41f45a46ee56626ff2699d525bb56a3bb4718c5ca5f4fb5b3b38add64584026b

Analysis

max time kernel
94s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240221-es
resource tags

arch:x64arch:x86image:win10v2004-20240221-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22/02/2024, 05:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

vcredist_x86.exe
Size

4.0MB
MD5

5689d43c3b201dd3810fa3bba4a6476a
SHA1

6939100e397cef26ec22e95e53fcd9fc979b7bc9
SHA256

41f45a46ee56626ff2699d525bb56a3bb4718c5ca5f4fb5b3b38add64584026b
SHA512

4875134c664503242ec60717232f2917edca20286fc4b675223edbbe5dc0239ebfaf8f67edd76fedcaa2be5419490dc6f47930ca260e6c9988ccf242416c204b
SSDEEP

49152:DQC7p7i0AY9PE1UJEfcnKiJ/K7+RIaCSi3haenvUvwwZDfimxQ02BhoZGxaJq8QQ:DLp7ilY9CQEcKz+kSixJvzwZeK2ggYK4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2384	install.exe

Loads dropped DLL 1 IoCs

pid	Process
2384	install.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\V:	install.exe
File opened (read-only)	\??\Z:	install.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	install.exe
File opened (read-only)	\??\N:	install.exe
File opened (read-only)	\??\W:	install.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	install.exe
File opened (read-only)	\??\O:	install.exe
File opened (read-only)	\??\T:	install.exe
File opened (read-only)	\??\X:	install.exe
File opened (read-only)	\??\R:	install.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\G:	install.exe
File opened (read-only)	\??\J:	install.exe
File opened (read-only)	\??\K:	install.exe
File opened (read-only)	\??\Q:	install.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	install.exe
File opened (read-only)	\??\P:	install.exe
File opened (read-only)	\??\S:	install.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	install.exe
File opened (read-only)	\??\Y:	install.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	install.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	install.exe
File opened (read-only)	\??\L:	install.exe
File opened (read-only)	\??\M:	install.exe
File opened (read-only)	\??\I:	msiexec.exe

Drops file in Windows directory 62 IoCs

description	ioc	Process
File opened for modification	\??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051915905.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916046.0\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916046.0\mfc90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916046.0\mfc90u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051915905.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90fra.dll	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\e579a5b.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051915812.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2.manifest	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051916015.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916108.0\9.0.30729.1.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916015.0\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90jpn.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916015.0\msvcr90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916155.0\9.0.30729.1.policy	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051916046.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051916187.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051915952.0	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA19F.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916046.0\mfcm90u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916015.0\msvcp90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051915952.0\9.0.21022.8.policy	msiexec.exe
File created	\??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916046.0\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90deu.dll	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90cht.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90rus.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916187.0\9.0.30729.1.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916046.0\mfcm90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916108.0\9.0.30729.1.policy	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{9A25302D-30C0-39D9-BD6F-21E6EC160475}	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916155.0\9.0.30729.1.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90ita.dll	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916187.0\9.0.30729.1.cat	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051915812.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051915905.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051915812.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90esp.dll	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051916062.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051916077.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051916155.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051915905.0\vcomp90.dll	msiexec.exe
File created	\??\c:\Windows\Installer\e579a5b.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051915812.0\atl90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90kor.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051915952.0\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916077.0\9.0.30729.1.cat	msiexec.exe
File created	\??\c:\Windows\Installer\e579a5f.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90enu.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90esn.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916015.0\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916015.0\msvcm90.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240222051916108.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916062.0\mfc90chs.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240222051916077.0\9.0.30729.1.policy	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "94"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe

Modifies registry class 52 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\VC_RED_enu_x86_net_SETUP	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Net\1 = "c:\\a60ea69ab3920b2899c1e1db706794\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.OpenMP,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800380036003e004d004f00700050006d00360078002b0044003400700061006d006600580031006f00390032007a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\FT_VC_Redist_ATL_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\ProductName = "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\Clients = 3a0000000000	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\FT_VC_Redist_MFC_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\FT_VC_Redist_MFCLOC_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\PackageName = "vc_red.msi"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.ATL,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f00410054004c005f007800380036003e006500720069002d002e003800540052004600340074006d00310053006a006d00350059005d00380000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFC,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004d00460043005f007800380036003e0049004000790043006a0027006200720045003400710030004c0044006f0059004c007e006600580000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\Servicing_Key	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\Version = "151025673"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media\1 = ";1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\FT_VC_Redist_CRT_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.OpenMP,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800380036003e004d0039002c004f005500350063004d0078003400660069003f00660040007b00300021004400480000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\AuthorizedLUAApp = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\InstanceType = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\FT_VC_Redist_OpenMP_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\LastUsedSource = "n;1;c:\\a60ea69ab3920b2899c1e1db706794\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Win32Assemblies\Global	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFCLOC,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800380036003e0063002e00410078003f007d0058003200710034003900530045006800470072004b0038007400360000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.CRT,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004300520054005f007800380036003e00390032002c002b004b006e00240039002e0037006d0024006f0066007000790021004b007400620000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.CRT,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004300520054005f007800380036003e006b0027005600490037006f00520050007e00370055003d006f0029006d00730026002c003300420000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\PackageCode = "6C7E9C94F9A4F6E4EA39E910D4A1AC39"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.ATL,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f00410054004c005f007800380036003e007900590067002500610066004a005700640037003800700038006d007200570035002b004d00660000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFCLOC,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800380036003e0040006500650034004900600034006b0069003500590047006500590051006300340025007700780000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFC,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004d00460043005f007800380036003e004d0072004e0075004700740065007d0054003400240066006f0062004f005000340040004d004d0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\VC_Redist_12222_x86_enu	msiexec.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4628	msiexec.exe
4628	msiexec.exe
5524	msedge.exe
5524	msedge.exe
6920	msedge.exe
6920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4628	msiexec.exe
Token: SeCreateTokenPrivilege	2384	install.exe
Token: SeAssignPrimaryTokenPrivilege	2384	install.exe
Token: SeLockMemoryPrivilege	2384	install.exe
Token: SeIncreaseQuotaPrivilege	2384	install.exe
Token: SeMachineAccountPrivilege	2384	install.exe
Token: SeTcbPrivilege	2384	install.exe
Token: SeSecurityPrivilege	2384	install.exe
Token: SeTakeOwnershipPrivilege	2384	install.exe
Token: SeLoadDriverPrivilege	2384	install.exe
Token: SeSystemProfilePrivilege	2384	install.exe
Token: SeSystemtimePrivilege	2384	install.exe
Token: SeProfSingleProcessPrivilege	2384	install.exe
Token: SeIncBasePriorityPrivilege	2384	install.exe
Token: SeCreatePagefilePrivilege	2384	install.exe
Token: SeCreatePermanentPrivilege	2384	install.exe
Token: SeBackupPrivilege	2384	install.exe
Token: SeRestorePrivilege	2384	install.exe
Token: SeShutdownPrivilege	2384	install.exe
Token: SeDebugPrivilege	2384	install.exe
Token: SeAuditPrivilege	2384	install.exe
Token: SeSystemEnvironmentPrivilege	2384	install.exe
Token: SeChangeNotifyPrivilege	2384	install.exe
Token: SeRemoteShutdownPrivilege	2384	install.exe
Token: SeUndockPrivilege	2384	install.exe
Token: SeSyncAgentPrivilege	2384	install.exe
Token: SeEnableDelegationPrivilege	2384	install.exe
Token: SeManageVolumePrivilege	2384	install.exe
Token: SeImpersonatePrivilege	2384	install.exe
Token: SeCreateGlobalPrivilege	2384	install.exe
Token: SeShutdownPrivilege	2384	install.exe
Token: SeIncreaseQuotaPrivilege	2384	install.exe
Token: SeCreateTokenPrivilege	2384	install.exe
Token: SeAssignPrimaryTokenPrivilege	2384	install.exe
Token: SeLockMemoryPrivilege	2384	install.exe
Token: SeIncreaseQuotaPrivilege	2384	install.exe
Token: SeMachineAccountPrivilege	2384	install.exe
Token: SeTcbPrivilege	2384	install.exe
Token: SeSecurityPrivilege	2384	install.exe
Token: SeTakeOwnershipPrivilege	2384	install.exe
Token: SeLoadDriverPrivilege	2384	install.exe
Token: SeSystemProfilePrivilege	2384	install.exe
Token: SeSystemtimePrivilege	2384	install.exe
Token: SeProfSingleProcessPrivilege	2384	install.exe
Token: SeIncBasePriorityPrivilege	2384	install.exe
Token: SeCreatePagefilePrivilege	2384	install.exe
Token: SeCreatePermanentPrivilege	2384	install.exe
Token: SeBackupPrivilege	2384	install.exe
Token: SeRestorePrivilege	2384	install.exe
Token: SeShutdownPrivilege	2384	install.exe
Token: SeDebugPrivilege	2384	install.exe
Token: SeAuditPrivilege	2384	install.exe
Token: SeSystemEnvironmentPrivilege	2384	install.exe
Token: SeChangeNotifyPrivilege	2384	install.exe
Token: SeRemoteShutdownPrivilege	2384	install.exe
Token: SeUndockPrivilege	2384	install.exe
Token: SeSyncAgentPrivilege	2384	install.exe
Token: SeEnableDelegationPrivilege	2384	install.exe
Token: SeManageVolumePrivilege	2384	install.exe
Token: SeImpersonatePrivilege	2384	install.exe
Token: SeCreateGlobalPrivilege	2384	install.exe
Token: SeRestorePrivilege	4628	msiexec.exe
Token: SeTakeOwnershipPrivilege	4628	msiexec.exe
Token: SeRestorePrivilege	4628	msiexec.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6376	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 2384	3244	vcredist_x86.exe	83
PID 3244 wrote to memory of 2384	3244	vcredist_x86.exe	83
PID 3244 wrote to memory of 2384	3244	vcredist_x86.exe	83
PID 2384 wrote to memory of 6920	2384	install.exe	88
PID 2384 wrote to memory of 6920	2384	install.exe	88
PID 6920 wrote to memory of 6936	6920	msedge.exe	89
PID 6920 wrote to memory of 6936	6920	msedge.exe	89
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 7164	6920	msedge.exe	90
PID 6920 wrote to memory of 5524	6920	msedge.exe	91
PID 6920 wrote to memory of 5524	6920	msedge.exe	91
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92
PID 6920 wrote to memory of 1468	6920	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\vcredist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\vcredist_x86.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3244
- \??\c:\a60ea69ab3920b2899c1e1db706794\install.exe
  c:\a60ea69ab3920b2899c1e1db706794\.\install.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?LinkId=119537
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:6920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b61346f8,0x7ff9b6134708,0x7ff9b6134718
      4⤵
      PID:6936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17159726815287954908,4916433671852262326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
      4⤵
      PID:7164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17159726815287954908,4916433671852262326,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17159726815287954908,4916433671852262326,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
      4⤵
      PID:1468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17159726815287954908,4916433671852262326,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      PID:1252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17159726815287954908,4916433671852262326,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
      4⤵
      PID:4320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17159726815287954908,4916433671852262326,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
      4⤵
      PID:1044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17159726815287954908,4916433671852262326,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
      4⤵
      PID:5292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17159726815287954908,4916433671852262326,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
      4⤵
      PID:5720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17159726815287954908,4916433671852262326,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
      4⤵
      PID:5376

