Analysis Overview
SHA256
b65612ace7fc0ae0b5a795abde581c3451388159f63364f4c48f4a2b86234c59
Threat Level: Known bad
The file LittleAlterBoy5_5.4.1.17134_64.exe was found to be: Known bad.
Malicious Activity Summary
Modifies firewall policy service
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Registers COM server for autorun
Checks installed software on the system
Blocklisted process makes network request
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Runs net.exe
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-04 14:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-04 14:10
Reported
2024-03-04 14:14
Platform
win7-20240221-en
Max time kernel
145s
Max time network
155s
Command Line
Signatures
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | C:\Program Files\Bonjour\mDNSResponder.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ ISSetupPrerequisistes = "\"C:\\Program Files\\Soundtoys\\Utilities\\License Support Win64.exe\"" | C:\Program Files\Soundtoys\Utilities\License Support Win64.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\dns-sd.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\dnssd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\dnssd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\dnssdX.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\dnssdX.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\jdns_sd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\jdns_sd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\dns-sd.exe | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\zh_CN.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\mdnsNSP.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Bonjour\mdnsNSP.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Vstplugins\Soundtoys\LittleAlterBoy.dll | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Soundtoys\LittleAlterBoy.aaxplugin\is-CFDI8.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Soundtoys\is-FFG70.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\it.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\nl.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\mDNSResponder.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Bonjour\mDNSResponder.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soundtoys\uninst\is-9N5IQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Common Files\VST3\Soundtoys\is-793MS.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\da.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\fr.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\ja.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\zh_TW.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soundtoys\uninst\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Soundtoys\LittleAlterBoy.aaxplugin\is-RFG28.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Soundtoys\LittleAlterBoy.aaxplugin\Contents\x64\is-UARAT.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\en_GB.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\fi.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\dns_sd.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Bonjour\dns_sd.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Bonjour\About Bonjour.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\sv.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Soundtoys\Utilities\License Support Win64.exe | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Soundtoys\LittleAlterBoy.aaxplugin\is-2MF3C.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Soundtoys\is-AJ6GG.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Soundtoys\Utilities\is-2PVU7.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\ko.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\ru.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\About Bonjour.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Soundtoys\uninst\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\de.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\en.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\es.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\nb.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\pt.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\pt_PT.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\ext\dns_sd.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Vstplugins\Soundtoys\is-VGVGE.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Soundtoys\Manuals\is-MN6MV.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Soundtoys\uninst\is-R7OPV.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Soundtoys\Utilities\is-N6TP1.tmp | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\pl.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\dns_sd.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soundtoys\uninst\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\f77893f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\wusa.lock | C:\Windows\SysWOW64\wusa.exe | N/A |
| File opened for modification | C:\Windows\Logs\DPX\setuperr.log | C:\Windows\SysWOW64\wusa.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | C:\Windows\SysWOW64\wusa.exe | N/A |
| File created | C:\Windows\Installer\f77893c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f77893c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f778942.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f77893f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI929B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI93B7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\Bonjour.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\RichText.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\RichText.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9029.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI92EA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI952F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\Bonjour.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Logs\DPX\setupact.log | C:\Windows\SysWOW64\wusa.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI90D6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI931A.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Bonjour.TXTRecord | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\VersionIndependentProgID\ = "Bonjour.TXTRecord" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Bonjour.TXTRecord.1\ = "TXTRecord Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{56608F9C-223B-4CB6-813D-85EDCCADFB4B} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\VersionIndependentProgID\ = "Bonjour.DNSSDService" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\NumMethods\ = "7" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\\{15D7BF62-B111-49C3-9E82-1E5859612E57}\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0\FLAGS\ = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2B0163E6D0340BE4183EB2758E9BEDD8 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDService\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDRecord\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\AppID = "{56608F9C-223B-4CB6-813D-85EDCCADFB4B}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Bonjour.TXTRecord\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\Bonjour.DLL | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8\SourceList\Net\2 = "C:\\ProgramData\\Apple\\Installer Cache\\Bonjour 3.0.0.10\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\AppID = "{56608F9C-223B-4CB6-813D-85EDCCADFB4B}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21AE8D7F-D5FE-45CF-B632-CFA2C2C6B498}\TypeLib\Version = "1.0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{29DE265F-8402-474F-833A-D4653B23458F} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDEventManager.1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\ = "IDNSSDEventManager" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\ProgID\ = "Bonjour.DNSSDRecord.1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\ = "TXTRecord Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1523EA646D34FC14C8FD9E203C58611D\2B0163E6D0340BE4183EB2758E9BEDD8 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDRecord\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{21AE8D7F-D5FE-45CF-B632-CFA2C2C6B498}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Bonjour.DNSSDRecord.1\ = "DNSSDRecord Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{21AE8D7F-D5FE-45CF-B632-CFA2C2C6B498} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\ProxyStubClsid32\ = "{7FD72324-63E1-45AD-B337-4D525BD98DAD}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Bonjour.DLL\AppID = "{56608F9C-223B-4CB6-813D-85EDCCADFB4B}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\ = "PSFactoryBuffer" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Bonjour.TXTRecord\ = "TXTRecord Class" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| N/A | N/A | C:\Program Files\Soundtoys\Utilities\License Support Win64.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\LittleAlterBoy5_5.4.1.17134_64.exe
"C:\Users\Admin\AppData\Local\Temp\LittleAlterBoy5_5.4.1.17134_64.exe"
C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp
"C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp" /SL5="$400DE,226646490,848384,C:\Users\Admin\AppData\Local\Temp\LittleAlterBoy5_5.4.1.17134_64.exe"
C:\Users\Admin\AppData\Local\Temp\is-G0PP4.tmp\_isetup\_setup64.tmp
helper 105 0x214
C:\Program Files\Soundtoys\Utilities\License Support Win64.exe
"C:\Program Files\Soundtoys\Utilities\License Support Win64.exe"
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe
"C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe" /quiet /norestart
C:\Windows\Temp\{EECB4C6C-3D30-437F-B630-1032FBE11822}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{EECB4C6C-3D30-437F-B630-1032FBE11822}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /quiet /norestart
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe" /quiet /norestart
