43db5 |
C:\Program Files\Vektor T13\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys
| MD5 | 18f19e03735dc5a7e6476b36140232e6 |
| SHA1 | ef1d3f764784499443088f6f32d3770c753c9036 |
| SHA256 | f1b7ae6c62345d73069dc7b96f4a0ddb7303647863d58485a8627ba69f189ee6 |
| SHA512 | 6a10d971c19e6c7b9709a632b84cf3bf9284f976e8f1bcfbcc7d98ab5cd9ccdb748ccaee3d420f2dddcf8f41b56c437ff422ea126068cf49831462b478ee60a8 |
C:\Windows\System32\DRVSTORE\VBoxUSBMon_4E4DFAD311D140B5C1E14C2EC604833042CE3C58\VBoxUSBMon.sys
| MD5 | 18f19e03735dc5a7e6476b36140232e6 |
| SHA1 | ef1d3f764784499443088f6f32d3770c753c9036 |
| SHA256 | f1b7ae6c62345d73069dc7b96f4a0ddb7303647863d58485a8627ba69f189ee6 |
| SHA512 | 6a10d971c19e6c7b9709a632b84cf3bf9284f976e8f1bcfbcc7d98ab5cd9ccdb748ccaee3d420f2dddcf8f41b56c437ff422ea126068cf49831462b478ee60a8 |
C:\Windows\Installer\MSIF9A2.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Windows\Installer\MSIF9A2.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Windows\Installer\MSIF9A2.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Program Files\Vektor T13\VirtualBox\drivers\USB\device\VBoxUSB.inf
| MD5 | 65346b5991286bb6bbe4038768f7e245 |
| SHA1 | d1a1f5cc3c1b9afacd4b9d65adcc58b2948a6f7f |
| SHA256 | 5b9f9965e3b7a42f52a36df2b035523106863247010e122dab253e3107b70ce7 |
| SHA512 | ed435b1c509361f4e6f9eef47f3a8ad980cbc8aaa84f27c9cb6b125a33d20034f0cc60a8a5679bc4bbcef2ef8f5bbea447b35d2c2d3047fab028db4b379af634 |
C:\PROGRA~1\VEKTOR~1\VIRTUA~1\drivers\USB\device\VBoxUSB.cat
| MD5 | 8e879e3b069a863ea28cd8ccb102c3b8 |
| SHA1 | 385ee7ec19e2698e0d30f15182889b3e536c5e4d |
| SHA256 | 10d8016a168c3c1fc756d716b02b400616d026a2a5b4cb143cd7a5f809b55516 |
| SHA512 | 99d7de7b95adb3509bae7a38c3625a7a9fee5e85112f5238c438c580d1118fa7d73dd42d73443dafe4e06e1989edc1c510a62d7e8db5ee13ff1d8ae21b45754a |
C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.inf
| MD5 | 65346b5991286bb6bbe4038768f7e245 |
| SHA1 | d1a1f5cc3c1b9afacd4b9d65adcc58b2948a6f7f |
| SHA256 | 5b9f9965e3b7a42f52a36df2b035523106863247010e122dab253e3107b70ce7 |
| SHA512 | ed435b1c509361f4e6f9eef47f3a8ad980cbc8aaa84f27c9cb6b125a33d20034f0cc60a8a5679bc4bbcef2ef8f5bbea447b35d2c2d3047fab028db4b379af634 |
C:\PROGRA~1\VEKTOR~1\VIRTUA~1\drivers\USB\device\VBoxUSB.sys
| MD5 | 066955d033308d27c08ddd9605ccfe7a |
| SHA1 | 1ee93f373c7ef8e17540ed56fcf2ce1541db5997 |
| SHA256 | a0fc2ddcb775de51f992a5a49a9447b2722323948e576f84a8ba7d3ce06c31fe |
| SHA512 | 822e488046c93b816c53c905d748e9864006bf6d7c169f68698cbaf35d580ddad65f1bf915648b73f8a2571e836a6c7c97bb0bd1a5f8864194219191341e0837 |
C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.cat
| MD5 | 8e879e3b069a863ea28cd8ccb102c3b8 |
| SHA1 | 385ee7ec19e2698e0d30f15182889b3e536c5e4d |
| SHA256 | 10d8016a168c3c1fc756d716b02b400616d026a2a5b4cb143cd7a5f809b55516 |
| SHA512 | 99d7de7b95adb3509bae7a38c3625a7a9fee5e85112f5238c438c580d1118fa7d73dd42d73443dafe4e06e1989edc1c510a62d7e8db5ee13ff1d8ae21b45754a |
C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.sys
| MD5 | 066955d033308d27c08ddd9605ccfe7a |
| SHA1 | 1ee93f373c7ef8e17540ed56fcf2ce1541db5997 |