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa399a055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:6376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9cafa4c8eee7ab605ab279aafd19cc14

SHA1
e362e5d37d1a79e7b4a8642b068934e4571a55f1

SHA256
d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

SHA512
eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3bde7b7b0c0c9c66bdd8e3f712bd71eb

SHA1
266bd462e249f029df05311255a15c8f42719acc

SHA256
2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

SHA512
5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
388a3205cc40ceeb32e3eaa927ece3ca

SHA1
894d904b0f99ff919f603005690eaa38f0d91388

SHA256
3a1281304aa394d56bc0479d9abcd8e4560cfd0f8676cba110ed233b74c232b1

SHA512
4c0e724571b399dd25fa127ae5471c7d9fb48ad341d10200a7f6c83f0177bdd7df5861470c4c50202df0b0987d8122fa5ca9d37dcb52d143d3e7832fc9548ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
acc20248a680f00cb8b912f25554a957

SHA1
a8889ebef486e2322cb735a09f68be1a21f64870

SHA256
90c35e9d9f234efba82331a8d65a33405b776efabded083eec43581a48dc29dc

SHA512
1100ad559ec7e861c8a07900cb8a9ddd821883136492b525771f2dccff48b2ace160466bd73a30dde1643e96a0dd7edc7864f0d268672a6b894a04ca43b2b684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41a8bfc0f6b0144dfce0f84c76320a4a

SHA1
e2c9b77cf9aa8e38c1ad6c37b3630a61badd7fae

SHA256
e91db2c73f2ed408db91a91b13d9d1bb15b077c022f862bd5d73731072ab471e

SHA512
a4f411f6f982b040085b74641f9a6e11e69531d6d0f7538e72b284be15b0b984ff902e103135f95fa7a4b155b1a223a4a5e28c7874cf366cd05864529eaa1fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e945db910db6d854e05c7f2ee3155e6

