description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\reporters\quiet.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\retry\Makefile	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-exec.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-stars.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\patch\reverse.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-link.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\esm\index.d.ts.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\fetch.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\cjs\brace-expressions.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\cjs\escape.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\clean.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\dist\commonjs\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\bin\npx-cli.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-shrinkwrap.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@isaacs\string-locale-compare\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-fullwidth-code-point\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\spec-from-lock.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\indent-string\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\retry\lib\retry_operation.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\yarn.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\packaging\__init__.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\util-deprecate\browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\install.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\binary-extensions\binary-extensions.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\set-immediate.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\hasown\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\gypsh.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\log.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-uninstall.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\reify-output.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\sign\dist\error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promzard\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\warn-mixin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\are-we-there-yet\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\API.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\lib\styles.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\peer-entry-sets.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\verify\dist\timestamp\merkle.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\mjs\brace-expressions.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-query.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\commonjs\pattern.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\lru-cache\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\shebang-regex\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\bundle\dist\build.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\console-control-strings\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\character.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\install.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\nopt.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-pick-manifest\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\util\cache-dir.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\yarn	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\sign\dist\bundler\message.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSToolFile.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\debug.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-cache.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-adduser.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-audit.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\archy\examples\multi_line.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\util\hash-to-segments.js	msiexec.exe

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIAA40.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{637236E9-EF59-4F9D-8269-3083C1A6C6D6}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC7A1.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{637236E9-EF59-4F9D-8269-3083C1A6C6D6}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAF06.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3AD6CFB80B0057C6.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF15D64928A58D5579.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e59a956.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA78657BD6FC79131.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1198E19BDB64CC40.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAE1A.tmp	msiexec.exe
File created	C:\Windows\Installer\{637236E9-EF59-4F9D-8269-3083C1A6C6D6}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e59a958.msi	msiexec.exe
File created	C:\Windows\Installer\e59a956.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAA8F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC609.tmp	msiexec.exe

pid	Process
4488	Hone - Installer.exe
4488	Hone - Installer.exe
4488	Hone - Installer.exe
4488	Hone - Installer.exe
4488	Hone - Installer.exe
4488	Hone - Installer.exe
4488	Hone - Installer.exe
3264	OWinstaller.exe
3264	OWinstaller.exe
3264	OWinstaller.exe
3264	OWinstaller.exe
2328	MsiExec.exe
2328	MsiExec.exe
2548	MsiExec.exe
2548	MsiExec.exe
2548	MsiExec.exe
248	MsiExec.exe
1860	MsiExec.exe

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a24af70bd82af6610000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a24af70b0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a24af70b000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da24af70b000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a24af70b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Version = "336330754"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\ProductIcon = "C:\\Windows\\Installer\\{637236E9-EF59-4F9D-8269-3083C1A6C6D6}\\NodeIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\PackageCode = "AC6AA920FB9737143A7998E5BED98A71"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\NodeRuntime	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\PackageName = "node-v20.12.2-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\EnvironmentPath	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\9E63273695FED9F4289603381C6A6C6D	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\npm	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList	msiexec.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 406125.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\node-v20.12.2-x64.msi:Zone.Identifier	msedge.exe

pid	Process
128	msedge.exe
128	msedge.exe
4232	msedge.exe
4232	msedge.exe
4972	msedge.exe
4972	msedge.exe
4132	identity_helper.exe
4132	identity_helper.exe
1972	msedge.exe
1972	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4188	msiexec.exe
4188	msiexec.exe

flow	ioc
71	discord.com
72	discord.com
1	discord.com

flow	ioc
157	api.ipify.org
164	api.ipify.org

description	pid	Process
Token: SeDebugPrivilege	3264	OWinstaller.exe
Token: SeShutdownPrivilege	1032	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1032	msiexec.exe
Token: SeSecurityPrivilege	4188	msiexec.exe
Token: SeCreateTokenPrivilege	1032	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1032	msiexec.exe
Token: SeLockMemoryPrivilege	1032	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1032	msiexec.exe
Token: SeMachineAccountPrivilege	1032	msiexec.exe
Token: SeTcbPrivilege	1032	msiexec.exe
Token: SeSecurityPrivilege	1032	msiexec.exe
Token: SeTakeOwnershipPrivilege	1032	msiexec.exe
Token: SeLoadDriverPrivilege	1032	msiexec.exe
Token: SeSystemProfilePrivilege	1032	msiexec.exe
Token: SeSystemtimePrivilege	1032	msiexec.exe
Token: SeProfSingleProcessPrivilege	1032	msiexec.exe
Token: SeIncBasePriorityPrivilege	1032	msiexec.exe
Token: SeCreatePagefilePrivilege	1032	msiexec.exe
Token: SeCreatePermanentPrivilege	1032	msiexec.exe
Token: SeBackupPrivilege	1032	msiexec.exe
Token: SeRestorePrivilege	1032	msiexec.exe
Token: SeShutdownPrivilege	1032	msiexec.exe
Token: SeDebugPrivilege	1032	msiexec.exe
Token: SeAuditPrivilege	1032	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1032	msiexec.exe
Token: SeChangeNotifyPrivilege	1032	msiexec.exe
Token: SeRemoteShutdownPrivilege	1032	msiexec.exe
Token: SeUndockPrivilege	1032	msiexec.exe
Token: SeSyncAgentPrivilege	1032	msiexec.exe
Token: SeEnableDelegationPrivilege	1032	msiexec.exe
Token: SeManageVolumePrivilege	1032	msiexec.exe
Token: SeImpersonatePrivilege	1032	msiexec.exe
Token: SeCreateGlobalPrivilege	1032	msiexec.exe
Token: SeCreateTokenPrivilege	1032	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1032	msiexec.exe
Token: SeLockMemoryPrivilege	1032	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1032	msiexec.exe
Token: SeMachineAccountPrivilege	1032	msiexec.exe
Token: SeTcbPrivilege	1032	msiexec.exe
Token: SeSecurityPrivilege	1032	msiexec.exe

description	pid	Process	procid_target
PID 4488 wrote to memory of 3264	4488	Hone - Installer.exe	77
PID 4488 wrote to memory of 3264	4488	Hone - Installer.exe	77
PID 4232 wrote to memory of 1356	4232	msedge.exe	87
PID 4232 wrote to memory of 1356	4232	msedge.exe	87
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88
PID 4232 wrote to memory of 1012	4232	msedge.exe	88

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request