| SHA256 | a0fc2ddcb775de51f992a5a49a9447b2722323948e576f84a8ba7d3ce06c31fe |
| SHA512 | 822e488046c93b816c53c905d748e9864006bf6d7c169f68698cbaf35d580ddad65f1bf915648b73f8a2571e836a6c7c97bb0bd1a5f8864194219191341e0837 |
C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.inf
| MD5 | 65346b5991286bb6bbe4038768f7e245 |
| SHA1 | d1a1f5cc3c1b9afacd4b9d65adcc58b2948a6f7f |
| SHA256 | 5b9f9965e3b7a42f52a36df2b035523106863247010e122dab253e3107b70ce7 |
| SHA512 | ed435b1c509361f4e6f9eef47f3a8ad980cbc8aaa84f27c9cb6b125a33d20034f0cc60a8a5679bc4bbcef2ef8f5bbea447b35d2c2d3047fab028db4b379af634 |
C:\Windows\System32\DriverStore\Temp\{8b2ec6c2-2531-1641-9164-2e5f288deae2}\VBoxUSB.cat
| MD5 | 8e879e3b069a863ea28cd8ccb102c3b8 |
| SHA1 | 385ee7ec19e2698e0d30f15182889b3e536c5e4d |
| SHA256 | 10d8016a168c3c1fc756d716b02b400616d026a2a5b4cb143cd7a5f809b55516 |
| SHA512 | 99d7de7b95adb3509bae7a38c3625a7a9fee5e85112f5238c438c580d1118fa7d73dd42d73443dafe4e06e1989edc1c510a62d7e8db5ee13ff1d8ae21b45754a |
\??\Volume{ec690652-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{0b082f8b-d63f-42cf-920c-faaa28891d4c}_OnDiskSnapshotProp
| MD5 | 8610ae9c041d5f5ca90f7c37a0b3b2b3 |
| SHA1 | 74c5bfc1c65a0722a6b277ecff01bdcc0227a510 |
| SHA256 | b5bca8c1aa01140a7385eaab64e347ae56f0f15dd15725ea58b9d6790f5cc618 |
| SHA512 | b2af9b87426c86bd289acccfa0340ae81cf5c284e74a941fde2364823e49592c1bb3ad3b9d72d3ac27db3988fa24ad04b613e7ef10fe00d481b55a3fba30b840 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 69e80de5ca6e11eb595d5b7e3c776b36 |
| SHA1 | 5c79a54ef203779afa844752f1bf632e444a4ad8 |
| SHA256 | a3155c099a9fb3f5974f0d58aef29a14e57a5a3aefcf7eeb175bee7a82a9002e |
| SHA512 | 728f2b867c5ab34b42198c067c1fdb9fc6abce927960782c5ab42244d0c82f67d35e6426ed8c1aff14db3eadfcbe52508d611c0f3357a602798764e0f205139b |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 379de51ea59b127610fea3dec1967eeb |
| SHA1 | 6b07f29f288402ecaeedf96970de74d75ce2aac5 |
| SHA256 | 43ad95ea088224781793afe9b2dfd53171fd7097841d5e37c685b429a5399237 |
| SHA512 | 0d577e4b9d3dfb880498bf40b85e516ad3bcc578d8c10ee74417f2f867c6a04e36aa421338c60784610bb2fbafc8fa9029f37f76f4af9efd83874625d98cd2b3 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 1d948ec1c8e96eec445eb89152f1733a |
| SHA1 | c83f91e4938986ed154a49b289bf982d21bb6a45 |
| SHA256 | 2898e84e5f99d1a9e4383b29a5ec2dae58f3091fbfd6116c44752797afb8e90d |
| SHA512 | 42730d44fc33815be7d9a6c577d037339d1ea75044422e2c12bfd14663f51c00ff323fd28cc4c779f0e215b1ecaec7c4aea46b9db4443053498b817629a0f145 |
C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe
| MD5 | 2f14a2853900e97f4943242b1b407c86 |
| SHA1 | 675ca10eea2eaac50674012fb0f9e4b2649faf2d |
| SHA256 | 97c8a5a19486d8a8735ab787b4a4c587a4ae6909e1f992b10ac91cb2c09b1741 |
| SHA512 | 0498a503060908714bb61ea4931be28a0211ad64481220f6dec4024b7b49be5d33e8496d9906ddbdd8b251d6ddd31a8ab15c435632adb3a86012cc29991e6160 |
C:\Program Files\Vektor T13\VirtualBox\VBoxProxyStub.dll
| MD5 | b2c2f48bd25fe77420b5363860fcd904 |
| SHA1 | 42c5a4ee090f304e506472531e3b71acc91bcf2e |