C:\Windows\Temp\{810176E9-D886-415E-86AD-249D9B1D07AB}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{810176E9-D886-415E-86AD-249D9B1D07AB}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /quiet /norestart
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{15D7BF62-B111-49C3-9E82-1E5859612E57}\Bonjour64.msi" /quiet /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding DC81A4CF2071FCCC85C9B732B6157D2E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5724F460C174DE81188CA8AEE9AA2759
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A31C298993A4DFA7D9A7865C27757112 M Global\MSI0000
C:\Windows\system32\MsiExec.exe
"C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"
C:\Program Files\Bonjour\mDNSResponder.exe
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\SysWOW64\wusa.exe
"C:\Windows\system32\wusa.exe" "C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{4EF18522-4489-4423-9A67-6903B272672E}\Windows6.1-KB2999226-x64.msu" /quiet /norestart
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 3147D07623420983D9A5C05EC72405C1 C
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EEBF533C-AF88-4BBD-9D12-320EF29C6283}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{43E494BE-D192-4C07-9EE4-048D46E499E9}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{710BACAA-770F-4048-90DB-862DE5AD03BD}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{076E9B3D-CEC3-4D2F-9CE7-943A41AFB824}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A7768E13-11AC-4A6F-801A-6553F40173F8}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{002DE544-40FF-4692-99B4-E84E8E4856A1}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2F6DBDC2-9ACA-4BAA-84A3-2251E61D14CA}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C0A7CA19-AFCD-491D-A5DD-6A1E741DF1A1}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49CE36B1-786B-45FC-8BDD-B7705B32E9E0}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D7677CA9-F8A3-4FF6-B3B7-AD884FE2B5DF}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{822CD264-EF4C-4612-A0B0-94F0507FDEA5}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C8C01AD-2090-4B00-B9FC-81C13E3C5AA7}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{19D24993-91C1-4E4C-B23E-72F80FB0C16A}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5C19DE14-DFB9-4DB4-94F8-5364A855AE51}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F284DCC0-7874-4A76-9AF2-2A97A9D51FFF}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D973834F-9BA6-4E9E-8306-2C6E313595B8}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{500095E1-C33D-4C33-8160-66F11744B9F0}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3B281E85-2779-42D3-A4AE-18648AD69C21}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BB5F932A-DA22-4B5F-9A47-992C1140AF79}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0FF5F9D6-46F2-486D-942F-5A9309A85BEA}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{982909BE-84BC-4554-81CB-EE8AF0B46690}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A4B70712-353A-4BB3-8DFC-3540175AE384}
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | csc3-2010-crl.verisign.com | udp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
memory/2100-0-0x0000000000400000-0x00000000004DC000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp
| MD5 | 57a24b37c5950ef633969bc470fb77c7 |
| SHA1 | 8ceccc0de092110908a867e3ab2b274ca4e5ad64 |
| SHA256 | 0c89dc35e7a63f1cf21ad1e7653225496d15d38b8a3de800b37369aea40a198d |
| SHA512 | 6144bbfab053cbea7e35f8d0ea9b5e22addd59bb113a68709c5b6b78c83de82fba0bc231f31c59a1bd9b1ea1ae933718e6f73355c7feee448597ab604e113c37 |
C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp
| MD5 | eaad805f02c09854ca58096c8e40e28b |
| SHA1 | 26d25c3c4baa25daaa2bea4b1dcb69294633cd37 |
| SHA256 | bbf8e45b5f154232a6df53355896731acadddd1bdba0a6e54350bd19296bfee8 |
| SHA512 | f202ccd17895c06b18ba5f411ff6686d6d84f80734333e407d0d175e5b8e816910956a117210c8287179215efd2b2b5440290719a851982f4e863f8a32ebbead |
memory/1196-7-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2100-9-0x0000000000400000-0x00000000004DC000-memory.dmp
memory/1196-10-0x0000000000400000-0x00000000006FF000-memory.dmp
memory/1196-12-0x0000000000400000-0x00000000006FF000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-G0PP4.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
C:\Users\Admin\AppData\Local\Temp\is-D76DN.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp
| MD5 | 3d9fe4c7359d7bb512a86ecb17c42a37 |
| SHA1 | 79fb651f042d5b2c882c405cde1dc8383b8add60 |
| SHA256 | 069211bd28e0db91fdc24ba58008c5787b1a09d1cd6ebeaefbeb24ef4522c8fa |
| SHA512 | 9f6e26445cec5f6d6518bfdb0d1b6030d2a5f6317e8719716de8dfa8de5a2f63ce780bda1986ebb2ce4caf5ed418135ee2e0859b5fb11cc243113287b40f2682 |
memory/1196-19-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1196-71-0x0000000000400000-0x00000000006FF000-memory.dmp
\Program Files\Soundtoys\Utilities\License Support Win64.exe
| MD5 | 2f2cfc092856fefee21dda28976b9f5e |
| SHA1 | 0d2f294055f946a69387809700d294902b489e41 |
| SHA256 | 748b1280df5be1e67a57660fa9d7ec7c1793da5d761eb4a254e7775d21fe7f4a |
| SHA512 | a38c6bb714e6bc18fdda70739a45988d94829756fcf43ab48f906ea01b54310ddbabe42f424000fbbc6707dafc1ec99054a156b271d2d83c9a5104d218169767 |
C:\Program Files\Soundtoys\Utilities\License Support Win64.exe
| MD5 | 21737a4137b30f0710a8f1e36fc7b4cc |
| SHA1 | 5ca0fd2b6392b36e9218d90d5f7b30900f5cefff |
| SHA256 | 5d66946947a89d8e486f667d7fc9bbe6117771e576d4e7e3e77ce1eae367cfb4 |
| SHA512 | e40710e4799ce0cf6558f7691322f8bdf97511e44082a17a8ec7cce7a4e1167e0fdfa5bc720eba5f6bee1d425ec4aa4f77ea260674a2d58b99de7bd595f9261a |
C:\Program Files\Soundtoys\Utilities\License Support Win64.exe
| MD5 | 43a76d2223dc51b3afb5ab2c6d740665 |
| SHA1 | 5660d86fc7e9d132f432f20bb4cf4c26dee81a39 |
| SHA256 | 81574d5267d75e55633903f100903ec6d04252944a8f9135114253541b61d020 |
| SHA512 | 55894cf0a02602ad36b798293bd56ae234317b93dc15f092c5d418b64c7300c49866cf7fc2dd67c14f221c4410a515195ca0a12944fe60b00d290115165f60c2 |
C:\Users\Admin\AppData\Local\Temp\~C12.tmp
| MD5 | 6098f128cf6fe5ddbe128d5cb301c854 |
| SHA1 | be8df9ee61475ff6d5913c368e65a1609134fe5a |
| SHA256 | a59e8507bc4beb36b347b43340def8614028f1cf246f7406b63bee70ecea3e03 |
| SHA512 | ea0de1f365eae76db99798fe2a8a58614dc1cc35e1a96a4eed558adc011ff1ff8fab74713e687f54775770757b27049541597429b52780f3e5172510aea35430 |
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\0x0409.ini
| MD5 | be345d0260ae12c5f2f337b17e07c217 |
| SHA1 | 0976ba0982fe34f1c35a0974f6178e15c238ed7b |
| SHA256 | e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3 |
| SHA512 | 77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff |
memory/1196-142-0x0000000000400000-0x00000000006FF000-memory.dmp
\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe
| MD5 | 20ab3a4b7f27febe6ed047751092fcad |
| SHA1 | bf20c8695f9751654782b56ddde42768aa2d458e |
| SHA256 | 96e49374dc6f98e90fc087bced4dfffaf1f73052e76e77b1ba839a58936401f2 |
| SHA512 | fdc7f0a56f73fc82dacd7db91a0697667288b438eb5e312f3dde77d318f5f0d9aedf23947d73395f06fa62a7e9776231a067c8dcf65892f3518e8c74a470829f |
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe
| MD5 | bf82864e681af4c99d5df59b5b338448 |
| SHA1 | 6f5224671f9587509827ecc9581e963c39d9d159 |
| SHA256 | b109752bcaab38443c9fd74088f2a058a2f334156aaa72e668aa6b54274d810c |
| SHA512 | d3ffaac7a82afa295adf066acf71e7d5434dbe0e57f42ac95e9bb684c560886248094474634a3b6c9e602710998a10434b5f0ba252b0c80d234b0e603c4e094f |
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe
| MD5 | 92d8db8794b9880ca9309fe0b2315f9b |
| SHA1 | 7b1fea7e37bc8fe2e1ca052ae15f7e6245d9486b |
| SHA256 | 3d8dd82cbc50e6848b93804ec3ffc1c648f9875d6a57cdc68e20498c9d69eb82 |
| SHA512 | ba0b49bb0d6e2cfdeceb6f73a7608bc8d356cf9a1a7c3eb46109ffcc321049614ab587fb72408849730ff6b61755f0e7e59e2b0b8268019a8353ac8f8e3587d6 |
\Windows\Temp\{EECB4C6C-3D30-437F-B630-1032FBE11822}\.cr\VC_redist.x86.exe
| MD5 | 59cbe607e8e90ac76d88ace87d1f4239 |
| SHA1 | 5a69e6deb0ebbdbddb6f3c8c9a7a8864ac2069bf |
| SHA256 | 0e0c7e323e962838e93860e00672f8770a009c30b0d0e51de90cb63208d1b59c |
| SHA512 | 3c79e38e86f4683e36e2cc685c9214248e76e2f07808448a062ecef44dc88538a843a174754b04d67581021d493c8a4ce20826a124fc5208ac8fed9a09890df1 |
C:\Windows\Temp\{EECB4C6C-3D30-437F-B630-1032FBE11822}\.cr\VC_redist.x86.exe
| MD5 | 94a321bd8d595ce91a8026bd355c834b |
| SHA1 | e1e7004065d5a04a75791e87115fb751b71074cf |
| SHA256 | ced987548ae4c12aabe0ef841b13611d9c9c16263c70f4ba4e03e66798441cd4 |
| SHA512 | 1b63471ef9a28aa634b5b12d6c62bc508f031ba37567c2c68ed6905c2e22f546b3ae73f0d2e0c6a897ccba15eade6601415a24dc32abcf7abf467c15d701b9a8 |
C:\Windows\Temp\{EECB4C6C-3D30-437F-B630-1032FBE11822}\.cr\VC_redist.x86.exe
| MD5 | c9d95472a5627c6c455e74c8b8fef5be |
| SHA1 | 34cb7f8f8b8dede7be6fd99e2b4bddaa37e5db82 |
| SHA256 | 4b1bf90a0e4e3a628613c2fe42ddba589ee6303e37ccc70cf99ddc92dde03b0b |
| SHA512 | 989caff542f310972c15364925af542984ca73c1c1eec82fcbd1ea4bf9186487fd8349989afc95db4e761ebcbb8b14ce49482bc61d51b3259d134c571f4fab31 |
\Windows\Temp\{7EA0DD3E-338C-4254-B5C4-3E0F21B75ED4}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{7EA0DD3E-338C-4254-B5C4-3E0F21B75ED4}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe
| MD5 | be433764fa9bbe0f2f9c654f6512c9e0 |
| SHA1 | b87c38d093872d7be7e191f01107b39c87888a5a |
| SHA256 | 40ea2955391c9eae3e35619c4c24b5aaf3d17aeaa6d09424ee9672aa9372aeed |
| SHA512 | 8a050ebd392654ce5981af3d0bf99107bfa576529bce8325a7ccc46f92917515744026a2d0ea49afb72bbc4e4278638a0677c6596ad96b7019e47c250e438191 |
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe
| MD5 | 79560f30911d9355377bb76b2cfcad0c |
| SHA1 | 34ed0a158414d5bf993bdebdd695d9b5fef43680 |
| SHA256 | 8324780c44582ac4e2f16282a9e5cc45c8bf99c4cf19c37ccd4cd0e5e4486131 |
| SHA512 | 23de9d1db68ecefa05cc218a2958706e84e9bb77c419ad5dea13595e61b024a4231b8fb4114324e3ad1c3adec135114eca434c3029b4e35c276f61fe9707a92d |
\Windows\Temp\{810176E9-D886-415E-86AD-249D9B1D07AB}\.cr\VC_redist.x64.exe
| MD5 | 94970fc3a8ed7b9de44f4117419ce829 |
| SHA1 | aa1292f049c4173e2ab60b59b62f267fd884d21a |
| SHA256 | de1acbb1df68a39a5b966303ac1b609dde2688b28ebf3eba8d2adeeb3d90bf5e |