SHA1
db2986c379dc60da2109912a624012ea831ad0b3

SHA256
bbc03702fd67df6199c5fe1b1f70e525391778923d365aaa24f0c6a3c4e5b769

SHA512
02053cd6b54840970e91779f372d229fababa5c2c9ef7babd3d86dfd4e08bc7ffde4577660b8c2c3cbb99ed424909fe32800c6791b039b78ffbd9f4c464a1714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
766dc52e3e467d76ef33a53543cc02be

SHA1
3d5bd19ae59d793565e0fbf337952d00b915d7da

SHA256
e46f315d810c9ad94c046bb0caa486f70d6a106ed0350d53711f2a5a751c7fed

SHA512
602e0bd2f300878872513513cb685386d729b59288e74a581e491edb1896990596c73fd197259311179d4788ef67ebe0e2c10e3be734df829f9c16ea9947613d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3de250c5ebb4a07e954fcda00f0883e

SHA1
1899b8fbddffc7d049d2baf729ffd8ca177f1bd0

SHA256
2f7156b47d63e335e9271149dc45c1146ec0294e23ac0d79c1128cd5cbd7f007

SHA512
1bf18d2d724d9073831dff2a580ccce67cad70208be8ac40155b4c308a367f07b1f14119ad694806070c8403eb05123176c18c771103ae1e8815cb94452caafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5852ed.TMP

Filesize
1KB

MD5
f65ee31f8ab0a477db23aeba22862488

SHA1
d6c8b32b08cdc236d7d7632d72b241f00c9a4106

SHA256
036acb2bceb151fc23238c3623962716c296d49556e8539f21eadf05a3eab894

SHA512
1317f6dfc12a5bd1b820f39a1056c831bc1a7dc45f62bc44bbacba4e514e2e5b579ad1fc8896a9c0c4beb429cd197b08803c2424d23db54f1e56deea3bd69eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd8f6a8f0aaa19f9a523254af555e2ab

SHA1
356755425b6f25fc53240a2e1e8ccad55afad4fc

SHA256
3b622ea79ecbb203f3f4421809cb1dbb94a0b52cd4658d219d9aea4ce0f46ea3

SHA512
124d17cdcb20bcae9f61b83fcf2c80ddd58672b4ed31649f285fc5acc009cb306fa11db4cc021fb774299ef5609bb00b1867a4eee50f0dc9c25375b558fd9515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
436afbb18cfe033cc2c18c5dc398cbd8

SHA1
f8383ce042f20407a79d61f0cfa48b9d59268674

SHA256
0794c71a11bbd5f98c27741df4c4d78d1dbe43fda01aca84c77323efbed8d78d

SHA512
df35498d0fc1e3b1985f0230f4ebd114c0618c696fa2a162cd708de571af5f3de387f4d74605ea8e19cf99658b3f71df1c64d7dfd9362eb1dbe104c476b9b7f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSW0\VSSWMSIFailInfo.txt

Filesize
4KB

MD5
952b4de3673b4e1c3c44536ff5126b5b

SHA1
ee54253b65b95cf111361571057d74189e9d4f0c

SHA256
7252a7f58962ea9082faa89b4dbf9a4e620af4530195ce38c849d9ad3676ac21

SHA512
07af334330250e7288b92866a2b8a124cc1f5cce84c6b24cc69eddcfad6affa1dc7e618552cd8154f273c60490de83fb873e0296eb9c78cd8464c7746851954e

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSW0\VSSWMSIFailInfo.txt

Filesize
33KB

MD5
8ac9b96b9bcb119f30a62cc043e3d328

SHA1
d6a3a03391579c9af5dafe7d26ed332f0f8f6968

SHA256
2843f459905754bb6534b48ad14a9bf871ad602094788a920198bcd65d7c98a2

SHA512
a485ca7f898518ec58f186d96cfade6b4a30fa0f1e6cca100a634cd15cd00031e2994b9e2c9cbc3034b4941dc719f7cb6c0b87a3b8a086917302a195243b32fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSW0\VSSWMSIInstallTime.txt