| SHA256 | f1bb391a09870493a26066b531fb2d1969a9503037ebf6ba87a58e3268ea2ec6 |
| SHA512 | b6c6c78ccceddaa39b2ee957dea931d1597d54ce3b8e29e6d051de7d54044ea5ff9dce5056de04fa7cecdc39c0c25c96b1b232894d3f270d5daca924207c0d98 |
C:\Program Files\Vektor T13\VirtualBox\x86\VBoxProxyStub-x86.dll
| MD5 | d48799db5ba631002258b5972b332e00 |
| SHA1 | df6a04162e148eafa2e17442ae9c0a3b0ebc650d |
| SHA256 | 3b78e45616ba825a508dec60d05f7909bc15a5d1f5029e4d04ca0d603f02f0fa |
| SHA512 | 45a5b1710e2cee64e1b87b82fcbe8e8109cb580396a65dd53a8bca934ae2d525d967507f4807febf277b8aa8c50af1bcb0f00a8cbd0d40ef70bf6bb8b7649e70 |
C:\Windows\Installer\MSI414B.tmp
| MD5 | f97b9cde9f9de44a9de69363eb66dce5 |
| SHA1 | 846fb6f0ef3c704d97779034ac48464fd1bdb881 |
| SHA256 | e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9 |
| SHA512 | 5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1 |
C:\Windows\Installer\MSI414B.tmp
| MD5 | f97b9cde9f9de44a9de69363eb66dce5 |
| SHA1 | 846fb6f0ef3c704d97779034ac48464fd1bdb881 |
| SHA256 | e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9 |
| SHA512 | 5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1 |
C:\Program Files\Vektor T13\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf
| MD5 | b12511df122f31364b87b071a62901e1 |
| SHA1 | 9b81fe3af4c64748abff3964080e691ec25f02dc |
| SHA256 | 1e3de2fe2bb1069091850d5307b0c869d7d802cf1ffb824e3f82057294a3f395 |
| SHA512 | 2aad66c44e8eda6797c1ab4143303ae3090ee9dac60633547ac9aeef60982a1f5df91e4ee7cabcb2d5dc63f029979f65225a1792c41c2bfaa31d5cde7fc273f0 |
C:\PROGRA~1\VEKTOR~1\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.sys
| MD5 | c6f08995f2d2c18caf8e91db9b1e2249 |
| SHA1 | e03dad0181f930e320206f733306a4e9ca3fef8a |
| SHA256 | da3b498352c645db952878ba25975e9689d92840d7f77e6476a0463fe6f4d87d |
| SHA512 | a7c3d7c7f5dafd81f9737db5dfce03e52bf5fc9cd1e863f883dff86d0f90e9d66b726ea774f7ee15b073676fbbc8746167086f3721202085445259f925ec31c0 |
C:\PROGRA~1\VEKTOR~1\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.cat
| MD5 | 76db37d9887f6424687a2cea966678ce |
| SHA1 | 3ad513cc7694a1811a3c86db74c27e0fdde56a5d |
| SHA256 | 0edc02470245df9811ff1cf69aa47ce0b3e70cb0beac2349f54176fa08f992c6 |
| SHA512 | 1b269a569f16b9296a9660d4655478bddc659a39bf3a5fb51b9011e4f6bcd6382e1023f7ee2b3d8c63e814e68e062af47eb5d26f404038cba3b79775e4272313 |
C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\VBoxNetAdp6.inf
| MD5 | b12511df122f31364b87b071a62901e1 |
| SHA1 | 9b81fe3af4c64748abff3964080e691ec25f02dc |
| SHA256 | 1e3de2fe2bb1069091850d5307b0c869d7d802cf1ffb824e3f82057294a3f395 |
| SHA512 | 2aad66c44e8eda6797c1ab4143303ae3090ee9dac60633547ac9aeef60982a1f5df91e4ee7cabcb2d5dc63f029979f65225a1792c41c2bfaa31d5cde7fc273f0 |
C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\VBoxNetAdp6.cat
| MD5 | 76db37d9887f6424687a2cea966678ce |
| SHA1 | 3ad513cc7694a1811a3c86db74c27e0fdde56a5d |
| SHA256 | 0edc02470245df9811ff1cf69aa47ce0b3e70cb0beac2349f54176fa08f992c6 |
| SHA512 | 1b269a569f16b9296a9660d4655478bddc659a39bf3a5fb51b9011e4f6bcd6382e1023f7ee2b3d8c63e814e68e062af47eb5d26f404038cba3b79775e4272313 |