| SHA512 | b17bd215b83bfa46512b73c3d9f430806ca3bea13bebde971e8edd972614e54a7ba3d6fc3439078cdfdaa7eeb1f3f9054bf03ed5c45b622b691b968d4ec0566f |
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{15D7BF62-B111-49C3-9E82-1E5859612E57}\Bonjour64.msi
| MD5 | 8dcf5c9eaacdaf4568220d103f393dea |
| SHA1 | 27f68596398b68ba048f95752b4eeb4aa013c23f |
| SHA256 | 53be81cc6e2dc95a1041e8f3d8f500fad4259ab20a1aac151b5fc7a64d354a93 |
| SHA512 | 10f8ffb6fa5e7163f0a83190ddf211479f12e16635389b49ac041eceafd7f04c040d830065adc89b1003f38d8381851c09150a5bc8edced6ecae8ee5ae801088 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 753df6889fd7410a2e9fe333da83a429 |
| SHA1 | 3c425f16e8267186061dd48ac1c77c122962456e |
| SHA256 | b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78 |
| SHA512 | 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444 |
C:\Users\Admin\AppData\Local\Temp\Tar8C5F.tmp
| MD5 | dd73cead4b93366cf3465c8cd32e2796 |
| SHA1 | 74546226dfe9ceb8184651e920d1dbfb432b314e |
| SHA256 | a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22 |
| SHA512 | ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63 |
C:\Windows\Installer\MSI9029.tmp
| MD5 | 08c031fa82a09aae1079378669678fe6 |
| SHA1 | b109251d2fef08bd446be0c92369e6f11eb67093 |
| SHA256 | 8764d060558a9d4ef24adb43201d5178033171a649ad497f79ce3b6cc8eda98a |
| SHA512 | d133a7c02ee8e6e4a971ed4a6537c11cb58516a5ac0501672169805f7b97591d7cffd3a72133bd1df4b8d8a4f4965ddf324a83cd9be0d8af15e646a121e2ea4c |
C:\Windows\Installer\MSI931A.tmp
| MD5 | 6f8e3e4f72620bddc633f0175f47161e |
| SHA1 | 53ed75a208cc84f1a065e9e4ece356371cac0341 |
| SHA256 | 2adf199f6baf245f0b07d31a3a1401d4262c3e6c98b8f10df923ceb2c937291e |
| SHA512 | 80187277e78f59b7ea71ed3caa55452e730d93b8c296d5820d470776a428cbb7e7fead87240e811436f85e4d89df2b9f31d6d16658d21abf59395cab7074a869 |
C:\Program Files\Java\jre7\lib\ext\dns_sd.jar
| MD5 | ca086bb31b598febd7e8d44daf14714a |
| SHA1 | 4838808e80df811cfb2bf7faf361b3cbc16f9f81 |
| SHA256 | 3818abdee5b1d3d77ae4a5ace25a638b2d7d624605f8e8ce14dd6d4c6639c00c |
| SHA512 | 54188bf433a0da1b6b8f6f881af6d681a6bb629693191c7ee46f852953529cb94dfa894aca574e1cd7355985ea8d6187e7694c8144ea1db880922676f0dfe0c5 |
C:\Program Files\Bonjour\mdnsNSP.dll
| MD5 | f9d908de6b166dac9b89bf62fa291ce8 |
| SHA1 | 938b53238291fc41ae852fdde51eed7a2bff0604 |
| SHA256 | d0a918ad60221623bb0278ea94cd6938744617fdbb2054968afafc2940648f02 |
| SHA512 | 6643a7066974abfd5904df73ed225fd5eed4a84341b12199b6eb9a8a2ad234dba865d50f8ccff8a88002ce4c6ae2131745cf43aac88a3a0a66b596fb0d93e56e |
\Program Files (x86)\Bonjour\mdnsNSP.dll
| MD5 | 40947436a70e0034e41123df5a0a7702 |
| SHA1 | 6c27e1dd1c1533feb6435190a5074300ac2a9822 |
| SHA256 | 5d40fd92da5ca59c1badb58ad509db6a6d613f18660a9a270a53eca85d34c3a9 |
| SHA512 | ba5634cc82f306245f9f0350bfa0b91e2f5ffc6c355b1452a95483f47e6acdb42c4e063f6c15115faf0f0630005df4fe8ef0e01539c270031cbd07a34a929704 |
C:\Program Files\Bonjour\mDNSResponder.exe
| MD5 | ebbcd5dfbb1de70e8f4af8fa59e401fd |
| SHA1 | 5ca966b9a5ff4ecd0e139e21b3e30f3ea48e1a88 |
| SHA256 | 17bffc5df609ce3b2f0cab4bd6c118608c66a3ad86116a47e90b2bb7d8954122 |
| SHA512 | 2fbfcff6bc25461e7c98aabdae0efb33f2df64140aaf4b2b0c253e34294e1606077ae47b000ebababb3600bd4d9154a945036c58e4e930da445a0dda765ac8a4 |
C:\Config.Msi\f778940.rbs
| MD5 | fe406303970480e0919b35295e4dc4bc |
| SHA1 | 2f8548b219ecaeb8b7ec3a431e6b90a967094f3e |
| SHA256 | 8c1cc4cbb7d2fe5af1d35b69b50dc70548a88162fb25de1e4218ea808b5fbcf9 |
| SHA512 | 78435bac7a476e72641255b15660af7105f3094f5ac88641771ecd664ccf85003541a8478a990898661e9217ef3ef58b498b54d37bf074082450e3742c942347 |
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\{4EF18522-4489-4423-9A67-6903B272672E}\Windows6.1-KB2999226-x64.msu
| MD5 | ad7f5c851f6387e424ab206effb21354 |
| SHA1 | 54050a5f8ae7f0c56e553f0090146c17a1d2bf8d |
| SHA256 | 43234d2986ca9b0de75d5183977964d161a8395c3396279ddfc9b20698e5bc34 |
| SHA512 | 3ab0a5eb48c7e5aec55640171acec4e3449dd5e5e90345a39c214be16858d5e66892b01fb4a792405c9fcef9a6286c85e5411c79d38d49930d9edfa40e535093 |
C:\Users\Admin\AppData\Local\Temp\issB637.tmp
| MD5 | 806a54f833166c929f30031317bbd22e |
| SHA1 | 8e03076b34117d63d4da2287cc287d08e213e1cf |
| SHA256 | d3e5f517681335aca1507d398bd52608688a0968c19825a539cb4f6ea05b70f7 |
| SHA512 | d382dd47c199f56839286a4b8ceea00b8a70a63924ba113c0d95b2671890925905b6c31b036c91cd4be25193e9b792a2ff2275f886f7e50e1dc0a7a966a637a3 |
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\_ISMSIDEL.INI
| MD5 | 3fd12382488e4c7b2a9adb557941ed10 |
| SHA1 | 266f3e5710565a2768958fe8070af5d0f9ba016c |
| SHA256 | 91c610ed4d3116410f91a8f32cfe83a452b0fc80d074e57d9970aa88d45772ba |
| SHA512 | 17e6e031b894b1f45c00c9169ce03c50e42e1ea1f1a31bbb2e7ca43a964ef50e1f312fc1f981e3aa50cd8bf24bb4168e954116e56df9026f951d476f3f33eca9 |
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\_ISMSIDEL.INI
| MD5 | e890f037d6aea155c7a4202c42867552 |
| SHA1 | 4cb0bebac4d3c349d426b933f80f6cae120e4840 |
| SHA256 | a5116c09b3ce64eff1e5b382cd70417f9c3ef7dafa90c42145b26d964a1746d7 |
| SHA512 | 24a6663dce3819c8a429748ac084b459aa23d9bf09bb96bc75541c46a2dd10e04196e075065f0e9322c06e543621586812998ad832214486380bf232a81ec055 |
\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\ISSetup.dll
| MD5 | d0eb7dd08782f010ac10e7e066dfc3df |
| SHA1 | 0d2fda64f090e55cf7db9679c512b4f0bb1c403f |
| SHA256 | 01aec1cfb8bb777414702427a4046971437d115663132bd0ae29eaefb5855137 |
| SHA512 | b1ce26b651ae939e19c28645bd7e064ac15854dac69a404574c512567f7d7a1f0e946879d1fc84a7efd34b4c928440444b110d943712f59c81aebcac384674ca |
memory/1872-734-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/1872-735-0x00000000003C0000-0x00000000003C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{A2ACFE8E-EBF7-46E0-B18E-E50A4271D584}\IsConfig.ini
| MD5 | 5fc8d60855a5cec64e1abbbcc133c23b |
| SHA1 | ca723ea715fc0e217a9133611a56da5dca78b547 |
| SHA256 | b0e962259029cec81ec5f5783192f552699aac99a14ddea89f74330e50e9340e |
| SHA512 | 847f0397aff3b428c9fda79f82b83b0dbec1410d979c7f80b109f6088fb0d04d843e43b1cff5fb99df2cc5ade9da862aaf907c809dbe16910a46b7d8edc47562 |
C:\Users\Admin\AppData\Local\Temp\{9EEDE7D3-4702-47AC-B04F-2E551F73B462}\PACE License Support Win64.msi
| MD5 | 5b80b53045af4498c992e2ee97f3ebf5 |
| SHA1 | bd315c40939f506c268933235b732c1f6eeab150 |
| SHA256 | 0b0d4c5cb5335a57c2129f65c3302cea48d8122ad1eaf7d2607cda55321ae2f9 |
| SHA512 | c61a78c90d3574956a5350fa6ca15a848f459472cb65c77cb783de1a8dbbac1b63a55795b4cbd5703a21a40a2454b31e312dd10f65a5d7f17096928f38e2d6a9 |
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
| MD5 | 962b85d5bc8945d80b4839e47efe8fdd |
| SHA1 | 3291792ee90594baa9083ef544779d6b550d3fec |
| SHA256 | 1b220c5a2f74162d7162ba241ad6c594aaf009cc1329429dcf2112e10477e2b5 |
| SHA512 | 6a2c104a45cb9f11e9a6e2ba2674c03a8b1102ad2be25f1df3bde6af4933db475a6537b54a8d4086867a655f4067980b99dc4844230f7d2727af45dcf5a794ff |
C:\Users\Admin\AppData\Local\Temp\MSICC69.tmp
| MD5 | c23d4d5a87e08f8a822ad5a8dbd69592 |
| SHA1 | 317df555bc309dace46ae5c5589bec53ea8f137e |
| SHA256 | 6d149866246e79919bde5a0b45569ea41327c32ee250f37ad8216275a641bb27 |
| SHA512 | fa584655ae241004af44774a1f43508e53e95028ce96b39f8b5c62742f38acdf2b1df8871b468ac70c6043ca0e7ae8241bad2db6bc4f700d78471f12bb809e6b |
\Users\Admin\AppData\Local\Temp\MSICE00.tmp
| MD5 | edb88affffd67bca3523b41d3e2e4810 |
| SHA1 | 0055b93907665fed56d22a7614a581a87d060ead |
| SHA256 | 4c3d85e7c49928af0f43623dcbed474a157ef50af3cba40b7fd7ac3fe3df2f15 |
| SHA512 | 2b9d99c57bfa9ab00d8582d55b18c5bf155a4ac83cf4c92247be23c35be818b082b3d6fe38fa905d304d2d8b957f3db73428da88e46acc3a7e3fee99d05e4daf |
C:\Users\Admin\AppData\Local\Temp\MSIE068.tmp
| MD5 | 41e098a7c75c0f2fcdcc4c1b605f8cf5 |
| SHA1 | b794e06eaba21f0c765841695424d88421f1255b |
| SHA256 | 8069bfd2667f5a62519ee604c1062574a0db69c4cfd1b55a0f3895ce7670ee9c |
| SHA512 | 777ed995ccc93d768955310841d98ccae155d0a5a2cfa314fb7cfed54c82f65e865ca697210c35d0824076ae9b2459ac85d8ba7dfcc4ae4e6d2af4feb1574c6a |
memory/1872-774-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/784-775-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/784-776-0x0000000000210000-0x0000000000212000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\setup.inx
| MD5 | d8146c43b587f98bf1ea586c2b7a71ba |
| SHA1 | 5fb052b1fff7762bcbe1a923ccf5520b6f268834 |
| SHA256 | c7d4daf78b820c2a31dff646d4f199c1a05faf149178b6cccc776609aa3f06da |
| SHA512 | 028c3d77ca56d40627b9cc900492a5ea2eee31a1f69c14349c6c5c7791f3aab45a27e12556c1486f0d1cd3f028d35f35e7e8886c7892efed7d4660d0814e998f |
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISRT.dll
| MD5 | 5ecda0a54c4d9babcdb177d54f2e733d |
| SHA1 | e98aa5abf7cc44b50fe6ca7c6b110bb04541fe5b |
| SHA256 | e0926d6cbb4b4bbe673eec59325646ae8f2702e87584bf31dee28c385f45a32c |
| SHA512 | 45cb28462f6114765fcf831e2ae4ffc5fee1f59746e9e749106b7cf00b7967a788e5591da2a4e0a6e3ae52d60395d1d66be6112026709c33261c4ca839211616 |
memory/784-796-0x0000000002C00000-0x0000000002CA7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\_isres_0x0409.dll
| MD5 | 2dd07d5455d3e762e6efb976d4898174 |
| SHA1 | 2677189384275f0d95eee10d85f1fac78dc557fe |
| SHA256 | 7aefc03e9adf64345164971aad3dcd1264f389c3ade513ae420d64ef1f2c1087 |
| SHA512 | 8d38171c01c919b072fc7bb7938747d4172825481eb715f576a7a8b7623d2df776d6d9307f496b3f17c244cfe5898ad7557ef432f74ef8682219170596efdda2 |
memory/784-797-0x0000000000470000-0x0000000000472000-memory.dmp
memory/1872-842-0x000000000B960000-0x000000000BA07000-memory.dmp
memory/1872-1326-0x000000000A8B0000-0x000000000A8B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\skineb87.rra
| MD5 | be8e1e66c14d73fd42b004eaea7c2e5f |
| SHA1 | 3f5091e47282f0f8e80027c1b7bcb91f10bf28b2 |
| SHA256 | 6afb00abaaa7be31895d47a59efaab360e592f08daf1d45919fe21e90aa6132a |
| SHA512 | 833f7a0ea9efbfe3d2e0ec7ee1ea13a29b32fbf096cfae57e59af4f7ee4ab3adde19c851a8413eb079e74d25dcf01390ed0dfebeb3f5ab7ac234aa9a46a29daf |
memory/1872-5527-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/1872-5528-0x000000000B960000-0x000000000BA07000-memory.dmp