Filesize
15KB

MD5
0da9b54debef874b3a8b9e6a0bb6da1d

SHA1
af9273a7b713ae3d1f75bdaa1048140831cb3a7a

SHA256
028ef2f4694ad183632da0c971ca17e0326f635f00ffb70d64d648267941cd87

SHA512
923072fdc727138f93de996a9a38b5fc515cc43be95e7bed987c82123fddaee9cf5a5d8d59b308f1990827d71a36181eff583745572ff54ee9faf921ab5c27e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSW0\VSSWMSISummary.txt

Filesize
7KB

MD5
4b403071e205ce7288923e7a6dc336e1

SHA1
9c69d6bf2607f9911974f5da3c653ebedb2e8c6d

SHA256
336a554d41f93757eb35ad50c370fc34ce41561709abb49fa35e89eb983b7a5d

SHA512
fbfa69430c3446942886269ed9508f90c4a60eb932dda6edb10a348d784116b8901eb144ec03518d30cd8893a8f00cac7818dbde931f67411f654792b9f2cc1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\VWLD6B9.tmp

Filesize
2KB

MD5
a49544d3b73956bda0c8d3157f5311dc

SHA1
f949a98994f9bf7554e2d1575faf777f743a71a3

SHA256
4d9b33ba4f43acd42e4eb69bcb33c6906d5729c61bbddc871e18af7b73773f42

SHA512
c48049df714683888fb6f5d684f0584bd05c1604781d87f65ce26d88228b2e38211f8e2ddb0cc69f00d948c84cfcfda038a0b9a03d3b4791fcd516e610279166

Download Submit
C:\Users\Admin\AppData\Local\Temp\VWLD6B9.tmp

Filesize
392B

MD5
f86d22a11bae399a9864e23ade50a493

SHA1
dab1f7547ceaba5c56291b99b8d9a0749d2913a9

SHA256
778ba8c0c11dd710885636aa234b13905d9bd3ec02f0ce6a6b0b16155e1d6929

SHA512
017bf65af317e0f2daa8557327f988424ebff8eae5632b26d33e6ab32a76a9670b3bf7a5e6db2b84ad2567936f594dff28459721c7f54f6abb0d795c6c10b123

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI6C24.txt

Filesize
693KB

MD5
5a9959a197e7a11b3ee53413ef3a6376

SHA1
2b990b954c779e08e1eb722a37fc8fe85dd883e0

SHA256
90c4e54d8203ac7d2a41206c86f1153ecf4f204d300645b23bd9554801d13158

SHA512
8429fbe3a00d229d89f0ed4ddc9922ebdebc36915cd736dd927b988d9285abc7334d9e2ed76a9193bca07edf3852c4c21ef9d4247a261b4a1a4e699411b96b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI6C24.txt

Filesize
154KB

MD5
c9c100963d3e25a4a3016ff143ae345b

SHA1
593e2582a84db67c6a0528ccbef13d5e8533d7e8

SHA256
9bfa589d8d1251ff0a674f4f2e0f4cc609dbd941db2a6b42b4d80a304f6f9525

SHA512
58adad16746d3419ce87bb86bd2f9cd2199f2b1f132d25cf234710227e50d8b61cd9346b7b669a368fb1ceb581d0726ae05e0dbc26caf248eca7fdf29b5dbe20

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI6C24.txt

Filesize
15KB

MD5
db666eb7733a13183ad7d7a4ff9c80db

SHA1
24703a8ee7ec601e9538da4760a75cdfaa8a41a0

SHA256
5fb2a346adf8feb3d78115136ee5f56975d41d6026d25cdc36addcf29db63b0c

SHA512
64828a57018e23e8a6b6e79898e21751f13d2a892a24d292b14e4331fb37a96f4506f95e7cc38f1cbdb8c06727a5631c32324e5735524f72ef098c3e2bb100e1

Download Submit
C:\a60ea69ab3920b2899c1e1db706794\install.exe

Filesize
549KB

MD5
33c9213ff5849ef7346799cae4d8ac80

SHA1
5421169811570171e9d2d0a1cdca9665273e7b59

SHA256
3377e31d233ff41aea253e6221815820997763acdf40b005f8791400366cb8ff

SHA512
da0fc3f57156e06c0c37c1fb5176e1b147ce4aa21f519112123722496b04ad4bc3d366e2b51fd78de1ba0304d35bfd5e5fc95cabc2b3eb174f77636a8fa162a1