C:\Windows\System32\DriverStore\Temp\{a0db408f-a228-314f-8329-9df243684966}\VBoxNetAdp6.sys
| MD5 | c6f08995f2d2c18caf8e91db9b1e2249 |
| SHA1 | e03dad0181f930e320206f733306a4e9ca3fef8a |
| SHA256 | da3b498352c645db952878ba25975e9689d92840d7f77e6476a0463fe6f4d87d |
| SHA512 | a7c3d7c7f5dafd81f9737db5dfce03e52bf5fc9cd1e863f883dff86d0f90e9d66b726ea774f7ee15b073676fbbc8746167086f3721202085445259f925ec31c0 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 8c1652635ab45a9e0a0fcef4cdee9d66 |
| SHA1 | de998f95ce1a7051dd2adf664e87b86841287943 |
| SHA256 | 54b7d4f1fefc7d72977c0700cb8667e145ce10550f195e6948d45f64c7a41f56 |
| SHA512 | 331ef6076ee0798be7eefe57d3e1708e34490ea1910769b63a60d5a69cf38d9c2be14c50a9d1bb006fd663fb3af2e8dcb9f42658ed774443c769253a94bfc410 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 8c1652635ab45a9e0a0fcef4cdee9d66 |
| SHA1 | de998f95ce1a7051dd2adf664e87b86841287943 |
| SHA256 | 54b7d4f1fefc7d72977c0700cb8667e145ce10550f195e6948d45f64c7a41f56 |
| SHA512 | 331ef6076ee0798be7eefe57d3e1708e34490ea1910769b63a60d5a69cf38d9c2be14c50a9d1bb006fd663fb3af2e8dcb9f42658ed774443c769253a94bfc410 |
\??\PIPE\lsarpc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Installer\MSI5169.tmp
| MD5 | f97b9cde9f9de44a9de69363eb66dce5 |
| SHA1 | 846fb6f0ef3c704d97779034ac48464fd1bdb881 |
| SHA256 | e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9 |
| SHA512 | 5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1 |
C:\Windows\Installer\MSI5169.tmp
| MD5 | f97b9cde9f9de44a9de69363eb66dce5 |
| SHA1 | 846fb6f0ef3c704d97779034ac48464fd1bdb881 |
| SHA256 | e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9 |
| SHA512 | 5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1 |
C:\Windows\Installer\MSI5169.tmp
| MD5 | f97b9cde9f9de44a9de69363eb66dce5 |
| SHA1 | 846fb6f0ef3c704d97779034ac48464fd1bdb881 |
| SHA256 | e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9 |
| SHA512 | 5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1 |
C:\Windows\Installer\MSI51E7.tmp
| MD5 | f97b9cde9f9de44a9de69363eb66dce5 |
| SHA1 | 846fb6f0ef3c704d97779034ac48464fd1bdb881 |
| SHA256 | e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9 |
| SHA512 | 5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1 |
C:\Windows\Installer\MSI51E7.tmp
| MD5 | f97b9cde9f9de44a9de69363eb66dce5 |
| SHA1 | 846fb6f0ef3c704d97779034ac48464fd1bdb881 |
| SHA256 | e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9 |
| SHA512 | 5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1 |
C:\Windows\INF\oem3.inf
| MD5 | 65346b5991286bb6bbe4038768f7e245 |
| SHA1 | d1a1f5cc3c1b9afacd4b9d65adcc58b2948a6f7f |
| SHA256 | 5b9f9965e3b7a42f52a36df2b035523106863247010e122dab253e3107b70ce7 |
| SHA512 | ed435b1c509361f4e6f9eef47f3a8ad980cbc8aaa84f27c9cb6b125a33d20034f0cc60a8a5679bc4bbcef2ef8f5bbea447b35d2c2d3047fab028db4b379af634 |
C:\Program Files\Vektor T13\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf
| MD5 | 12663dbd027adc66ef1d9cdf59c0f8cf |
| SHA1 | 667da2234c0613711920086a991328acfce58985 |
| SHA256 | 232fabfc5d2201eeaa9b32fce26903eda4d8519613e6ec8967fbf11935f135ac |