memory/1872-5546-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/1872-5547-0x000000000B960000-0x000000000BA07000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-04 14:10
Reported
2024-03-04 14:14
Platform
win10v2004-20240226-en
Max time kernel
127s
Max time network
154s
Command Line
Signatures
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | C:\Program Files\Bonjour\mDNSResponder.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Program Files\Soundtoys\Utilities\License Support Win64.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ ISSetupPrerequisistes = "\"C:\\Program Files\\Soundtoys\\Utilities\\License Support Win64.exe\"" | C:\Program Files\Soundtoys\Utilities\License Support Win64.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETBA07.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ilokdrvr64.inf_amd64_4127472559851c12\iLokDrvr.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ilokdrvr64.inf_amd64_4127472559851c12\iLokDrvr64.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\dnssd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\iLokDrvr64.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\dns-sd.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\jdns_sd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\WdfCoInstaller01007.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\jdns_sd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\iLokDrvr.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETBA07.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ilokdrvr64.inf_amd64_4127472559851c12\WdfCoInstaller01007.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\dns-sd.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\dnssdX.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\dnssd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\dnssdX.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\ilok-x64.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ilokdrvr64.inf_amd64_4127472559851c12\ilok-x64.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\libpaceedenexperience.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\fr.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\WrapPersist.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\iLok License Manager\ssleay32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Soundtoys\uninst\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\fi.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\Plugins\Platforms\qwindows.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\Authenticode\iLokDrvr.sys | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Soundtoys\Utilities\License Support Win64.exe | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Soundtoys\Manuals\is-AF14U.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\en_GB.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Bonjour\About Bonjour.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\Authenticode\iLokDrvr64.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\SHA1\iLokDrvr64.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\iLok License Manager\iloktool.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Soundtoys\LittleAlterBoy.aaxplugin\Contents\x64\is-IRVLL.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\en.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\Plugins\ImageFormats\qsvg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\SHA1\iLokDrvr.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Bonjour\dns_sd.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\Qt5Widgets.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\iLok License Manager\LicenseSupportDiagnostic.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\iLok License Manager\Qt5Gui.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\iLok License Manager\WinSparkle.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soundtoys\is-HU92Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\zh_TW.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soundtoys\is-09A9F.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Soundtoys\Utilities\is-SIRCR.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\it.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\ja.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\ko.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\nb.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soundtoys\uninst\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Soundtoys\LittleAlterBoy.aaxplugin\is-NACDI.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\mDNSResponder.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\iLok License Manager\Plugins\ImageFormats\qsvg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\nl.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\zh_CN.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\da.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\ext\dns_sd.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\Qt5Network.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\Authenticode\WdfCoInstaller01007.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\Authenticode\ilok-x64.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\EV\iLokDrvr.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Soundtoys\LittleAlterBoy.aaxplugin\is-0EA21.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files\Soundtoys\uninst\is-G6B6B.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\iLok License Manager\libeay32MD.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\dns_sd.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\Plugins\ImageFormats\qico.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\de.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Bonjour\Bonjour.Resources\pl.lproj\About Bonjour.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Bonjour\mDNSResponder.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\Qt5Gui.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\Plugins\ImageFormats\qjpeg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\Proxy\Plugins\ImageFormats\qtiff.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\iLok License Manager\qt.conf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Soundtoys\LittleAlterBoy.aaxplugin\is-CHQ9J.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Bonjour\mdnsNSP.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\EV\iLokDrvr64.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\iLok License Manager\Plugins\ImageFormats\qgif.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Vstplugins\Soundtoys\LittleAlterBoy.dll | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\EV\WdfCoInstaller01007.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soundtoys\Utilities\is-JJO13.tmp | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305503.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305642.0\mfcm80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305564.0\8.0.50727.762.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140fra.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e580a8f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\wusa.lock | C:\Windows\SysWOW64\wusa.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305705.0\8.0.50727.762.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240304141305642.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305580.0\mfc80u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfcm100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140jpn.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140rus.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfcm140.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB4D1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA494.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfc100esn_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\vcruntime140.dll.363ED482_721F_3A34_85B3_A96CD936D64F | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140deu.dll.363ED482_721F_3A34_85B3_A96CD936D64F | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\vccorlib140.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305439.1\8.0.50727.762.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfc100ita_x64.BFF61907_AA2D_3A26_8666_98D956A62ABC | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140cht.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140ita.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240304141305877.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9997.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305580.0\mfc80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305720.1\mfc80JPN.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\vcruntime140.dll.363ED482_721F_3A34_85B3_A96CD936D64F | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305799.0\mfc80CHT.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfc100chs_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfc100esn_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfc100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfcm100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\LOGS\DPX\setuperr.log | C:\Windows\SysWOW64\wusa.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305424.0\ATL80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_msvcp100_x64.BFF61907_AA2D_3A26_8666_98D956A62ABC | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfc100esn_x64.BFF61907_AA2D_3A26_8666_98D956A62ABC | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305720.1\mfc80KOR.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305877.0\8.0.50727.762.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfc100enu_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\vcomp140.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140rus.dll.363ED482_721F_3A34_85B3_A96CD936D64F | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID79.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF04.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140fra.dll.363ED482_721F_3A34_85B3_A96CD936D64F | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240304141305720.