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\VC_RED.cab

Filesize
3.7MB

MD5
ecca3c1acb74cb73c600eabdd3f9c9d9

SHA1
f015759f623c377494a5996670204f1fcd0895e3

SHA256
43b7648183347374236296f2176c7c7da920da9c1a08adda761e12614efb299e

SHA512
2785b8e8cfc310ec114cee696c5b85900fc71186dcbf0c99a9c13f4f0fdcc9e9dd583c9d1fd82492a680efcd7071c3593b02b628bd947bc19b1302b931aca807

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.1028.txt

Filesize
3KB

MD5
f187c4924020065b61ec9ef8eb482415

SHA1
280fc99fb90f10a41461a8ee33dbfba5f02d059d

SHA256
cfa4f2c6c2a8f86896c5a6f9a16e81932734136c3dfde6b4ed44735e9c8115c2

SHA512
1d5a8e80fb6805577258f87c4efd7c26a9ac1c69f7dea1553d6f26bcc462d2d9c01d4b94077f70110a33b39648c9aa3bb685e10534f19ba832d475e9ee6aa743

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.1031.txt

Filesize
15KB

MD5
3168ed3b48c1dc8d373c2abc036574cf

SHA1
7ffbcfb6cd9b262a0e9a55853d76055693f60c60

SHA256
3e4d78fcc11eecb23af12a4eaa316114bb36d39561f6062a3921c08a43261321

SHA512
9465640705c382bb736e468a2ffb303ecfb2637c55ddca759d1fb190279b98103def64a8c599deaa1439e58c41d7b2c2809332c2a5f18945e9ee3d6c046a5197

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.1033.txt

Filesize
9KB

MD5
162fc8231b1bd62f1d24024bb70140d5

SHA1
7fa4601390f1a69b4824ee1334bee772c2941a24

SHA256
c68a0fd93e8c64139a42af4fcd4670c6faea3a5d5d1e9dd35b197f7d5268d92b

SHA512
a707b5ef0e914ba61e815be5224831441922ed8d933f7a2ffe8aecf41f5a1790a1e45981f19d86aa5eab5ea73d03b0c8e2ab6b9f398ab0154d1c828da6f6beda

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.1036.txt

Filesize
11KB

MD5
c360851dfdf51b6ddc9cfcc62c584898

SHA1
f8fbe6b98039d01700dc49eb454bb1c1d8cc4aa6

SHA256
3456ebc9c6decef8b27b10d97f7f6d30a73b5da0024e1b8a0657e3b9a1cc93d9

SHA512
a340a7d98b4b6f925a803805224e733433e76230a36c4ab17e28f9d5951b81280d776153414701b29bb05b496b726932683e35fb603587d7ff5b716a88fece8d

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.1040.txt

Filesize
13KB

MD5
04b833156f39fcc4cee4ae7a0e7224a1

SHA1
2ffa9577a21962532c26819f9f1e8cd71ab396bd

SHA256
ebafaeb37464ed00e579dab5b573908e026cd0e3444079f398aada13fa9a6f66

SHA512
8d3f6a900ebd63a3af74ab41ac54d3041de5fe47331a5e0d442d1707f72a8f557d93d2f527bbb857fb1c67dd8332961fd69acc87de81ba4f2006c37b575f9608

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.1041.txt

Filesize
5KB

MD5
031fab3fb14a85334e7e49d62a5179fe

SHA1
12370185ef938a791609602245372e3e70db31be

SHA256
467773ddffdb3f31027595313b70d1ea934c828b124d1063a4aa4dbe90f15961

SHA512
7424a52bbb18a006816ee544d47f660e086557d13bb587d765631307da96aba56d8b9cd3d4e7d50c2a791815273910cef95ebe928bc03dd9c540b97ac7a86447

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.1042.txt

Filesize
5KB

MD5
6fcd6b5ef928a75655d6be51555288c7

SHA1
eafdcc178343780b83f1280dad9d517aaedab9e4

SHA256
3d45f022996cd6d9ebb659a202fbfd099795f9a39ed4e6bbd62ac6f6ed5f8c7b

SHA512
635ba44d8d8ecfbdb83a88688126f68c9c607e452e67d19247dfe7c307c341dad9b1d2dc3eae56311c4b3e9617ab1ee2bd2a908570df632af6de1e1fa08bf905

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.1049.txt

Filesize
13KB

MD5
bc3a8865b60ec692293679e3e400fd58

SHA1
2b43b69e6158f307fb60c47a70a606cd7e295341

SHA256
f82bca639841fa7387ae9bbf9eca33295fab20fade57496e458152068c06f8a3

SHA512
0d9820416802623e7cd5539d75871447f665481b81758c08f392f412bc0fd2ef12008be0960c108d1c1ce6f26422f1b16161705104d7a582df6a1006b0d1b610