| SHA512 | 7b3482f2d87c7de175964ec8a8cc0b4341e8782d3de44b6ea5eb9150c2e5b582a896a32609272fed3f26d7fa57cc8e6709d47708129b739d391364bbaae93d31 |
C:\PROGRA~1\VEKTOR~1\VIRTUA~1\drivers\network\netlwf\VBoxNetLwf.cat
| MD5 | 4a8db3582e8ce1687b107db4eac1f1b5 |
| SHA1 | 17a401cc2bc872e3299ddde2fdd153c624a9f666 |
| SHA256 | b792e5e904dd4c75433e9f6fd9e5b81f8274c7b8580f174fea124b97ef11d90e |
| SHA512 | cbb299247dc8e41b9d45d488f164937781a51762337d7f4fc82af82829c3529f8906ab55a9eb0aa19a0d74b18f542f22f3434a6ebe061a6d21be3d1f16c9f84d |
C:\PROGRA~1\VEKTOR~1\VIRTUA~1\drivers\network\netlwf\VBoxNetLwf.sys
| MD5 | be2d61e34859a88ab785b1579767488a |
| SHA1 | 55eed9cfecb2a77299528abd5503916dad342c6e |
| SHA256 | fc4d51468f49dfcb2be252670a32be264e8e5e570172c431bd8010fbebcf7e82 |
| SHA512 | 8f17ed77cbace1b8f9ea25b91d298edf51fe6af2e0086eca0e47a3ce639994afa47e8f0e223ebdb1abfbb8940415e1e57caaf6d1b5b817333893c3cb1480fc22 |
C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949}\VBoxNetLwf.inf
| MD5 | 12663dbd027adc66ef1d9cdf59c0f8cf |
| SHA1 | 667da2234c0613711920086a991328acfce58985 |
| SHA256 | 232fabfc5d2201eeaa9b32fce26903eda4d8519613e6ec8967fbf11935f135ac |
| SHA512 | 7b3482f2d87c7de175964ec8a8cc0b4341e8782d3de44b6ea5eb9150c2e5b582a896a32609272fed3f26d7fa57cc8e6709d47708129b739d391364bbaae93d31 |
C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949}\VBoxNetLwf.cat
| MD5 | 4a8db3582e8ce1687b107db4eac1f1b5 |
| SHA1 | 17a401cc2bc872e3299ddde2fdd153c624a9f666 |
| SHA256 | b792e5e904dd4c75433e9f6fd9e5b81f8274c7b8580f174fea124b97ef11d90e |
| SHA512 | cbb299247dc8e41b9d45d488f164937781a51762337d7f4fc82af82829c3529f8906ab55a9eb0aa19a0d74b18f542f22f3434a6ebe061a6d21be3d1f16c9f84d |
C:\Windows\System32\DriverStore\Temp\{83015b23-0d15-9a4c-887b-469b5f51e949}\VBoxNetLwf.sys
| MD5 | be2d61e34859a88ab785b1579767488a |
| SHA1 | 55eed9cfecb2a77299528abd5503916dad342c6e |
| SHA256 | fc4d51468f49dfcb2be252670a32be264e8e5e570172c431bd8010fbebcf7e82 |
| SHA512 | 8f17ed77cbace1b8f9ea25b91d298edf51fe6af2e0086eca0e47a3ce639994afa47e8f0e223ebdb1abfbb8940415e1e57caaf6d1b5b817333893c3cb1480fc22 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 8a4a7f9ec35a24a6f4e80b9c247accfe |
| SHA1 | 3e24b0cb9848e9e2c9e6e45ff4d417370cc138dc |
| SHA256 | c3141409cf807b59098c5c4b538996e8cad66b60141dd95db135f7d38d55b072 |
| SHA512 | 1af896e7ebc178e4f8c3a02c0565689fb476e0712191cf85750fbead54def6a609127e294a9e6fe4ef8fbc89dfb21a2af30ca169ba63b9000b89063853261938 |
C:\Config.Msi\e58dbd5.rbs
| MD5 | 0522c9782c70e162e78324c6762e6c59 |
| SHA1 | cde85d75713f663a48240d07c9a325649287893a |
| SHA256 | 21d01e310df62e0e60c598dad3af83bd9459d96f5ff2496dfcf489bea81327ff |
| SHA512 | 09fa76891af10cfb5bb2237349ac38a132892c51ef79b7a6e593744f8500ee380dc139c4ec5642a29b2a2bfaffe1a61e58da57f02cf26dff0367a12c98414768 |
memory/4124-614-0x0000000068770000-0x0000000068CBE000-memory.dmp
memory/4124-613-0x00007FFC3CD50000-0x00007FFC3F0CA000-memory.dmp
memory/4124-615-0x00007FF7B84D0000-0x00007FF7B86F6000-memory.dmp
memory/1904-616-0x00007FFC42880000-0x00007FFC43221000-memory.dmp