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDF7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305877.0\8.0.50727.762.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_mfc100deu_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\F_CENTRAL_vcomp100_x64.BFF61907_AA2D_3A26_8666_98D956A62ABC | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305503.0\msvcm80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305720.0\8.0.50727.762.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240304141305720.1\mfc80ITA.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\pnputil.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\msvcp140.dll.363ED482_721F_3A34_85B3_A96CD936D64F | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\vcruntime140.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\concrt140.dll.EC55875F_6DF4_3DBD_A117_4A27D8F55B9B | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\D6E0FC12667136f48A3356A4B112AB68\5.7.1\mfc140cht.dll.363ED482_721F_3A34_85B3_A96CD936D64F | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\System32\pnputil.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\System32\pnputil.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000009b9629f4dfdec3790000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800009b9629f40000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809009b9629f4000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d9b9629f4000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009b9629f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\System32\pnputil.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-18_Classes\Local Settings | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0\FLAGS | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\VersionIndependentProgID\ = "Bonjour.DNSSDRecord" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{29DE265F-8402-474F-833A-D4653B23458F} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.OpenMP,type="win32-policy",version="8.0.50727.762",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 3f0060005d0072002d00580035006a00530041005f006e00490076003f00500055005a004100530052006500640069007300740072006900620075007400610062006c00650073003e007e0078002d00360076007a0045007a007e003200650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Bonjour.DNSSDService\CLSID\ = "{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.ATL,type="win32-policy",version="8.0.50727.762",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 3f0060005d0072002d00580035006a00530041005f006e00490076003f00500055005a004100530052006500640069007300740072006900620075007400610062006c00650073003e0036006b007d00700048004c004800240053004400650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2B0163E6D0340BE4183EB2758E9BEDD8 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\ = "DNSSDRecord Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D6E0FC12667136f48A3356A4B112AB68\iLokLicenseManagerShortcut | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\ProgID\ = "Bonjour.DNSSDRecord.1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\NumMethods\ = "14" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D6E0FC12667136f48A3356A4B112AB68\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\ProgID\ = "Bonjour.DNSSDService.1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDEventManager.1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\ = "IDNSSDEventManager" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.OpenMP,type="win32",version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 3f0060005d0072002d00580035006a00530041005f006e00490076003f00500055005a004100530052006500640069007300740072006900620075007400610062006c00650073003e0032005f0072002700710025004a006a004a0034007600780044002800660049004c0067005a00780000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D6E0FC12667136f48A3356A4B112AB68\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D6E0FC12667136f48A3356A4B112AB68\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8\SourceList\PackageName = "Bonjour64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.MFCLOC,type="win32-policy",version="8.0.50727.762",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 3f0060005d0072002d00580035006a00530041005f006e00490076003f00500055005a004100530052006500640069007300740072006900620075007400610062006c00650073003e00500054005d002700660025002b0027004b002800650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\NumMethods\ = "7" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\ = "IDNSSDService" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\TypeLib\Version = "1.0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D6E0FC12667136f48A3356A4B112AB68 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\VersionIndependentProgID\ = "Bonjour.DNSSDService" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D6E0FC12667136f48A3356A4B112AB68\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\ = "TXTRecord Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFC,type="win32-policy",version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 3f0060005d0072002d00580035006a00530041005f006e00490076003f00500055005a004100530052006500640069007300740072006900620075007400610062006c00650073003e005e002a00320070005a00740060003f0050003500620061005700370038003400280076006c006b0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Bonjour.TXTRecord.1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0\0\win32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0\FLAGS\ = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\ProxyStubClsid32\ = "{7FD72324-63E1-45AD-B337-4D525BD98DAD}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{21AE8D7F-D5FE-45CF-B632-CFA2C2C6B498}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\ = "DNSSDService Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110}\TypeLib\Version = "1.0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.OpenMP,type="win32-policy",version="8.0.50727.762",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 3f0060005d0072002d00580035006a00530041005f006e00490076003f00500055005a004100530052006500640069007300740072006900620075007400610062006c00650073003e00370030002d0054002400210028002a0026004e00650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE} | C:\Windows\system32\msiexec.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp | N/A |
| N/A | N/A | C:\Program Files\Soundtoys\Utilities\License Support Win64.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\LittleAlterBoy5_5.4.1.17134_64.exe
"C:\Users\Admin\AppData\Local\Temp\LittleAlterBoy5_5.4.1.17134_64.exe"
C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp
"C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp" /SL5="$4014C,226646490,848384,C:\Users\Admin\AppData\Local\Temp\LittleAlterBoy5_5.4.1.17134_64.exe"
C:\Users\Admin\AppData\Local\Temp\is-3Q8HI.tmp\_isetup\_setup64.tmp
helper 105 0x4A4
C:\Program Files\Soundtoys\Utilities\License Support Win64.exe
"C:\Program Files\Soundtoys\Utilities\License Support Win64.exe"
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe
"C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe" /quiet /norestart
C:\Windows\Temp\{6D9F4CAE-CD8F-4B89-AD68-CAC6F670E647}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{6D9F4CAE-CD8F-4B89-AD68-CAC6F670E647}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe" -burn.filehandle.attached=656 -burn.filehandle.self=684 /quiet /norestart
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe" /quiet /norestart
C:\Windows\Temp\{0B6FE875-46BB-478C-B771-F004B007A3FD}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{0B6FE875-46BB-478C-B771-F004B007A3FD}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe" -burn.filehandle.attached=552 -burn.filehandle.self=516 /quiet /norestart
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{15D7BF62-B111-49C3-9E82-1E5859612E57}\Bonjour64.msi" /quiet /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding FE6DFDA8C9965D9C94A386B9FE4F25D6
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E94C03BAB03C172780FCC5DB496F525E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 94D514893A827BD844D860106583078E E Global\MSI0000
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"
C:\Program Files\Bonjour\mDNSResponder.exe
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\SysWOW64\wusa.exe
"C:\Windows\system32\wusa.exe" "C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{4EF18522-4489-4423-9A67-6903B272672E}\Windows8.1-KB2999226-x64.msu" /quiet /norestart
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A6FD7FADAADF5C182796FAB979FABB91 C
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{67041ADA-05AC-4173-846A-639449C3442D}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{13623D78-6BCB-4D5B-832F-B71AF69C32C8}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E7FD01E6-D7CB-491E-B5D5-8BF1802601E5}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8DC4814D-3F9B-4C10-9444-4725C610BD3D}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BE30E6E0-DE5C-495F-8F3C-9DDBF0821F15}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CE265B-2A53-48C7-BD79-5E8C5A3CDD63}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{54A6F5E5-4905-47C3-A058-32328F089188}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1C5259E0-CCA1-4192-8D2A-A570D18D6EA8}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AACB97CA-6B4A-45C4-89BB-3645CB1B580E}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F8904BC8-F5CA-4BE2-AF1F-31962160E663}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D0029FAB-180C-4167-AECC-2E12C8C10623}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F5272278-59D6-4F34-AE36-6605BD6534A5}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{51DB5997-FFEA-46B0-995E-8E5A55D3FBA6}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4D471D45-9CFF-4B6A-8C93-53ECEF0B0AB4}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F244C47E-28AC-4878-8616-159B0066530B}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10647409-929D-4363-AAD7-B7142A061C19}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DBB4AE5D-09C2-42C1-90E7-3B8ED3603413}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{30FFE9B2-D36A-4781-9F52-DAEC4037587A}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3B34182A-FE3E-41E7-873D-441CE5A53AB4}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10EEA2D3-0866-49EC-89D0-7E7EAA97C4C4}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7F259611-A1F7-42A9-9EBB-15BAFB4B0894}