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.2052.txt

Filesize
3KB

MD5
ec4b365a67e7d7db46f095f1b3dcb046

SHA1
d4506530b132ef4aad51fcbc0315dadc110c9b81

SHA256
744275c515354ece1a997dd510f0b3ea607147bbf2b7d73f8fca61839675ba27

SHA512
5e5d1e196fc6ac194589bc6c6ab24e259aed8cbd856999390495fd5ec4211f212c6898e1b63538bfbb4401a5b4da08f3a2e09bca1cfb2e9c2cee38e63190b2a2

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\eula.3082.txt

Filesize
12KB

MD5
c2d1221cd1c783b5d58b150f2d51aebf

SHA1
3bc9b6419a5f9dcf9064ae9ef3a76c699e750a60

SHA256
c79ff7b9e67aed57f939343a3d5fd4fb01aa7412530693464571148b893b7132

SHA512
c4ec596814b408e3c0aaf98864e2769c6175dba020f3014dd79f0190d81812020c932afca449e6b8b35233f36f2ab2efad0dc8d0d68dccdb40f6715fb1d050b4

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\globdata.ini

Filesize
1KB

MD5
0a6b586fabd072bd7382b5e24194eac7

SHA1
60e3c7215c1a40fbfb3016d52c2de44592f8ca95

SHA256
7912e3fcf2698cf4f8625e563cd8215c6668739cae18bd6f27af2d25bec5c951

SHA512
b96b0448e9f0e94a7867b6bb103979e9ef2c0e074bcb85988d450d63de6edcf21dc83bb154aafb7de524af3c3734f0bb1ba649db0408612479322e1aa85be9f4

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.ini

Filesize
844B

MD5
5feaa6a36fea7dfdb88c18d69ba6d6a9

SHA1
7afd91a7b046d68b6ee9fd367bcd7a4fec546216

SHA256
67a50ffbb8a1d500eaa4d9f0227d6a8595a2750154e6b31662fc4f51286e47fc

SHA512
6c8c0456f232a02a49d51b3f1a830a18b9078e621cd0dc3f4f76f79b83035e8affac67bce3af9a37fa9096a34a8499c59cf982b63a4b2400b9190d2db293e682

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.1028.dll

Filesize
74KB

MD5
5e7e93fb7b9d36665b10be97703dafe5

SHA1
17b42892768e9742920febf70e9214997e3f04ef

SHA256
b8f0f576199e32fd906538537c8da052ee666a91ef971c577a53fd715e544604

SHA512
8f2828606ae34a691be77cdc5dc20f3aeb641bb24742fac04860a6f847c42cdc8453b8e5f9722f7b016438849c2b57fc8ea9b41111b69ffed30624e16824a1d6

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.1031.dll

Filesize
94KB

MD5
a1157142485b86985c03e26add533201

SHA1
05320791cdf33ff3a9989396f6b54172b2d7d0ee

SHA256
94779d2272a18a0340156225485aab95d0473aef478442dfe392d11b7e6f41db

SHA512
3fa2b3c4c57e071f24cdd02fc53dca5206370c8161cd9ba7b95fa8a9bce9e5268f3f7824908f93df7a087afd38425219447339f40908ffc9b1d593d063ae21c1

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.1033.dll

Filesize
89KB

MD5
8e97ea8a1ed69806232e8743f9a28706

SHA1
e911d3802e64f9be0e1ac68865bbcc92624d6a1f

SHA256
2893b1b9751f833d4a3ded7c1fba1a96cada2927a2349c5d751365eed647c100

SHA512
aa57fe0b822145aa1d8eb72f9735ef5d92036f24c4c80392799d701447d18ea510331f5653b39c43dc923cd0f1a61bf87be0f8a4927f6e3754d19ac76fd443c3

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.1036.dll

Filesize
94KB

MD5
cbf6e77d932688970a28328ca5263501

SHA1
b1d469e921ba90df15760943f228ebb2cbc55792

SHA256
3ffe888bc0bbe9bb81369b49171d532839fbea931d8553371e857df6ef815c13

SHA512
eeb2773960f7ecf9e87b5225cc730651388fab7dadda766a38d345f051ce2cab7027ac6c7286092e86f71c67b8c8a8c01c3808f205082280ad051fcba96358c9