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AF244929-D762-45C6-AD2D-898ABC000751}
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 428C36B5FED206A70A0F03312DEB27DD
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2D2FDCB5-580E-4ABB-B122-0F4C29C129A8}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8C05ACBB-08CF-4485-913F-5AA536BB5773}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7A362E7F-D714-4399-82A8-92AED14A4E40}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FA0790A0-18A7-42C1-B98B-2756B0058284}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{786D61D9-CBC5-404F-9535-3951E59E7E61}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{13777CB9-BF67-4083-9D83-29A0F7C01B3B}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1CBD1DFA-66F6-49D4-AD03-48BD6C8127FE}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD3A2866-EF02-48EA-B90B-4E910096826B}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{152C9D56-190B-4783-99AD-9E81FB46C1BB}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{391E12A1-E140-46E5-9952-4A3FFC7CB173}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{60908E5E-7E0D-4CCF-9F07-076B54207C33}
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 11C342A4354C8D60036F5C0D44FBDD12 E Global\MSI0000
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F420C333-CAF9-4E93-AD34-6BCDAFF42696}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5D72C2E7-CA97-4B0C-A80F-3A053591A92C}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{259AB277-388E-4A09-9A25-DC5CADF8D498}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FE3B7F10-E41B-42E3-8579-DC12980E8008}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DFC6A228-5A93-44A3-B80A-BAD0741E88C1}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E61E9C7A-CBFB-44DB-873A-C0437ACB04BD}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EF4C7426-C96D-4FCF-9BAF-1A1F07B60307}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0698C78-2199-4F90-A133-DBA080E7930D}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8C992071-8DBF-4554-91DE-7475269FA490}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C2BFCC8D-A4FB-4463-8269-CC9013295258}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F44C6C6D-2AF5-445F-B580-91624181E418}
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
"C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E7BEDCAC-A3D0-4849-B923-8FC25BD126CE}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{85EBCE29-4CCA-420D-B41A-3400E519D5CD}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B491657-EB64-47B8-8F54-0394136DAAF8}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{25FCE35D-C56D-4606-8BEA-BCEA02B3845A}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{978CA39C-B6BE-49FB-8328-FEA0358344FD}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{59F5D3EB-E423-49C0-A43F-D60EC50CB918}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DB3AE918-7BB2-44B5-ACA6-8F003DBFABC0}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{079E20E7-E25C-458A-9390-6AB230C3821A}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FFF3B989-1925-4C59-9685-1F7D115EF21F}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{40BCB509-6672-4AE9-920F-0394FE6B7DE1}
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4F227066-2785-4E7F-A39D-D3BB86170B01}
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\Scripts\iLokPnputil.bat" --install EV
C:\Windows\system32\net.exe
C:\Windows\system32\net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\System32\pnputil.exe
C:\Windows\System32\pnputil.exe -i -a "C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\EV\iLokDrvr64.inf"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{95143881-6bb2-c344-81cc-14a6891a0920}\iLokDrvr64.inf" "9" "4e4857d87" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\EV"
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FA33C96B-821F-4036-99C9-9CAA9038D0F6}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{77D78092-B61B-4F60-9DC3-2D7733AFE910}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76848E45-5EB2-449F-A895-BA5E65E9D090}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7A625AED-A9AE-4FD1-BA65-69167CC1740F}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B52D254-89CB-4FC3-BADD-2FB3D438B888}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{83AC44DE-3309-4E37-AAFF-3DDFFBB14107}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3E706F33-63C8-49A2-91A9-30582D48AA96}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5DC54E6B-6395-47EE-BA61-A0F7263CBFEC}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E3D12385-C9DA-428A-963E-10827E3A2B5C}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A09DA4EB-37D1-436C-BBA2-E72CD8AD2791}
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F72E38CB-CF4D-457E-A7D0-B6A57371D201}
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csc3-2010-crl.verisign.com | udp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
Files
memory/828-0-0x0000000000400000-0x00000000004DC000-memory.dmp
memory/828-2-0x0000000000400000-0x00000000004DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp
| MD5 | 3d9fe4c7359d7bb512a86ecb17c42a37 |
| SHA1 | 79fb651f042d5b2c882c405cde1dc8383b8add60 |
| SHA256 | 069211bd28e0db91fdc24ba58008c5787b1a09d1cd6ebeaefbeb24ef4522c8fa |
| SHA512 | 9f6e26445cec5f6d6518bfdb0d1b6030d2a5f6317e8719716de8dfa8de5a2f63ce780bda1986ebb2ce4caf5ed418135ee2e0859b5fb11cc243113287b40f2682 |
memory/2336-6-0x00000000009C0000-0x00000000009C1000-memory.dmp
memory/828-8-0x0000000000400000-0x00000000004DC000-memory.dmp
memory/2336-9-0x0000000000400000-0x00000000006FF000-memory.dmp
memory/2336-11-0x0000000000400000-0x00000000006FF000-memory.dmp
memory/2336-12-0x00000000009C0000-0x00000000009C1000-memory.dmp
memory/2336-14-0x0000000000400000-0x00000000006FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-3Q8HI.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
memory/2336-71-0x0000000000400000-0x00000000006FF000-memory.dmp
C:\Program Files\Soundtoys\Utilities\License Support Win64.exe
| MD5 | 58e116772187550f7090e6753d1c1532 |
| SHA1 | c2c0f0258d54f03ce1d96e86cc6a745655a4da4a |
| SHA256 | d053c115877caf04f6bd604e06d1a14f94323722e24abfe732f378399da26acc |
| SHA512 | f24550e29b923093562c070b2ff4b14420c64e3f956fe7f1b089cd0893db8d22b83c63fe6d5233c3af38000481a8396bd98d4b8f7a2896a115cc06032c2a90fc |
C:\Program Files\Soundtoys\Utilities\License Support Win64.exe
| MD5 | 4a4b910f8dd56ca229aed91ea540e0b9 |
| SHA1 | 9fdbb594aa7fcbdf77769b09af23a964d0725084 |
| SHA256 | aaf9072bf80c4ba03c9bc9db191e9927f9b9b47ce33c2d25fa9768ec2f70c4d5 |
| SHA512 | 8972817f3399be3ff79c23b6d7f6406d4c2de61a3fe9665ee9dbc56d0fc2a474015b425f489d28890206ec5ba6241f30a1a1b3e5024498c0a0bcdbb071079bfc |
C:\Users\Admin\AppData\Local\Temp\~F973.tmp
| MD5 | 6098f128cf6fe5ddbe128d5cb301c854 |
| SHA1 | be8df9ee61475ff6d5913c368e65a1609134fe5a |
| SHA256 | a59e8507bc4beb36b347b43340def8614028f1cf246f7406b63bee70ecea3e03 |
| SHA512 | ea0de1f365eae76db99798fe2a8a58614dc1cc35e1a96a4eed558adc011ff1ff8fab74713e687f54775770757b27049541597429b52780f3e5172510aea35430 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\0x0409.ini
| MD5 | be345d0260ae12c5f2f337b17e07c217 |
| SHA1 | 0976ba0982fe34f1c35a0974f6178e15c238ed7b |
| SHA256 | e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3 |
| SHA512 | 77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe
| MD5 | 38319018aa84855b18cffd4e75153334 |
| SHA1 | a712c1bda8cdc965271c6bed5d0e91e5e101039d |
| SHA256 | 885160691f5b2fa0a744dfacfb73826ef17066e2b392c44735d40297e27a11d1 |
| SHA512 | c59cc82433cd41c2cda52940007383642e57fa0388ba1a4eb28dc4665a3fcb7d9e3e299a8ca5df0dad1ba54c293c453a91b3ae6466494b41193d17454a39e23e |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe
| MD5 | 90beae9e0c97762b3c73171ca9c03405 |
| SHA1 | adb82f77c66073f8e9d70011599b01a527b0e589 |
| SHA256 | 5751bd031a2b66594b479c52a09e002732446009249990bc6dc93a5d67e24016 |
| SHA512 | 5deba79367884c1c4e95d420b5a5a14269107910db7a133cc90efa957d6cdbd932efca3a2b0ca9d7cf600a7132e89e6d00da60334f7ed9f8ef3c01298fdd42a1 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe
| MD5 | da2d4f901a4b553e427ce2a724de0988 |
| SHA1 | bd03a67bd84bc0f0527562f2cd8db4f6d27b8cf7 |
| SHA256 | 48d7aae7c9976252d427a6a0e0b77a2e35737c9d07dc98ec02163e9500704c4f |
| SHA512 | c7b69065bd25027f7fca0226cd5cdf070df60e82f960eb30235e7e5375a4152b36f9dfa0f7ec15a597720cfc7600a6609d6f764cd31431fad7a3007d30358e8b |
C:\Windows\Temp\{6D9F4CAE-CD8F-4B89-AD68-CAC6F670E647}\.cr\VC_redist.x86.exe
| MD5 | c9d95472a5627c6c455e74c8b8fef5be |
| SHA1 | 34cb7f8f8b8dede7be6fd99e2b4bddaa37e5db82 |
| SHA256 | 4b1bf90a0e4e3a628613c2fe42ddba589ee6303e37ccc70cf99ddc92dde03b0b |
| SHA512 | 989caff542f310972c15364925af542984ca73c1c1eec82fcbd1ea4bf9186487fd8349989afc95db4e761ebcbb8b14ce49482bc61d51b3259d134c571f4fab31 |
C:\Windows\Temp\{6B65C794-5734-443D-A0C3-6AA0AA94CCA1}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{6B65C794-5734-443D-A0C3-6AA0AA94CCA1}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe
| MD5 | ce7de2ab528950957701c38dec29ff28 |
| SHA1 | 360809e59e98a2065f5c338d3e1dcc7a11e70e26 |
| SHA256 | 5a03723d5ada9f94fa67184364704fc3e8b85b9b35477276879b74828815d97b |
| SHA512 | 66ba6197099a3ea529916c688e364dfb147762058083a78ef8bb42177e12c586ab0c343a665277a0e933bda0b25318cdf5294bb4c5495d077f74de3294c21f5c |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe
| MD5 | e21c092c03d04b7af5771cc664b48007 |
| SHA1 | 5a7f38c97b77fe906a7cf464b2bf4c1743b66b6d |
| SHA256 | 71e03df965f45f2c594bd0b4754556924a813489f4201864bd1d4388353215fa |
| SHA512 | 6552fb9cd109247cbf5866ce928c604dfb58b29fddbb00b0f7fc5325b9b65a19dd5f6371effd775eb7c5e7c0a98abe2aa1383ca8c8e05f9853dc833e87969273 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe
| MD5 | 201329dbd79492234c05453cc06cd00a |
| SHA1 | 6037a2f859da61b9fea2c09d07276afaee3df19c |
| SHA256 | 258e66655e58e103be1642c479e77b70feee7e739aa513bcd810242a2a7769ee |
| SHA512 | a0dfe5137a838cde23c30328a2c611b2fc2c8858482fa8ebf625ddbcee4904b09ce1ba2876d8d612f9b5c81778f6e4a270fede5e7f0bb062e54b055bb619ed40 |
C:\Windows\Temp\{0B6FE875-46BB-478C-B771-F004B007A3FD}\.cr\VC_redist.x64.exe
| MD5 | c75656c2253f1058f83cd3c3c743eece |
| SHA1 | 6665da5a6c0c678afe19e87f0e1d8ef931e91052 |
| SHA256 | 5f5f89a2534771b70419bbe414e9d04409786f6f98dc9eda85e081adf995cd83 |
| SHA512 | cb18b81c91ae1f3ba91c200d3ba95c9ec6cf2e731a87426392b9516883b90e4e2ead26526fba09944a7a75f11a196671d1dadafcc255bab7d9ddd9dbd17aaf42 |
C:\Windows\Temp\{0B6FE875-46BB-478C-B771-F004B007A3FD}\.cr\VC_redist.x64.exe
| MD5 | 94970fc3a8ed7b9de44f4117419ce829 |
| SHA1 | aa1292f049c4173e2ab60b59b62f267fd884d21a |
| SHA256 | de1acbb1df68a39a5b966303ac1b609dde2688b28ebf3eba8d2adeeb3d90bf5e |
| SHA512 | b17bd215b83bfa46512b73c3d9f430806ca3bea13bebde971e8edd972614e54a7ba3d6fc3439078cdfdaa7eeb1f3f9054bf03ed5c45b622b691b968d4ec0566f |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{15D7BF62-B111-49C3-9E82-1E5859612E57}\Bonjour64.msi
| MD5 | 8dcf5c9eaacdaf4568220d103f393dea |
| SHA1 | 27f68596398b68ba048f95752b4eeb4aa013c23f |
| SHA256 | 53be81cc6e2dc95a1041e8f3d8f500fad4259ab20a1aac151b5fc7a64d354a93 |
| SHA512 | 10f8ffb6fa5e7163f0a83190ddf211479f12e16635389b49ac041eceafd7f04c040d830065adc89b1003f38d8381851c09150a5bc8edced6ecae8ee5ae801088 |
C:\Windows\Installer\MSID3A.tmp
| MD5 | 08c031fa82a09aae1079378669678fe6 |
| SHA1 | b109251d2fef08bd446be0c92369e6f11eb67093 |
| SHA256 | 8764d060558a9d4ef24adb43201d5178033171a649ad497f79ce3b6cc8eda98a |
| SHA512 | d133a7c02ee8e6e4a971ed4a6537c11cb58516a5ac0501672169805f7b97591d7cffd3a72133bd1df4b8d8a4f4965ddf324a83cd9be0d8af15e646a121e2ea4c |
C:\Windows\Installer\MSIE57.tmp
| MD5 | 6f8e3e4f72620bddc633f0175f47161e |
| SHA1 | 53ed75a208cc84f1a065e9e4ece356371cac0341 |
| SHA256 | 2adf199f6baf245f0b07d31a3a1401d4262c3e6c98b8f10df923ceb2c937291e |
| SHA512 | 80187277e78f59b7ea71ed3caa55452e730d93b8c296d5820d470776a428cbb7e7fead87240e811436f85e4d89df2b9f31d6d16658d21abf59395cab7074a869 |
C:\Program Files\Bonjour\mDNSResponder.exe
| MD5 | ebbcd5dfbb1de70e8f4af8fa59e401fd |
| SHA1 | 5ca966b9a5ff4ecd0e139e21b3e30f3ea48e1a88 |
| SHA256 | 17bffc5df609ce3b2f0cab4bd6c118608c66a3ad86116a47e90b2bb7d8954122 |
| SHA512 | 2fbfcff6bc25461e7c98aabdae0efb33f2df64140aaf4b2b0c253e34294e1606077ae47b000ebababb3600bd4d9154a945036c58e4e930da445a0dda765ac8a4 |
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
| MD5 | db5bea73edaf19ac68b2c0fad0f92b1a |
| SHA1 | 74bb0197763e386036751bf30c5bbf4c389fa24e |
| SHA256 | 10f21999ff6b1d410ebf280f7f27deaca5289739cf12f4293b614b8fc6c88dcc |
| SHA512 | 63b718288c266debf3f58ac1a62cdcca6f09350616d53a406271d8f4fe6144751eddf7b7ba2dbfe79cfda671ee5afbdbae5798204edaaf4f0391895b824ae7c5 |
C:\Program Files\Java\jre-1.8\lib\ext\dns_sd.jar
| MD5 | ca086bb31b598febd7e8d44daf14714a |
| SHA1 | 4838808e80df811cfb2bf7faf361b3cbc16f9f81 |
| SHA256 | 3818abdee5b1d3d77ae4a5ace25a638b2d7d624605f8e8ce14dd6d4c6639c00c |
| SHA512 | 54188bf433a0da1b6b8f6f881af6d681a6bb629693191c7ee46f852953529cb94dfa894aca574e1cd7355985ea8d6187e7694c8144ea1db880922676f0dfe0c5 |
C:\Program Files\Bonjour\mdnsNSP.dll
| MD5 | f9d908de6b166dac9b89bf62fa291ce8 |
| SHA1 | 938b53238291fc41ae852fdde51eed7a2bff0604 |
| SHA256 | d0a918ad60221623bb0278ea94cd6938744617fdbb2054968afafc2940648f02 |
| SHA512 | 6643a7066974abfd5904df73ed225fd5eed4a84341b12199b6eb9a8a2ad234dba865d50f8ccff8a88002ce4c6ae2131745cf43aac88a3a0a66b596fb0d93e56e |
C:\Program Files (x86)\Bonjour\mdnsNSP.dll
| MD5 | 40947436a70e0034e41123df5a0a7702 |
| SHA1 | 6c27e1dd1c1533feb6435190a5074300ac2a9822 |
| SHA256 | 5d40fd92da5ca59c1badb58ad509db6a6d613f18660a9a270a53eca85d34c3a9 |
| SHA512 | ba5634cc82f306245f9f0350bfa0b91e2f5ffc6c355b1452a95483f47e6acdb42c4e063f6c15115faf0f0630005df4fe8ef0e01539c270031cbd07a34a929704 |
memory/2336-449-0x0000000000400000-0x00000000006FF000-memory.dmp
C:\Config.Msi\e580a8d.rbs
| MD5 | 255e6ec8c0aaa1d9e82ca824b43a4cdd |
| SHA1 | c7ce076208ccd3f843de338515592e6c1b528161 |
| SHA256 | 063f2deb1b9621a5b9d117422bde2c0a79bebfa8a02b1453b1b1abd4bb750124 |
| SHA512 | 5a8869428a89f9c442f0a4e449dea94f7850bc46057ab078c932c2db337278faf17cf8fc0263945f785a87c72ced06f8041abd52563859aabaa6b71384287095 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{4EF18522-4489-4423-9A67-6903B272672E}\Windows8.1-KB2999226-x64.msu
| MD5 | d0728878f9c6799046b43aeece4f3aca |
| SHA1 | 3acbf3890fc9c8a6f3d2155ecf106028e5f55164 |
| SHA256 | 9f707096c7d279ed4bc2a40ba695efac69c20406e0ca97e2b3e08443c6381d15 |
| SHA512 | e5cecaca86779a281bf5c396d7fa3a5f322bc6423e2250d617a6fab229e86d2c9d3b784c1fa3fa2be5513fcd3ba87695b3934d13802ee15cabae62f84c2c3668 |
C:\Users\Admin\AppData\Local\Temp\iss2901.tmp
| MD5 | 806a54f833166c929f30031317bbd22e |
| SHA1 | 8e03076b34117d63d4da2287cc287d08e213e1cf |
| SHA256 | d3e5f517681335aca1507d398bd52608688a0968c19825a539cb4f6ea05b70f7 |
| SHA512 | d382dd47c199f56839286a4b8ceea00b8a70a63924ba113c0d95b2671890925905b6c31b036c91cd4be25193e9b792a2ff2275f886f7e50e1dc0a7a966a637a3 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI
| MD5 | 68b5cee7a2fb4c8e21f240737265e14a |
| SHA1 | f23c438b4d011073279c9bc85865c874fbfcf0de |
| SHA256 | e9dd221ed24d09d958b426e109668620a89796aac100b8ecf2678f980656227e |
| SHA512 | aecbaac3962d1c7678bbba43f8c43451efb6b7859cbb88bc3cf2620d777025066fc028c2e16f6b84045b91a97d20c9530aa1d66406bbb92ccb07a9bf12258c87 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI
| MD5 | 780ecbfe29b525adec69589bb0925cb1 |
| SHA1 | 1954ee7e7ed03a9dc877d2c3b05e86459a6292b8 |
| SHA256 | a56b6431264c75fe9120b11476147aa215dd78ddd8e606023f16960891e69c2c |
| SHA512 | 2252a44d9da77391e3ff83c0007e4ec281fef79e2df20adadb584d6f377d023cf73bf9c76c0d0771a58b062024ec1118602fa77f9dcb56083cedec9e55c4759f |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\ISSetup.dll
| MD5 | 41e098a7c75c0f2fcdcc4c1b605f8cf5 |
| SHA1 | b794e06eaba21f0c765841695424d88421f1255b |
| SHA256 | 8069bfd2667f5a62519ee604c1062574a0db69c4cfd1b55a0f3895ce7670ee9c |
| SHA512 | 777ed995ccc93d768955310841d98ccae155d0a5a2cfa314fb7cfed54c82f65e865ca697210c35d0824076ae9b2459ac85d8ba7dfcc4ae4e6d2af4feb1574c6a |
memory/4212-675-0x0000000010000000-0x00000000101F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{CD30008A-4057-4130-96E7-107D6265EBE5}\IsConfig.ini
| MD5 | 5fc8d60855a5cec64e1abbbcc133c23b |
| SHA1 | ca723ea715fc0e217a9133611a56da5dca78b547 |
| SHA256 | b0e962259029cec81ec5f5783192f552699aac99a14ddea89f74330e50e9340e |
| SHA512 | 847f0397aff3b428c9fda79f82b83b0dbec1410d979c7f80b109f6088fb0d04d843e43b1cff5fb99df2cc5ade9da862aaf907c809dbe16910a46b7d8edc47562 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\PACE License Support Win64.msi
| MD5 | c5cbd59e9901c3c1c6a112fa726cceb0 |
| SHA1 | 5f7f18a1edd6221b890ee5b63147b74fc6c8d10e |
| SHA256 | bf9e00b22e6eb0a9d598e25c28a74ac565b176a8a164607a0a94a5a230216038 |
| SHA512 | b5044f29636ad2d60efcc8344b26baa89b6ea9ee42a566ecff00972e29c2dfae15b9ba3f58bb9a5846d1596d7a420a8054982357d7f37558086c4b1bd60a7586 |
memory/4212-687-0x0000000002980000-0x0000000002982000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
| MD5 | 962b85d5bc8945d80b4839e47efe8fdd |
| SHA1 | 3291792ee90594baa9083ef544779d6b550d3fec |
| SHA256 | 1b220c5a2f74162d7162ba241ad6c594aaf009cc1329429dcf2112e10477e2b5 |
| SHA512 | 6a2c104a45cb9f11e9a6e2ba2674c03a8b1102ad2be25f1df3bde6af4933db475a6537b54a8d4086867a655f4067980b99dc4844230f7d2727af45dcf5a794ff |
C:\Users\Admin\AppData\Local\Temp\MSI2D0C.tmp
| MD5 | c23d4d5a87e08f8a822ad5a8dbd69592 |
| SHA1 | 317df555bc309dace46ae5c5589bec53ea8f137e |
| SHA256 | 6d149866246e79919bde5a0b45569ea41327c32ee250f37ad8216275a641bb27 |
| SHA512 | fa584655ae241004af44774a1f43508e53e95028ce96b39f8b5c62742f38acdf2b1df8871b468ac70c6043ca0e7ae8241bad2db6bc4f700d78471f12bb809e6b |
C:\Users\Admin\AppData\Local\Temp\MSI2D5B.tmp
| MD5 | edb88affffd67bca3523b41d3e2e4810 |
| SHA1 | 0055b93907665fed56d22a7614a581a87d060ead |
| SHA256 | 4c3d85e7c49928af0f43623dcbed474a157ef50af3cba40b7fd7ac3fe3df2f15 |
| SHA512 | 2b9d99c57bfa9ab00d8582d55b18c5bf155a4ac83cf4c92247be23c35be818b082b3d6fe38fa905d304d2d8b957f3db73428da88e46acc3a7e3fee99d05e4daf |
memory/2808-708-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/2808-709-0x0000000000860000-0x0000000000862000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\setup.inx
| MD5 | d8146c43b587f98bf1ea586c2b7a71ba |
| SHA1 | 5fb052b1fff7762bcbe1a923ccf5520b6f268834 |
| SHA256 | c7d4daf78b820c2a31dff646d4f199c1a05faf149178b6cccc776609aa3f06da |
| SHA512 | 028c3d77ca56d40627b9cc900492a5ea2eee31a1f69c14349c6c5c7791f3aab45a27e12556c1486f0d1cd3f028d35f35e7e8886c7892efed7d4660d0814e998f |
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISRT.dll
| MD5 | 5ecda0a54c4d9babcdb177d54f2e733d |
| SHA1 | e98aa5abf7cc44b50fe6ca7c6b110bb04541fe5b |
| SHA256 | e0926d6cbb4b4bbe673eec59325646ae8f2702e87584bf31dee28c385f45a32c |
| SHA512 | 45cb28462f6114765fcf831e2ae4ffc5fee1f59746e9e749106b7cf00b7967a788e5591da2a4e0a6e3ae52d60395d1d66be6112026709c33261c4ca839211616 |
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\_isres_0x0409.dll
| MD5 | 2dd07d5455d3e762e6efb976d4898174 |
| SHA1 | 2677189384275f0d95eee10d85f1fac78dc557fe |
| SHA256 | 7aefc03e9adf64345164971aad3dcd1264f389c3ade513ae420d64ef1f2c1087 |
| SHA512 | 8d38171c01c919b072fc7bb7938747d4172825481eb715f576a7a8b7623d2df776d6d9307f496b3f17c244cfe5898ad7557ef432f74ef8682219170596efdda2 |
memory/2808-730-0x0000000002B40000-0x0000000002BE7000-memory.dmp
memory/2808-732-0x0000000002BF0000-0x0000000002BF2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
| MD5 | 22ecca7139fc78f7928e9540a45dd2c7 |
| SHA1 | aabfa0a1de048732597f3e69cebb694bee88a7d1 |
| SHA256 | b108f5bdc4ae76f326fd1c99022cedda62af11e2262809ad79b2c071e0615484 |
| SHA512 | 258a3f62904f7022c4ad5d4bab1687f505b8cb282a2d995a4cea29210def83c5e9ec003e88e4659ff7f828182f812172280199c491fe610cc286cf9ddbce037b |
C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\skin362e.rra
| MD5 | be8e1e66c14d73fd42b004eaea7c2e5f |
| SHA1 | 3f5091e47282f0f8e80027c1b7bcb91f10bf28b2 |
| SHA256 | 6afb00abaaa7be31895d47a59efaab360e592f08daf1d45919fe21e90aa6132a |
| SHA512 | 833f7a0ea9efbfe3d2e0ec7ee1ea13a29b32fbf096cfae57e59af4f7ee4ab3adde19c851a8413eb079e74d25dcf01390ed0dfebeb3f5ab7ac234aa9a46a29daf |
memory/4212-1318-0x00000000063F0000-0x0000000006497000-memory.dmp
memory/4212-1969-0x00000000063F0000-0x0000000006497000-memory.dmp
memory/4212-2360-0x0000000003F60000-0x0000000003F62000-memory.dmp
memory/4212-5466-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/4212-5467-0x00000000063F0000-0x0000000006497000-memory.dmp
memory/4212-5471-0x00000000063F0000-0x0000000006497000-memory.dmp
memory/2808-5474-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/4212-5484-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/4212-5485-0x00000000063F0000-0x0000000006497000-memory.dmp
memory/5288-5486-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/5288-5487-0x00000000033F0000-0x00000000033F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{F9085E6F-BC23-43EA-9B4A-CF2312D7A9D0}\IsConfig.ini
| MD5 | f85fb84dc27b75e5cebe32d89be93ea6 |
| SHA1 | 3d7de6e572ce0eafdccef331e39e6f94b75b414b |
| SHA256 | 6f6532353669cea1baffbb12e9d0304ff3a882f232cf5f25c030a04b16dd20c5 |
| SHA512 | 7f947f2d650813f9e212d149bdf6efff9685b406c12ddfe08bbf4879b081c72f27a41a41f66485e792a58d148db0ed0274f1fb7527e4b813cf37e7fe3488cb48 |
memory/5288-5495-0x00000000039C0000-0x0000000003A49000-memory.dmp
memory/5288-5494-0x0000000003890000-0x0000000003937000-memory.dmp
memory/5288-5496-0x0000000003500000-0x0000000003502000-memory.dmp
memory/9388-5503-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/9388-5504-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/9388-5505-0x0000000000DF0000-0x0000000000DF2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{EDD9854C-79FD-494D-94A9-4FEAB7CBF8C3}\IsConfig.ini
| MD5 | c88556b5771542ba96767a5117ce6053 |
| SHA1 | 160d86bfc85cb14e43fc40300a50fc0a06b87e71 |
| SHA256 | fd53cc5bcb77cebe93db2ce11e4c78ff2a3e1035818987a8ed0efd12168163d7 |
| SHA512 | de2991d6b1584b61c4f7e445224c4f8d888e129a5a226b92aec3cd99041c694f639b6ca93ef2d97f70d299817e3fecf4ffb40298478366cb58d6f2ef73917eed |
memory/9388-5512-0x0000000002D30000-0x0000000002DB9000-memory.dmp
memory/9388-5513-0x0000000002BE0000-0x0000000002C87000-memory.dmp
memory/9388-5514-0x00000000028B0000-0x00000000028B2000-memory.dmp
memory/7276-5793-0x00007FF9D6870000-0x00007FF9D692E000-memory.dmp
memory/7276-5794-0x0000000000550000-0x0000000000650000-memory.dmp
memory/9388-5801-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/9388-5802-0x00000000026D0000-0x00000000026D2000-memory.dmp
memory/9388-5814-0x00000000029E0000-0x0000000002A87000-memory.dmp
memory/9388-5813-0x0000000002F10000-0x0000000002F99000-memory.dmp
memory/9388-5815-0x0000000002700000-0x0000000002702000-memory.dmp
C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F4.tmp
| MD5 | af30155cd33639edfcd31eb9c80edd3d |
| SHA1 | 0d0dc51143fc1f9b0a41a1ac0554a3ddfcb9af65 |
| SHA256 | 3e42dc05577ec55ceb296de329178687a5c29e787855c58c40b758344a00a56e |
| SHA512 | 21f2b2c48753698b09c3631b16a555cbd18638ecdac74117beed76f2690feab1781841b74cd59b88561912b341a78d45d4da2b0f64e325f19b1d7ecbe964e5a4 |
C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F5.tmp
| MD5 | a9a5d554ee54caa78a9fbff76bc74d1b |
| SHA1 | 3534ebaeebd8861807e28f212dd4ef59ae2c4596 |
| SHA256 | 590288df2cf650c88b418c2446108036746dca30ec3c0ec819a8f06f06a705ed |
| SHA512 | e2f48cc4c926175c7913510c2c111ef06b69702c9801892f75a84ff04eae002dc8d28b0525a0f0d6ca67a2c538a84c0cf34b440e21fa964119a08e0acbcc6c89 |
C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F6.tmp
| MD5 | 8d94d7271425756de312e2f1b894f78b |
| SHA1 | 4463ca042cfa66a776e01d3915543cbcdd21f34e |
| SHA256 | f39bb45a191a4e07c6ade3ff1fc19ee5b1e60a6d5c99a4e8ee66100c322d9823 |
| SHA512 | 231daeb977fb463b05e10ecad110ef80e6a550524f50d4cd5e43e4085f15dcaa8faeb60523dcd98cadfad324b5da46ab41bbcf842472904b65b0849970633d24 |
C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETBA07.tmp
| MD5 | 7bd98a95ec9019010e8aaa9f7fe5bea4 |
| SHA1 | 4b60bddc26a6c1e505fd8f4060260f4642765d5a |
| SHA256 | fff0ccbddab48c9467b384876d80d9af1d36a0dfd49ecac352d1fd03b698655c |
| SHA512 | e57a24a7da0044851154137b09e3ee59c25e88e141846d5a692d07cd32d0a12508e8a29144b3f016425260a58a616e390f3daa0892e615c9485c26cf57112fb7 |
memory/9388-5895-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/9388-5896-0x00000000026E0000-0x00000000026E2000-memory.dmp
memory/5288-5897-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/9388-5899-0x0000000002F10000-0x0000000002FB7000-memory.dmp
memory/9388-5898-0x0000000002FC0000-0x0000000003049000-memory.dmp
memory/9388-5900-0x00000000026F0000-0x00000000026F2000-memory.dmp
memory/9388-5983-0x0000000010000000-0x00000000101F2000-memory.dmp
memory/7276-5988-0x00007FF9D6870000-0x00007FF9D692E000-memory.dmp
memory/9388-6161-0x0000000002BE0000-0x0000000002C87000-memory.dmp
memory/4212-6188-0x0000000010000000-0x00000000101F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{BA4B3654-0896-4BC3-8DB8-B95A72F8D54C}\_isres_0x0409.dll
| MD5 | ef9981e91f1e89f574c1fd5a9f33c104 |
| SHA1 | 4a4d93250ea55f2fd8016019ffecbd346a9cf898 |
| SHA256 | baea8898b54c528eae355a970f9d78c95c26b3b2a8c500e3fb6766bc879037c3 |
| SHA512 | 4c7a5e9a7082bcc893a6a3368be634c651a049448ac90884b710eb4fa1dc480d6c4e94db12fd9ada53e3a8cdefff0990d7dd0cab173009e45bba643f7d88fdd5 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\BonjourWin64LS.prq
| MD5 | 15555cbf31a9886efd19b25d03fd9999 |
| SHA1 | 1747bdee10c7030015fde30dde8b2d0f1d44c1f0 |
| SHA256 | a088878368797f6e079a1d3f4fd07a8c41e8584f9e75caf293a175afd962bfb3 |
| SHA512 | c163322cadabd96b5a0be8ef55b1e9c20cb8b9b6b5a87efcdff9a1ef41c7ce01537fcacf91b1642886e46ea8453f6744800694374b9cfe4bee884eda4c77a00f |
C:\Users\Admin\AppData\Local\Temp\{BA4B3654-0896-4BC3-8DB8-B95A72F8D54C}\ISBEWI64.exe
| MD5 | ee55ce6c2ab607c146095178d734ed0c |
| SHA1 | e73050e3dd159df0db798136cb07137bc279642f |
| SHA256 | b06f0e78467a28d89070ce33a0bd4d11ace79f50be570be76360be9281097fc9 |
| SHA512 | 0c092ea74e9de918b00c6662dcd2a027d7e5359217feccc7fec9a50c590e92993bd5881f0c188f7be68df10a21bfddf12972aca7d9d03b31a034ec19973694e5 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI
| MD5 | 31bbe50b2d94ea9e914355956d7bea49 |
| SHA1 | df0e6b3aa9632aca544207ebe17bffc41f2b68a8 |
| SHA256 | 5307dfcbdcf6d6cc119ef8557a8e06e13775f9c6faf7257f61a2abe862a4a4e5 |
| SHA512 | 3fdc87a826fb7b808c96ab4e32bf32b9d902595cc1920a146cb1d9245f718e93a9bd1ff81558a0dacc0a15917f6ee6c83c03f1858736923bc08c235c9de97aae |
C:\Users\Admin\AppData\Local\Temp\{BA4B3654-0896-4BC3-8DB8-B95A72F8D54C}\IsConfig.ini
| MD5 | aef3ceefc59a0d9cda30d7b3ef70dea5 |
| SHA1 | 833f090f77edbc4b409886316deb21f484b782ff |
| SHA256 | 1bf85a5fa78894d1210063759abd2cf8c390556ca7022a03f41020c16a8abac6 |
| SHA512 | f009112c2810e011abd412a8e95f5dc90e24b49185daed0da32ac2fb7551e2c9020cf59fdaf0152baf37d208ffb5237e944048ab6d045205ede5e99c1bc8ad2b |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI
| MD5 | f87382fc7604a837bdb1be851000b15b |
| SHA1 | cb1a0de7b734e1bd05faa32e9ee22c7111b4484e |
| SHA256 | 27d1d2688dd0fcc2feaf7e2dc40078f676f61cac09233ad18beeccfb646f1c7a |
| SHA512 | 449d2f1bb679e2b0ff84905fb506d4121ce1147bc58ca1e136be9f082b91b34a36b1d90cfdac19ac68bab7991274fb148216e2ff0a03d094348aea93e14d2bfb |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\setup.isn
| MD5 | a6403b5ee5f9f09eaf60a41b4705b0ec |
| SHA1 | 4ce6a4a0991cd52d37facb7494eeed398f7ddb38 |
| SHA256 | 9dca1adf06c8247a11fc09517c4e8a0206075dd663f921d9945053994fdeffc7 |
| SHA512 | 7a2c6c580811d498a627fcd4645238d3f5225b22da07f7fbefa87bf344497aa8469e74cb7d84349d701636d12e6a61f406eeea90f7e1fb18a3d05ae5aed01d6f |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\UCRT63x64.prq
| MD5 | 0e10ca2d56f862cc2f4d618faba99aaf |
| SHA1 | 93706ff049c6ff76fa2537efd5f5ccbfc620c0c3 |
| SHA256 | e6ea2b931860b8362fb8f5830f3d05741de3a8b7f541af3b456629e3ab90349f |
| SHA512 | 3c650881db06b603637f848552c580f48eae93202526ed4b8c526e9f94f18410d197b72d591637f941c643ecdde3e8dd00b7fe7e7a0f52faec8f831446c302f5 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\VS2019EtAlRedistsWin32.prq
| MD5 | c1ebbdb4fde707ae1a19c3f8a3c037d7 |
| SHA1 | 5b89fedd99f21a1be0e71c344593ef7e8a02bf18 |
| SHA256 | 886ae7127390cf701be20d762de8008908d29874b3db5f7bcdec3ab3ffceb0f2 |
| SHA512 | b1a505f0eee54f8f80c00e51fd03967ec080db6c9fce671db429d83a4d1003105b35c80aa1953d195304e594e89e09f2b93ba4cf0b698be6ee070b1969a77e85 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI
| MD5 | e0dac65635c79399e951589b98c3ec4d |
| SHA1 | 7322fa504dd65edfb17480213ce11a8c56b6e152 |
| SHA256 | 572be4547e8ca666aed87e4f5c3c633abc7e09d28ee21f5af2ff28843b15b651 |
| SHA512 | 2b26d6610e379dd50b493706e6b7ff1bcf6b447570d7ccd800b603b00e2b35103430721f89091f941db03e299d0663c241e1296b9e7213d416633d67bdf1dfc6 |
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\VS2019EtAlRedistsx64.prq
| MD5 | 3319f71dd8e53d12c70ae6019eb49b38 |
| SHA1 | 1f2ce2ea4d8c9c4b0fb76a09e84dc55d44b8f1ae |
| SHA256 | 89cf87f10bd3386eca6b30c80610ef41791046f62d76a9a021318d5197914d75 |
| SHA512 | a80ecf432bc89954287860a686cc48f2d1b6d4123505556a5a1f9d6474319bbf4b88bb1886f83bbd62e699b3b1615882aa2fa97156ba5f8785840a8e4bea1f6c |
memory/2336-6376-0x0000000000400000-0x00000000006FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI
| MD5 | c10f0c1c213324eb2d479d8617a58197 |
| SHA1 | 5d830ffc7950e47de2a7f9efafca8425c37a382c |
| SHA256 | 06d38311dc59cf5a078491d01fe65e579b3c5d72764bf93e35ae24cd74a805be |
| SHA512 | 6b73dd20de1f288999bf2590f8cf095f5804ae2648ab85d136a919ffe0e0430180c91a46b2ad6192104ee8802d982f70bc0fcca87cd8189a5be3e04312d1a702 |
memory/2336-6385-0x0000000000400000-0x00000000006FF000-memory.dmp
memory/828-6386-0x0000000000400000-0x00000000004DC000-memory.dmp