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.1040.dll

Filesize
93KB

MD5
dcca7196203d338b41ead5e1418c6a92

SHA1
44267accc8577f093abc77dff8d5f7ff25c343b2

SHA256
c2a81077da2201d180bd5496129ea6bcfc5930d8a6d256babdb9a552b1a597d2

SHA512
13e934786445067be1c9eca38587dc55e294b2df6e1a16d13c584dc3c031126314047c007ecbc4548aa9bbe1f1021f19cd6b639fc66f43ef9465f4c4c10df049

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.1041.dll

Filesize
79KB

MD5
0fcc2f2bf7c18392514413a3c2a5ec5a

SHA1
bf7f494336589b8763b0936f0558749dbb407c4b

SHA256
11c111b3f24ba7d197007fb572b9f77e7d6f58c290de239a08f287c2aeb3b89d

SHA512
c704d1264fd2a106487baf87f6db054862bb31576b0716fe1570eca46ba90519c23c3246852c6b33ec1cf1fc6ff1529b163ff38ec9d32c5eb588585545fcb596

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.1042.dll

Filesize
78KB

MD5
d276d0c01bf44cb781ff5d293676674b

SHA1
f96e3a9bbac867b4dd9b24312845a852a5b44ed4

SHA256
d6f45cb0308e3790b0d819cae9d87e61d79468414ce7f78bd41e7289fc832945

SHA512
46100a058157b8435633bf0fc6a2c92086d74c60e480e0faa016e7aaba848e16c2431e48b83e738c28e3a393592ff6cc27b7a2c2a55ff6d94494cf83686175c7

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.1049.dll

Filesize
91KB

MD5
2e57ae4186f17be4148077ffe8212a27

SHA1
edad955ab3deef258c354d134b5a3443369f85f8

SHA256
ac9ef02d54eb87a5bc2bc8c77a6497853072ff37e7e82495ef8d79f6a5af07e3

SHA512
b2f239253866aab26cb1ab8a90f89ff90553cdb5897bba2ebf0e08eefb5a975c68bf7904f15b09e33777718478e3cc1a074dff8d8ddacc8a56b675adf125443b

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.2052.dll

Filesize
74KB

MD5
4b8d230ccfadf8a2d3ea4b1512238292

SHA1
53793dde6106277c33367de5cf361f79a52692c2

SHA256
8fec53f664217f624ec8229425abde74225eccf6b55e41d4c12c9d9789f4159c

SHA512
10993d5ca2b40060ba5925e8d7c008d028c06d909cb3b3a8f8da6a289e2cd45b95227114115e7ab6bed7fc91601d94c5b3c1a9d44e08850dc3048e4e9d51423d

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\install.res.3082.dll

Filesize
94KB

MD5
55a9b25fa0d768fb902842439d041b1f

SHA1
da103afd92af9b6f89b604191db2805a015a8c38

SHA256
8f826dba565fc464395ed24219da946f55692705de9f61f501dcfebf338970a3

SHA512
dc1b1dc345cb0e2e7e055abc07fc1374abbf773afae64fc27db292c5b97a166bfe4eaa69188d6831a91bfa2913c2238277a860a098ee9606b4112cba55067f7d

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\vc_red.msi

Filesize
227KB

MD5
6e17361f8e53b47656bcf0ed90ade095

SHA1
bce290a700e31579356f7122fb38ce3be452628a

SHA256
8811e5fe167223d906701bc8deb789de0a731e888e285834bcae164b03d43c96

SHA512
a566fc8bbb4d354db32f13de2fde73a1210c61b1c30a1be22b16c7e98b8d51c673259c57a924b04035cb9f0bf4a087a3e8b32221e7ff87032cddc840ffe3ed2f

Download Submit
\??\c:\a60ea69ab3920b2899c1e1db706794\vcredist.bmp

Filesize
5KB

MD5
06fba95313f26e300917c6cea4480890

SHA1
31beee44776f114078fc403e405eaa5936c4bc3b

SHA256
594884a8006e24ad5b1578cd7c75aca21171bb079ebdc4f6518905bcf2237ba1

SHA512
7dca0f1ab5d3fd1ac8755142a7ca4d085bb0c2f12a7272e56159dadfa22da79ec8261815be71b9f5e7c32f6e8121ecb2443060f7db76feaf01eb193200e67dfd

Download Submit
memory/2384-33-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download
memory/2384-148-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads