Analysis Overview
SHA256
08e0b8a76cebb1a668f2ed3d1de76d13e38b6e41e98ed804599e4faa298eb3a2
Threat Level: Known bad
The file Setup.exe was found to be: Known bad.
Malicious Activity Summary
Modifies firewall policy service
PrivateLoader
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Loads dropped DLL
Checks installed software on the system
Executes dropped EXE
Enumerates physical storage devices
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Runs net.exe
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 10:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 10:36
Reported
2024-05-09 11:32
Platform
win7-20240221-en
Max time kernel
170s
Max time network
168s
Command Line
Signatures
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List | C:\Program Files (x86)\Synbiosis\ProtoCOL3\InstallWizard.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\475:UDP = "475:UDP:*:Enabled:NetHASP UDP" | C:\Program Files (x86)\Synbiosis\ProtoCOL3\InstallWizard.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\475:TCP = "475:TCP:*:Enabled:NetHASP TCP" | C:\Program Files (x86)\Synbiosis\ProtoCOL3\InstallWizard.exe | N/A |
PrivateLoader
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} = "\"C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\" /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\dd_vcredist_x86_20240509112949.log\" /passive ignored /burn.runonce" | C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc12redist_x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ce085a78-074e-4823-8dc1-8a721b94b76d} = "\"C:\\ProgramData\\Package Cache\\{ce085a78-074e-4823-8dc1-8a721b94b76d}\\vcredist_x86.exe\" /passive /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\dd_vcredist_x86_20240509113000.log\" /burn.runonce" | C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc13redist_x86.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ioArt.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-IVBRE.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\avutil-55.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-8I0RA.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\FocusIndicator.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\Atik.Core.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\libiomp5md.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\ArtemisSyn.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\io.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-6PQ9V.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\ioPointGrey.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-1QMBN.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-76HT0.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-CKO42.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-NOK40.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-1O5JS.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-C62UC.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-EVGJH.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-HHRLG.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-COV8O.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-4ERNS.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\ExposeControl.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-T0BD2.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-70A07.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-O7JLQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-PDE5T.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-IV4VI.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\haspds_windows.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\FlyCapture2_v90.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-8STBQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\PtGreyVideoEncoder_v90.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-NRSQ0.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-TOJSR.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\FlyCapture2_v140.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\lumenera.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\avcodec-57.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-PRPO4.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-H4M66.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\nhlminst.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\swresample-2.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\haspms32.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\hinstd.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\synsss32.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-RDMC2.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-3KREL.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-K9SJF.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftd2xx.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\DMX.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\avformat-57.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\lucamapi.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\swscale-4.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-UGK81.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\en-US\Synoptics.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-KPGK6.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\Microsoft.Office.Interop.Excel.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\PdfSharp.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtocolLightTest.exe | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\x86\libtesseract302.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-J93GQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-59PC0.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-1KE45.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-GL0G0.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-9V49U.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\fr-FR\ProtoCOL3.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3Spy.exe | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-0NN7Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-8LC9A.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-RGFNU.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-C3JEL.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\Emgu.CV.World.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\Analysis.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-AJA1E.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-TGHK1.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-MIJMJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-VMV1R.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\GeneralMatrix.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\Synoptics.Bio.StoredData.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\x86\liblept168.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-MF0LC.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-N94UU.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-7G0F2.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-VNQ9O.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\Emgu.CV.UI.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtocolButtonTest.exe | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ja-JP\Synoptics.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-TO1C1.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-87Q8B.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\x86\is-U7B65.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\Synoptics.ImageAnalysis.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ja-JP\is-KU3D5.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-F1NA9.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-9DRTS.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\x86\is-TOLN0.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\EPPlus.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\AntibacterialStripDetector.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-74S59.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-NQCA6.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-QC4NT.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-EM54C.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-3SG0D.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-04NS6.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\PdfSharp.Charting.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-1DP67.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-VBUU5.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ko-KR\is-9RGPM.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ja-JP\is-4IL3T.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-C2AH7.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-VPA4D.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-IK8SF.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-0OHS4.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\fr-FR\Synoptics.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\MigraDoc.RtfRendering.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\log4net.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ja-JP\ProtoCOL3.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-QB8CP.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ko-KR\is-OA17T.tmp | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940953.0\9.0.30729.1.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940843.0\vcomp90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112940937.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f76ae35.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112940921.1 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112940906.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\f76ae2d.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc12redist_x86.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.1\9.0.30729.1.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f76ae30.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\XLZ8JTEF\System.Windows.Forms.DataVisualization.Design.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.1\9.0.30729.1.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112940921.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2541.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940890.0\9.0.21022.8.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ae30.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\181GTL1V\System.Web.DataVisualization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | \??\c:\Windows\Installer\f76ae2d.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940906.1\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc13redist_x86.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940843.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940843.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940906.1\mfc90u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940906.0\msvcr90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f76ae33.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940890.0\9.0.21022.8.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940937.0\9.0.30729.1.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ae33.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940906.1\mfcm90u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940906.0\msvcm90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940906.0\msvcp90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112940984.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112940843.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940953.0\9.0.30729.1.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90esp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940937.0\9.0.30729.1.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940921.0\mfc90rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\S281FQQM\System.Web.DataVisualization.Design.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\AT5R2FFG\System.Windows.Forms.DataVisualization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112940812.0\atl90.dll | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | \??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | \??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042 = "Peer to Peer Trust" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FocusIndicatorLib.FocusCalculatorPage\CurVer\ = "FocusIndicatorLib.FocusCalculatorPage.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1008EEB1-D863-4E4C-9ECA-1BD2C13C5276}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FEE82C3-DA75-11CF-9EC8-444553540000}\ = "IOStructuringElement Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0BFB758-5FDB-11CF-882D-444553540000}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28079A20-D575-11D2-B948-0080C8276C2D}\ = "IIOAnnotationEvents" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{464CE70F-87EB-4A4E-ADD4-095C520854C2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7C476656-0797-4F99-886B-2CD0B9797885}\TypeLib\Version = "1.4" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{08B93C42-BAB3-424F-AF8A-D59338E96531}\TypeLib\Version = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOHistogram.1\ = "IOHistogram Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOStructuringElementSequence\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42D186E4-39C8-4E99-BA46-30D92A414F70}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD2B08A5-50CC-491B-A1D7-E4433F3C65E9}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C0BFB756-5FDB-11CF-882D-444553540000}\MiscStatus\1\ = "131473" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6BD0A292-626F-4b12-A1C6-FFB950653D1F}\InprocServer32\ = "C:\\Windows\\SysWow64\\ioPointGrey.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0F4855B0-AECF-4FD8-9294-E80A60BD9C37}\TypeLib\ = "{95CBADD0-EE34-11D4-B386-0080C8D9F878}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Lumenera.LumeneraCamera\ = "LumeneraCamera Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{878CF29D-B8CC-4124-84D4-DDF5EB3DC645}\1.0\0\win32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{81D37D2D-0CDA-4378-9CBF-BCE82FBA7115}\1.0\0\win32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28079A20-D575-11D2-B948-0080C8276C2D}\InProcServer32\ThreadingModel = "Both" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7FEE82C2-DA75-11CF-9EC8-444553540000}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOBlobs\CurVer\ = "IO.IOBlobs.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FocusIndicator.FocusCalculator\ = "FocusCalculator Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{55BB4041-A8D1-11CF-9EC7-444553540000}\VersionIndependentProgID\ = "IO.IOFile" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55BB4040-A8D1-11CF-9EC7-444553540000}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{59B23FE2-A814-11CF-9EC7-444553540000}\NumMethods\ = "23" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOImage.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C0BFB759-5FDB-11CF-882D-444553540000}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOVectors.1\CLSID\ = "{858B0163-ED5F-11D0-8808-0040950397EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IODisplay.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C0BFB756-5FDB-11CF-882D-444553540000}\Version | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{325A17C6-60A1-11CF-882D-444553540000} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{858B0160-ED5F-11D0-8808-0040950397EE}\NumMethods\ = "25" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8AE898D3-206B-4299-BA13-0CF2B8E94546}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOVector.1\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOStructuringElementSequence | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{631B32B5-1D5B-4c15-8AAA-1932021C0A74}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5E6006C0-C04D-11CF-AB39-0020AF71E433}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOHistogram.1\CLSID\ = "{C9D1B281-D58A-11CF-9EC8-444553540000}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{858B0162-ED5F-11D0-8808-0040950397EE}\TypeLib\ = "{C0BFB74B-5FDB-11CF-882D-444553540000}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{59B23FE0-A814-11CF-9EC7-444553540000}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5F47BFA-D64C-4CE6-B2CA-44FD8CDF1DB6}\Info | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOBlobs.1\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{59B23FE2-A814-11CF-9EC7-444553540000} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4CEC008C-D9A5-11CF-AB39-0020AF71E433}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7FEE82C2-DA75-11CF-9EC8-444553540000}\ = "IIOStructuringElement" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IOPointGrey.Camera\ = "Camera Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{96F5EAC9-BEC4-11CF-AB39-0020AF71E433}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C0BFB74B-5FDB-11CF-882D-444553540000} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOFileType\ = "IOFileType Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2CAE70E8-CE5B-4C9A-ACDC-898858F490DF}\TypeLib\ = "{C0BFB74B-5FDB-11CF-882D-444553540000}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3603690-D7DC-462C-A62B-6C645640A1AE}\TypeLib\ = "{878CF29D-B8CC-4124-84D4-DDF5EB3DC645}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{631B32B5-1D5B-4c15-8AAA-1932021C0A74}\AppID = "{A338F5A7-9E8D-48bb-BD1B-25BA88C6B7A6}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CEC008D-D9A5-11CF-AB39-0020AF71E433}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C0BFB756-5FDB-11CF-882D-444553540000}\Version\ = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7EAFE56C-D6A6-4BC0-BDB3-606AEE5B20B6}\ = "LumeneraCameraColourPage Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ArtemisLib.ArtemisCameraPage.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{325A17C6-60A1-11CF-882D-444553540000}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{59B23FE2-A814-11CF-9EC7-444553540000}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{96F5EAC8-BEC4-11CF-AB39-0020AF71E433}\TypeLib\ = "{C0BFB74B-5FDB-11CF-882D-444553540000}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F956166C-B960-485A-B091-6D507A1CB1D2}\1.0\HELPDIR\ = "C:\\Windows\\system32" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOVectors.1\ = "IOVectors Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9D1B280-D58A-11CF-9EC8-444553540000}\TypeLib\ = "{C0BFB74B-5FDB-11CF-882D-444553540000}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | \??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstaller.exe | N/A |
| N/A | N/A | \??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstaller.exe | N/A |
| N/A | N/A | \??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstaller.exe | N/A |
| N/A | N/A | \??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstaller.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeTcbPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeSecurityPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeBackupPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeRestorePrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeShutdownPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeDebugPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeAuditPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeUndockPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| N/A | N/A | \??\c:\534f1e7eebf514bc488bbab9\install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc12redist_x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc13redist_x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Synbiosis\ProtoCOL3\InstallWizard.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Synbiosis\ProtoCOL3\InstallWizard.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp" /SL5="$5014E,110133280,125952,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc9redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc9redist_x86.exe" /QB
\??\c:\534f1e7eebf514bc488bbab9\install.exe
c:\534f1e7eebf514bc488bbab9\.\install.exe /QB
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005BC" "00000000000005A0"
C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc12redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc12redist_x86.exe" /passive
C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc12redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc12redist_x86.exe" /passive -burn.unelevated BurnPipe.{B1D9B05C-C968-46A7-B92F-C19E85746B63} {018618C6-5040-4525-958D-753FD2C71132} 2168
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "0000000000000000" "00000000000005BC" "00000000000003DC"
C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc13redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc13redist_x86.exe" /passive
C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc13redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc13redist_x86.exe" /passive -burn.unelevated BurnPipe.{6085447E-82B1-45BE-894C-F5A34C22D28A} {40DAAAB1-D94F-4B87-A9F7-7DA21A9B7A9F} 2244
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot21" "" "" "6f9bf5bcb" "0000000000000000" "00000000000003DC" "00000000000004A4"
C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc19redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc19redist_x86.exe" /passive
C:\Windows\Temp\{65BEE86A-CB91-473B-95E3-A6C2F7C2278E}\.cr\vc19redist_x86.exe
"C:\Windows\Temp\{65BEE86A-CB91-473B-95E3-A6C2F7C2278E}\.cr\vc19redist_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc19redist_x86.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /passive
C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\MSChart.exe
"C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\MSChart.exe" /passive
\??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstaller.exe
f:\f79571ba686a42b73d4f582fc35ad289\SPInstaller.exe /passive
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "net stop ArtemisHscServiceMonitor"
C:\Windows\SysWOW64\net.exe
net stop ArtemisHscServiceMonitor
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop ArtemisHscServiceMonitor
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "net stop ArtemisHscService"
C:\Windows\SysWOW64\net.exe
net stop ArtemisHscService
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop ArtemisHscService
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DMX.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\io.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\iograbberinterfaces.olb"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\FocusIndicator.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ExposeControl.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\lumenera.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\GenericDarkroom.olb"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ioArt.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ioPointGrey.dll"
C:\Windows\SysWOW64\NET.exe
"NET" LOCALGROUP "ProtoCOL Admins" /ADD /COMMENT:"The administration group for ProtoCOL"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 LOCALGROUP "ProtoCOL Admins" /ADD /COMMENT:"The administration group for ProtoCOL"
C:\Windows\SysWOW64\NET.exe
"NET" LOCALGROUP "ProtoCOL Advanced Users" /ADD /COMMENT:"The advanced user group for ProtoCOL"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 LOCALGROUP "ProtoCOL Advanced Users" /ADD /COMMENT:"The advanced user group for ProtoCOL"
C:\Windows\SysWOW64\NET.exe
"NET" LOCALGROUP "ProtoCOL Users" /ADD /COMMENT:"The user group for ProtoCOL"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 LOCALGROUP "ProtoCOL Users" /ADD /COMMENT:"The user group for ProtoCOL"
C:\Program Files (x86)\Synbiosis\ProtoCOL3\DatabaseUpdater.exe
"C:\Program Files (x86)\Synbiosis\ProtoCOL3\DatabaseUpdater.exe" /install
C:\Program Files (x86)\Synbiosis\ProtoCOL3\InstallWizard.exe
"C:\Program Files (x86)\Synbiosis\ProtoCOL3\InstallWizard.exe" ProtoCOL 3
C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe
"C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 255.255.255.255:475 | udp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp | |
| N/A | 10.127.0.255:1433 | tcp |
Files
memory/2612-0-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2612-2-0x0000000000401000-0x0000000000412000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-SLAEO.tmp\Setup.tmp
| MD5 | 898d42b5939b4bbc6057c4a85c4e0cfb |
| SHA1 | 219fc6d4f8f82260f1a9194f262770e2b3509339 |
| SHA256 | acb1db9d7755b12718c02acc9d10660046fc39626e000f763e037a06e52719ea |
| SHA512 | 7c36c852e0b6288267a28323e34f60dd3c7799982def2c3e9d86848c3967ad64ad043ecfcef7a7eb3232739279cc53b0fd98945b7321647373bdc955ca410d43 |
memory/2340-8-0x0000000000400000-0x000000000052E000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\_isetup\_isdecmp.dll
| MD5 | 77d6d961f71a8c558513bed6fd0ad6f1 |
| SHA1 | 122bb9ed6704b72250e4e31b5d5fc2f0476c4b6a |
| SHA256 | 5da7c8d33d3b7db46277012d92875c0b850c8abf1eb3c8c9c5b9532089a0bcf0 |
| SHA512 | b0921e2442b4cdec8cc479ba3751a01c0646a4804e2f4a5d5632fa2dbf54cc45d4cccffa4d5b522d42afc2f6a622e07882ed7e663c8462333b082e82503f335a |
memory/2612-13-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2340-14-0x0000000000400000-0x000000000052E000-memory.dmp
memory/2340-16-0x0000000000400000-0x000000000052E000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc9redist_x86.exe
| MD5 | 5689d43c3b201dd3810fa3bba4a6476a |
| SHA1 | 6939100e397cef26ec22e95e53fcd9fc979b7bc9 |
| SHA256 | 41f45a46ee56626ff2699d525bb56a3bb4718c5ca5f4fb5b3b38add64584026b |
| SHA512 | 4875134c664503242ec60717232f2917edca20286fc4b675223edbbe5dc0239ebfaf8f67edd76fedcaa2be5419490dc6f47930ca260e6c9988ccf242416c204b |
\??\c:\534f1e7eebf514bc488bbab9\install.ini
| MD5 | 5feaa6a36fea7dfdb88c18d69ba6d6a9 |
| SHA1 | 7afd91a7b046d68b6ee9fd367bcd7a4fec546216 |
| SHA256 | 67a50ffbb8a1d500eaa4d9f0227d6a8595a2750154e6b31662fc4f51286e47fc |
| SHA512 | 6c8c0456f232a02a49d51b3f1a830a18b9078e621cd0dc3f4f76f79b83035e8affac67bce3af9a37fa9096a34a8499c59cf982b63a4b2400b9190d2db293e682 |
C:\534f1e7eebf514bc488bbab9\install.exe
| MD5 | 33c9213ff5849ef7346799cae4d8ac80 |
| SHA1 | 5421169811570171e9d2d0a1cdca9665273e7b59 |
| SHA256 | 3377e31d233ff41aea253e6221815820997763acdf40b005f8791400366cb8ff |
| SHA512 | da0fc3f57156e06c0c37c1fb5176e1b147ce4aa21f519112123722496b04ad4bc3d366e2b51fd78de1ba0304d35bfd5e5fc95cabc2b3eb174f77636a8fa162a1 |
\??\c:\534f1e7eebf514bc488bbab9\globdata.ini
| MD5 | 0a6b586fabd072bd7382b5e24194eac7 |
| SHA1 | 60e3c7215c1a40fbfb3016d52c2de44592f8ca95 |
| SHA256 | 7912e3fcf2698cf4f8625e563cd8215c6668739cae18bd6f27af2d25bec5c951 |
| SHA512 | b96b0448e9f0e94a7867b6bb103979e9ef2c0e074bcb85988d450d63de6edcf21dc83bb154aafb7de524af3c3734f0bb1ba649db0408612479322e1aa85be9f4 |
\534f1e7eebf514bc488bbab9\install.res.1033.dll
| MD5 | 8e97ea8a1ed69806232e8743f9a28706 |
| SHA1 | e911d3802e64f9be0e1ac68865bbcc92624d6a1f |
| SHA256 | 2893b1b9751f833d4a3ded7c1fba1a96cada2927a2349c5d751365eed647c100 |
| SHA512 | aa57fe0b822145aa1d8eb72f9735ef5d92036f24c4c80392799d701447d18ea510331f5653b39c43dc923cd0f1a61bf87be0f8a4927f6e3754d19ac76fd443c3 |
memory/2340-58-0x0000000000400000-0x000000000052E000-memory.dmp
\??\c:\534f1e7eebf514bc488bbab9\vc_red.msi
| MD5 | 6e17361f8e53b47656bcf0ed90ade095 |
| SHA1 | bce290a700e31579356f7122fb38ce3be452628a |
| SHA256 | 8811e5fe167223d906701bc8deb789de0a731e888e285834bcae164b03d43c96 |
| SHA512 | a566fc8bbb4d354db32f13de2fde73a1210c61b1c30a1be22b16c7e98b8d51c673259c57a924b04035cb9f0bf4a087a3e8b32221e7ff87032cddc840ffe3ed2f |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI07FD.txt
| MD5 | 28877b65cf8ff377efe9c5cbf929b66b |
| SHA1 | 662d0c25693fa9160762f8f37ac33e99ea170acb |
| SHA256 | b8e839d1facf4b1f08ae63ab63efb1fb4ef777783e6d36d946f69c0eb6116151 |
| SHA512 | 0412c454aa9f15dc4faecb50345f922fcefe0a18b4f243586177d40efe62c708d88fdd37c9b891ca8d3870c052d8f4307afa1a96edcbce7dabc6930145da1612 |
\??\c:\534f1e7eebf514bc488bbab9\vc_red.cab
| MD5 | ecca3c1acb74cb73c600eabdd3f9c9d9 |
| SHA1 | f015759f623c377494a5996670204f1fcd0895e3 |
| SHA256 | 43b7648183347374236296f2176c7c7da920da9c1a08adda761e12614efb299e |
| SHA512 | 2785b8e8cfc310ec114cee696c5b85900fc71186dcbf0c99a9c13f4f0fdcc9e9dd583c9d1fd82492a680efcd7071c3593b02b628bd947bc19b1302b931aca807 |
C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc12redist_x86.exe
| MD5 | 7f52a19ecaf7db3c163dd164be3e592e |
| SHA1 | 96b377a27ac5445328cbaae210fc4f0aaa750d3f |
| SHA256 | b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386 |
| SHA512 | 60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b |
\Users\Admin\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\wixstdba.dll
| MD5 | d7bf29763354eda154aad637017b5483 |
| SHA1 | dfa7d296bfeecde738ef4708aaabfebec6bc1e48 |
| SHA256 | 7f5f8fcfd84132579f07e395e65b44e1b031fe01a299bce0e3dd590131c5cb93 |
| SHA512 | 1c76175732fe68b9b12cb46077daa21e086041adbd65401717a9a1b5f3c516e03c35a90897c22c7281647d6af4a1a5ffb3fbd5706ea376d8f6e574d27396019c |
C:\Users\Admin\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
memory/2340-236-0x0000000000400000-0x000000000052E000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc13redist_x86.exe
| MD5 | 99e3d99d8ed70ac88f59e31757ed3d62 |
| SHA1 | 18f81495bc5e6b293c69c28b0ac088a96debbab2 |
| SHA256 | bbc26aca42cd311a0e1ea1356852f061d863af047f1891ac9952ab7e7cb8e04f |
| SHA512 | 34ff42d09d1738df912823fcb8c16ab28927415f736f0a49779f9eddf0e2fe36682fa3d021414b4751532b0d385aa513290f6c44c48936500c9a58b332fc147c |
\Users\Admin\AppData\Local\Temp\{ce085a78-074e-4823-8dc1-8a721b94b76d}\.ba1\wixstdba.dll
| MD5 | fb45cc1b78259a878ccc2247d4ceb68c |
| SHA1 | 0be045e040f9cffdc2baf021c320abcb471439be |
| SHA256 | 87644901a31aa7ee1f61e5906d225491846563eb4a53a302fa337c4ec25e3714 |
| SHA512 | c9fdb0019b3b0a7c5c97aa5ea880d7b1522496dc09b097f777233352589a43f2564c0a2fe4fbcfc95c9b70720e0ac1b97b369def65352302ab5a4863ab9fa43b |
C:\Windows\WindowsUpdate.log
| MD5 | c5d1b3ec4b29cd4d7f169b687539ce79 |
| SHA1 | 9cfaba3e370ab3740678c01ed7a14cd9548754c3 |
| SHA256 | 3a760fc5b222678cd5bba763710deb09beee2cbf865c2c275a7cf51c41613516 |
| SHA512 | f35e641cdd3a6c73c2b3d490c721050aead69f27f6b11545f05edddbbd74b702d019ba56f1929687b06bbd8fb7b0c3d70247de2e8b66a6ff3c66b4ea482b6dfe |
memory/2340-280-0x0000000000400000-0x000000000052E000-memory.dmp
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
| MD5 | ed8339dcfa1167a5042770c73a5641dc |
| SHA1 | f6cf19c148f67c514eddc9946defe7c8eb5a36b5 |
| SHA256 | e9c480dd9637882b633d1e0b01431d27183b4f94be88d84c7b92c36ff9a342b1 |
| SHA512 | a96faff093ad21c6c4ee5a429073d8517dbe179e06178f0c589f1570b99029351eb38e86f8c24323d012fde4e4d43afc5bcf8526ab9d7085d06483e870ffa43c |
C:\Users\Admin\AppData\Local\Temp\{ce085a78-074e-4823-8dc1-8a721b94b76d}\.be\vcredist_x86.exe
| MD5 | e6d5fb03f157f33376e9d8a1055ed70a |
| SHA1 | 541add9491f98277163c822390d7c8da07754ae0 |
| SHA256 | 52a0948253c8120a6e1f96f717978270bbd2d07c0ce46c5f2b8b8ffa7a967494 |
| SHA512 | 51298ec2dde1d8ec6956cee8dce75572fc85217f49e071867a8a2987071e595db03bf1e1b8a4e7b5439d9383fc0daa89dedeb1573aba8ce32aa4c24bf28d1a75 |
\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\vc19redist_x86.exe
| MD5 | 35b40b21383ac38487ceec8ab6e53565 |
| SHA1 | 59894bd9c96361b475c3b4b7ca9719c72e813d04 |
| SHA256 | caa38fd474164a38ab47ac1755c8ccca5ccfacfa9a874f62609e6439924e87ec |
| SHA512 | 3a00b40ba8cd1cf8a523efab656f5b8910a3b07f9d8fba4ffc07745165b6375affd77b00fd3064fa72fb984c1773438a39e67a55363be23dd8fe1727c1016b8e |
C:\Windows\Temp\{65BEE86A-CB91-473B-95E3-A6C2F7C2278E}\.cr\vc19redist_x86.exe
| MD5 | 86123c033231dd7e427d619ddeefd26a |
| SHA1 | 608c085348fd9c4e124e6f28f0388ccdac6ab2b5 |
| SHA256 | d863fb2f65bb6eea492e79ab9d09a53cc226e85f57d6545cb82f60b122a4b737 |
| SHA512 | ffb574123b350d3c9434abc88baa050ae6e54b5b9ebf3f1dcf4bf079284135696004508653e74a3a3c2fa8e4c1b681c3f31d5fe69e0f0c5f45ed37f9ddc61e78 |
C:\Windows\Temp\{02AEB245-F259-4DB4-A1C6-EB19A8614363}\.ba\thm.wxl
| MD5 | fbfcbc4dacc566a3c426f43ce10907b6 |
| SHA1 | 63c45f9a771161740e100faf710f30eed017d723 |
| SHA256 | 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce |
| SHA512 | 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e |
\Windows\Temp\{02AEB245-F259-4DB4-A1C6-EB19A8614363}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Users\Admin\AppData\Local\Temp\is-U75HD.tmp\MSChart.exe
| MD5 | e7605df8e1a6ef547c2f77a304de8848 |
| SHA1 | 776c876430e692c702a8eabed9c89d1ad94d5927 |
| SHA256 | 95ca5aaa5e9b19dc55127bf89a32abec4f72c4ae03495e461d251a6ecfbeed92 |
| SHA512 | 58c3ea86fb722bcbe074f634901650ec19262d47a42f9011fbae4e57fd80bdca797cd20d849f382da2671eb9eec52883a15a6ee017483d803c7aab46f029ac18 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstaller.exe
| MD5 | 075bfb4c71d2fb11b644eaabd8b64a01 |
| SHA1 | 479b6189ca547e6e2926fca014561619766bf8d7 |
| SHA256 | 2a99618b7d7416d86ea55dad961e785688979acb578ba85851c0b9a6dfe41a58 |
| SHA512 | 9230dd2d4956edf6dffa179a0e22bef3ef8432f6d09291c8e3f9db82db5f49bf39fe4faf1ef58f41947085b4e8fe129c0a8919d584bc97d784cd8b320ad91665 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\sqmapi.dll
| MD5 | 89e2c7e8af95c3cd3209ed67837d882f |
| SHA1 | def626501cf2d8bacfed0ef3c2f6137a6af0d138 |
| SHA256 | f19eaba1f8e6c28215d93481ddfa37767390500c70ea5cc06d747eb1132b41dd |
| SHA512 | 0b6155c1413ad48c4a1665a7aa87ec004e860c2da2d6cad96ec4b9436e9ff649e5cd807895730f2f49aecd5ba7a1f6bf83d0e47e58b504983033a2bd2ddc9a01 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstallerEngine.dll
| MD5 | 7c071bc63b58519d2712a13337055fc7 |
| SHA1 | e27822a2e785ba0b64d1b6f14035f2fe2ccf6eb5 |
| SHA256 | d89494e63910cfc528139a0304555577638da38b5258bdfd22aa86300e00fc8a |
| SHA512 | fa86c69bd79bea703ac218ac5e4d3a18b2c9de66f29458e59f502708c4f28eb57743672c3bf20ec97eeed7bce99568a9290bbe46107d9ea968f46452fb41a66a |
\??\f:\f79571ba686a42b73d4f582fc35ad289\DHTMLHeader.html
| MD5 | ed37a53d539007fec2ff78bbfc449ec8 |
| SHA1 | a59b06a2544e612b8c712ebb0e29705922704156 |
| SHA256 | b5f71fb8b34fb75a1a89251b5de3b22c25232ab84c6a392c85f738d75de86678 |
| SHA512 | 921a5e8d68b39019657153b371cbce0fda8b842dca89889a4f11a8187344b2ada74dbf863f8d0f9a9dc7837af11c7e0f94cc5a8fba0d5e8c449758482af8adf9 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\ParameterInfo.xml
| MD5 | 8d82e881132076df04aa63ee0469017d |
| SHA1 | 941214a5e8082f5dae9fc61dcfe2737045fdc7b0 |
| SHA256 | e1ad3bdb0caeca027126cb8925f19efb504444a12a000a99e97a4bd75290f89b |
| SHA512 | 049345de531f5f5b47aa5ae2aa3f4a90e1ba0f91c24a8e94fdcf5f0e4b5e07ec76c7ce1f6fb47ee36616900df455458576225c0a7bd23025315853c5b9ace19d |
C:\Users\Admin\AppData\Local\Temp\HFI23B7.tmp.html
| MD5 | 0be8c0435cb8184edb6331e448d455e1 |
| SHA1 | c4000cd80117614810a2bdd4f89c3f0e3b2c8f18 |
| SHA256 | b2c971a0b16896e36f915e37ff5bb14d6e9e0b786ac3c992498904e5d68c9eae |
| SHA512 | 67ffaef867cd32ec1852a99cd0863d23cff3ecfb0b275738e6d95e41f0cc3340907a3e4ce775d9828846e64ae28d9c8f663279ac9894146597a402a421799185 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1029\SPInstallerResources.dll
| MD5 | 32559ef0dcfd6e98a4654a6156b24806 |
| SHA1 | f9eaac20f7dbc25f365e251313e06250999cc04f |
| SHA256 | 61dd0492f273cf211ea3d045ef6e5fe2c460462026ba9f39e18db4f4bbaa52aa |
| SHA512 | b56e9ddd20c186272771bf38dfc06c71be9457395cd03dba37225bbb46ef1e494bf818903b33f280034c349ed7da817391ffd1676710fac641eec2e6dbed527d |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1043\SPInstallerResources.dll
| MD5 | a3dacc8620132fa42db21edaf10e39f0 |
| SHA1 | 97b35a7081c2e0ae922ddb10c824376537ce88d3 |
| SHA256 | b67120dc578df6c16fd737d30a4e8a02158199459add46b9d69d606989276695 |
| SHA512 | d57b6c56a6068f931a0a51e61dbec7a84f227e040626ec8cd7e87c34e64dd8e178962bcfed20d4ad1bbdd23917d3c474495ea49e885efe1a6b464d588127c509 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1042\SPInstallerResources.dll
| MD5 | 3d0c839bf757d90fb9fdd8f23a91f5e9 |
| SHA1 | 6e87a85cd5314695e1874b2f91d4c4f58767d30b |
| SHA256 | 0f7eb179bad25e47322043f9769233660d15c4007e36d0baf9e3905a6044491b |
| SHA512 | d2e40386e176ac8d79253b831b07e8cf37ec3283ccaad614909a38fc45b247cb5cc8ef94d9ae810c2dd944eda9ea96b7e48f661c1e35fba14d4400bbcfecd8a0 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1041\SPInstallerResources.dll
| MD5 | 15f465dcab7b2005038dade9e51a2bfc |
| SHA1 | e02ed7861b8fb78325d785ec0ac630cda0f81c2b |
| SHA256 | f66abb970a9aa170796e306cce45caade1cbfc156953ea6490fa34e263a0a319 |
| SHA512 | 18f4ceec94704839646bd1f45a18221539efa6e13ff4cd2fb819d8f760703e21f3d02e3f8d706f86704332bc310a87a415008692c0c95e4fd7971185e8993e21 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1040\SPInstallerResources.dll
| MD5 | 472ac29c84c74a424d5161a4b0745dae |
| SHA1 | 77652533721c8f4301d1a5364746f86b251b0a59 |
| SHA256 | 5cc73eca5799c78314f0fecb28e85c38e382a1e1c994e6eb64f19856e5e3c6ce |
| SHA512 | 59294338ba226d0d79c19eb082d3fa20488b91ed798cbd40f00b3c63e4a54929817a2cda36e2810213718d6c807a0c16c108e180dd65af45420530493efecef6 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1038\SPInstallerResources.dll
| MD5 | 5d00ca12e7ec50e8188abb8807baab87 |
| SHA1 | 82ec3c52fb6ede26e4ac070fe434ebfbd999d2ce |
| SHA256 | 897ec707e9295b352bb631b624f3d11beffd815b6f2d6ab0605eef70039dd11e |
| SHA512 | 6255935592ec686d34cb8695f81e1f6040b20fab3435ea6d21f156d91632ca36ecc865450ecce899bea46867d4104088a82645805ead0400b890c03368090d15 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1037\SPInstallerResources.dll
| MD5 | 57b8b21ce63c136af37052552540af4a |
| SHA1 | 063958e5e79bfc5642bd0f629b4e11dd88625ea0 |
| SHA256 | 27595b089380a1a9ec9c12be7efb3dffab5ece938602741af3d64128cdf2fb0b |
| SHA512 | f49a1364e6b2c3efdcd37830902a72d4f772656815cc28ac1ae34ff1a20911cfda9c85115c217021dd1dacab9d90333e83cabdbbcb3089d45b27ec126e59b3d4 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1036\SPInstallerResources.dll
| MD5 | 8c4d826ca9f7361cd0692c132a666f4f |
| SHA1 | eb68ead34940e3ffda2bf4bc6e1bcc4115482720 |
| SHA256 | fbfd9ba5d045af4963f3ffe3c81a36b49c569f4283b131cb7273ad86c40b759f |
| SHA512 | e27e908ef4de78ac22e49c4cc3fce3a708d3ee6c667e26fdc9f0247b2b0c860d90c0a655eff92a44fa35e6a4026d1b10eab9422c107290af46f0445ce6f54f7d |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1035\SPInstallerResources.dll
| MD5 | 8fd2563faf57f2b92dfaab55d0a77c6e |
| SHA1 | 5f6737ca593e5f74684680cdd3bba2fd30aac821 |
| SHA256 | 55959f45f03065a69364fa92d048a292fa9bcad4172bca5ce145193f75b80b24 |
| SHA512 | 722f68631f1ce3cbe668e9b61607eedf00dde3a31995821a7e71b5ff43863f09861acc88986e638dc4e030f2a26f955cde9fa368421e71d15c4d4f42bfb0e5c5 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1033\SPInstallerResources.dll
| MD5 | 34d54153af0e303291796916359d9cec |
| SHA1 | 3eb3aa7ca91031a8ed530260edd94cac40d2ed1e |
| SHA256 | 286d22dfe8b8e0a66988a0d22d7ebe72ffd8051f4c63817951300d5f97d40131 |
| SHA512 | 019202b9fe7e3dc377402eed8ef0e171a861bcf7de1967f50d08f272686e1c13391ea3d64628efba1945402971c150639b94a3b30a6e18b58c71323f6165ad8a |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1032\SPInstallerResources.dll
| MD5 | f704da575f66e0dc048a5d7339e31ebe |
| SHA1 | 0e916ca4e1d5a7a1ebaf13f05b1b0723033b084d |
| SHA256 | 65f3ade9567fbc1aa53d9a519d34e71a5e686cd002f7d4eeec4c7e7bbcdd6609 |
| SHA512 | 3be0508e9b0f8a0b543658b2724465492e33d2f82475c7994ec103501d3eab68f86e72542796869929623f6e0045b3688bfbe05c922a3dced17607a7a9a4e8ce |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1031\SPInstallerResources.dll
| MD5 | a56847d3faf3b173533b182f211f0cc8 |
| SHA1 | 16d13c1c8ba934962764a0af19aa06e1a144c99d |
| SHA256 | 6205dfe7c2745a002f1be3fb41396f29806b3ed5e8070852eb50cff3a49c1153 |
| SHA512 | 2edd51edf5022509fa6205cdd07853ee562b89e305587b4027cd090d2c6b3c30614bd7df01edd74220de99cc5e64efc8be837f36e29f67414c16887dffc04710 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1030\SPInstallerResources.dll
| MD5 | 9c2e2c99305ccba94c1365b9257023e3 |
| SHA1 | a2463a0c29b3ae7322918a8f1af801872be8dec1 |
| SHA256 | dbc71f4a8b49df9163d1c754195530997acf154dbce53945c553cd55d0f31266 |
| SHA512 | 87e824a0623a782588ca29e04de11cadaa706363bc4e6e7f9f03b89ce467a4eee2f0f7052ea3327eb54998401089e12c5d937bdbce28a468cfff4a07674c2a4d |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1028\SPInstallerResources.dll
| MD5 | d9f240d725b70875a393d743598dfb2a |
| SHA1 | 427fba25a3365703b089444b3eaabf99c01d7ccb |
| SHA256 | 7eea9bd7127229feba8e5b8361a33baeb4722ff42726b99a073017df6bfd41be |
| SHA512 | c4f636c6c23ea47200783c98440614334b28b9b98b392fe7498185f66f4cafe5721e9bcc05ac310e3d101595b32862b252ec930a758b1c99384a18aeaf684056 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\1025\SPInstallerResources.dll
| MD5 | 4cea15e2da2d63993363ff4f4d6e7c48 |
| SHA1 | 5d753d5b72abfe1ca202ad8ed4db60da9d5ae0bf |
| SHA256 | 3a95d2f43ce9727cfc61b68f27f2217e9098e793f01ea1439de62005bbdb55d6 |
| SHA512 | 71700bc823dcbc8333550dab555acfa42bb4a7d6eb15564fb639bfa829b56f8549be125c5679c9f65db9b958c8f924504cae1c8c5ac1377307fd76aa504bd5c7 |
\??\f:\f79571ba686a42b73d4f582fc35ad289\UiInfo.xml
| MD5 | bcd1b1b5fd79f3be496c430480a72096 |
| SHA1 | db0a33a1c11c65e9b7a7960ae9737b87f2ef6406 |
| SHA256 | 918d468ecc579e74209643b4a1e16afa5b918b1c3b2fb509ac4c5d01a24aed0e |
| SHA512 | a15d831023d4204070137a9381280880236c916369b41b0a6c444c334b10680df45756554dcc97a65a6a88dd5ca67672803baa9ea14513fa357c2a98c371385f |
\??\f:\f79571ba686a42b73d4f582fc35ad289\SPInstallerUi.dll
| MD5 | c99e0fa0933efc3658dd02525b43fdd7 |
| SHA1 | 3cdd7b8d22f2d8519f5544b7f12ac30a2268a5b9 |
| SHA256 | 7eaf337bcb544eaa50b46c114cfde2d21954299e5b84fade03dc37c15d1b00ab |
| SHA512 | 9b4187863e7057e1f250ed1e0a616e2a4746b11ef4f0ae4b017d2c2cf7dab23de030e12f54ca74edb18427bd009d03e465b6687603344ccab9bd2f3f8aa3772f |
\??\f:\f79571ba686a42b73d4f582fc35ad289\LocalizedData.xml
| MD5 | 60194fff32d63effec5a298a3de26da1 |
| SHA1 | f149a86d77e56127b9a3721e85e69066638ed92b |
| SHA256 | 66a4a89410cba0b00035e0356120187c1aaf0e2a13787811a782a26d1a832c1d |
| SHA512 | d2bd136593267f0ef9c8a31ea243f5020d56cbbfc2d4f66de8340aeab4eefd42e2c3f85888736d20623fe365ceb735d6554547fbb7c19d1ee76cf25796327c05 |
memory/2436-493-0x0000000003E90000-0x000000000403A000-memory.dmp
memory/2436-497-0x00000000013C0000-0x00000000013D8000-memory.dmp
memory/2436-501-0x0000000004040000-0x00000000041F0000-memory.dmp
memory/2436-505-0x00000000013E0000-0x00000000013F6000-memory.dmp
C:\Windows\assembly\tmp\AT5R2FFG\System.Windows.Forms.DataVisualization.dll
| MD5 | 4eb366f068876656057fccb2b5360fdb |
| SHA1 | 5ca25be2e5fd5205971c931c30ee52bd1855ed05 |
| SHA256 | 9d193f4ac582a024e9c8a386717944e82d281e30b30bd1b3b4d015dcb52a5d56 |
| SHA512 | 177a0c7f8ac5526ca8622447816412a91c2ff1c6933b6f67bfe3bae4aa9cafd81b787bbc8df106ae96167f1e6f1cdf63ab7b3ed81f9a1370f23af05259abe7dc |
C:\Windows\assembly\tmp\181GTL1V\System.Web.DataVisualization.dll
| MD5 | 6502f885536ef34d3011acec9021b4a2 |
| SHA1 | 4ae4723cd4c36c82bf85737580ac29832756a871 |
| SHA256 | ee4b416f47e919459134253dc7429993a3f33bb31fad9e6fb95a16bf4fd3995d |
| SHA512 | e6d68d84c51b11c874eda91a49d67a0ebb4f2221e4531c1aa971178978deb08a16914c7a97e4b8a85af8642aa7ef50b1b4a87ada51d09cdb3e959c5d08106602 |
C:\Windows\assembly\tmp\XLZ8JTEF\System.Windows.Forms.DataVisualization.Design.dll
| MD5 | f9ce119437c7c56eda862b412f5b7dfd |
| SHA1 | 092dfc99d44b3d1ff9ef2af7e2a80b7941ff0131 |
| SHA256 | 49248d90a581d2e9933b1013b7f2aef8346f6da297851c9215ac45f8fe9fd857 |
| SHA512 | c8ba2f65c040946c26657d4e939ff2b069b806c6adde938a1b5971432df6b3796abb23c1bf9722b1e1483480fa488a42642b71c1e71d909a57d134088eabf620 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
| MD5 | cbbfa01222199a57014fe77917e33314 |
| SHA1 | 43254c09e65a5dabee9eb323aba9ae6734aed030 |
| SHA256 | d0c58f118aa7b9c8a823bad4c8c5611c99ee7a14084c05853e7c10052881df52 |
| SHA512 | 452781109a543898d8fc7b9f9d10f6c63dd611e63b0eb3e1aaa94cee024cb5967c3e10f21cf8f734172bc178a1d84211dc729571bb4ce348a00cb5d216ee96b3 |
C:\Windows\assembly\tmp\S281FQQM\System.Web.DataVisualization.Design.dll
| MD5 | 68921811aae9fc8c544274a580369483 |
| SHA1 | 8f113e1f286c43d8037d58d7047ffc9196e12e05 |
| SHA256 | 41552906188914f8b781315751ed105acc8ccbdcd160baecb7f88ce4caf23923 |
| SHA512 | fb6fe53638b02b6a326ace5dd506302a8b5c32f728a99e4725a701b069605f2f1b3e8ef6d0bf870dcc248fa72c109f0d9a509ae7cfbf4ba17f9bac50e6c970cd |
C:\Config.Msi\f76ae34.rbs
| MD5 | 716384cdc5a0697c35aa229a93db13a4 |
| SHA1 | 2d788d2a764a419aa573366cf8f7fe2c595e0abe |
| SHA256 | 2bf0f04509c40f0277adb7d4d647ed3903595e243e037feab35c76ef850b0c92 |
| SHA512 | b5dd9e03d4ca2d9ace856225e52444eb2dac6ab125678cc185d9f3f8c05f97340a218a40ca39af0c9656f7c7c30c2282819a3dc7026ca4a68f013bfb2a3daf3c |
C:\Windows\Installer\f76ae30.msi
| MD5 | a497584d5356ece498183eaf9fb353a3 |
| SHA1 | a0d1400b0ee1492b96d5d15972050500a0a7f7a2 |
| SHA256 | 13c8e09908cc076d93ec3f7ade0b9127fc9d38763ea90f8a5d83c57d835c2582 |
| SHA512 | e694c97baa54a642df34385e720f1658392dd7bf87a4d8b0d5332ff41c6b1577d452041e90edaf0b8b459a4da6f867102f5c0cb9273091a806a504f7e07b0152 |
memory/604-618-0x0000000074A90000-0x0000000074B23000-memory.dmp
memory/604-619-0x0000000074770000-0x0000000074794000-memory.dmp
C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe
| MD5 | 827af659355b680117fdbdc542edc328 |
| SHA1 | 2197dd695f2e561387665caa512b3113312d8c7a |
| SHA256 | b617e1f86ef1df71f60811340ed1160cacf69399e7736d641ee9095c1477ac0c |
| SHA512 | dddf5940607cad8f68e0f581ae14b0c734089587d082afa3c92aa6109b46b7c11e9c362047ffa70799bc20ab39ff0fbcd85c0168d18af64922ccf832f95ec11b |
memory/2340-919-0x0000000000400000-0x000000000052E000-memory.dmp
memory/2408-937-0x00000000001A0000-0x00000000001D5000-memory.dmp
memory/2016-940-0x0000000002210000-0x000000000317F000-memory.dmp
memory/2016-941-0x0000000003180000-0x000000000324C000-memory.dmp
memory/2560-947-0x0000000001210000-0x00000000016B0000-memory.dmp
memory/2560-948-0x0000000000440000-0x000000000048C000-memory.dmp
memory/2560-950-0x0000000005BD0000-0x0000000006000000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab35FE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar36CC.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b86c5fd65ac31408644c18c2760ce4b3 |
| SHA1 | d1fe8a52fc33a2d9baa111d0190c7edf413dae0f |
| SHA256 | 4ff7cd1a1a0505f9bfa4a214c69455fede707afd44717830172ffcfda61349fa |
| SHA512 | 80c1c741132a76b7c0a938f44cc9a4284534638763e58588b8aeeff01174f993d9fc4ad55eb4e97d3228e955d87c848b6ce95c09c395185a4ef84b2c1ed8d377 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar37F1.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
memory/2560-1176-0x0000000005980000-0x00000000059A0000-memory.dmp
memory/2340-1178-0x0000000000400000-0x000000000052E000-memory.dmp
C:\Program Files (x86)\Synbiosis\ProtoCOL3\InstallWizard.exe
| MD5 | 99ddb833d182bd2f2f8087b8dbe766d9 |
| SHA1 | a9bb4b088e9ab5222f87e1c291d5ad850314cfd9 |
| SHA256 | 5c867934c1e41fe546127795f13e0a993111bd847d33702960e23703d5f3c3b8 |
| SHA512 | 4322606f53fa3dced7ee88ec880dde2d6daf970e6c5582ea94e1928c088d6bf3723568ebf6c7255cb042543b3450d4f78129624fa44a4a3dd71dd28a3feda4e8 |
memory/780-1207-0x0000000000490000-0x00000000004B4000-memory.dmp
memory/780-1206-0x00000000001D0000-0x00000000001DA000-memory.dmp
memory/780-1205-0x0000000000020000-0x000000000003D000-memory.dmp
memory/780-1208-0x00000000004E0000-0x0000000000533000-memory.dmp
memory/2340-1210-0x0000000000400000-0x000000000052E000-memory.dmp
C:\Program Files (x86)\Synbiosis\ProtoCOL3\nethasp.ini
| MD5 | 7bf9b43947d9415d2e0a723ab7322401 |
| SHA1 | 8d4e3ef40c94e16264a7271a3ea66fd44c90a367 |
| SHA256 | c16460e830c1fd4c6864502a101c3ccd028d5d05d07ace3aff6e671844f79a81 |
| SHA512 | 1a3802e6dae146feabe5b833e7adbec58157db20b98733ce8137ddbfb34ebe75be5efd761776eecb3775c61b77943113ce6d20d5a0d19a9776ae6daccf91d240 |
memory/2340-1222-0x0000000000400000-0x000000000052E000-memory.dmp
memory/2612-1223-0x0000000000400000-0x0000000000429000-memory.dmp
memory/1056-1224-0x00000000013D0000-0x000000000185E000-memory.dmp
memory/1056-1225-0x0000000004C60000-0x0000000004EA2000-memory.dmp
memory/1056-1226-0x00000000009A0000-0x00000000009EC000-memory.dmp
memory/1056-1227-0x0000000005BF0000-0x0000000006020000-memory.dmp
memory/1056-1229-0x0000000000D00000-0x0000000000D0E000-memory.dmp
memory/1056-1228-0x0000000000CA0000-0x0000000000CEA000-memory.dmp
memory/1056-1400-0x0000000005310000-0x0000000005363000-memory.dmp
memory/1056-1401-0x00000000054C0000-0x00000000054E0000-memory.dmp
memory/1056-1402-0x0000000006160000-0x0000000006180000-memory.dmp
memory/1056-1403-0x00000000063B0000-0x00000000063C8000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 10:36
Reported
2024-05-09 11:32
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
205s
Command Line
Signatures
PrivateLoader
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} = "\"C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\" /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\dd_vcredist_x86_20240509112939.log\" /passive ignored /burn.runonce" | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc12redist_x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ce085a78-074e-4823-8dc1-8a721b94b76d} = "\"C:\\ProgramData\\Package Cache\\{ce085a78-074e-4823-8dc1-8a721b94b76d}\\vcredist_x86.exe\" /passive /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\dd_vcredist_x86_20240509112941.log\" /burn.runonce" | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc13redist_x86.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\DMX.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\PtGreyVideoEncoder_v90.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\haspds_windows.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-HK92A.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-PBQ5A.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-IU2O5.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\avcodec-57.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\lumenera.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\ioPointGrey.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-B606M.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\io.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\swresample-2.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-CF33M.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftd2xx.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\nhlminst.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-29V1E.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-V593K.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-I5JKK.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-BPV1C.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\ExposeControl.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\ioArt.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-8EBN3.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-398G6.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-74QB7.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\avutil-55.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\hinstd.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\libiomp5md.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-18VCM.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\FocusIndicator.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-SQB9T.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-DUGLT.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-1BI2Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\FlyCapture2_v140.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\ArtemisSyn.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\lucamapi.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-6E94R.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-I6D79.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-FF2HL.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-DRTSO.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-6IVED.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-OD0V0.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\Atik.Core.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\avformat-57.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-0EV9R.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-HBD75.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\FlyCapture2_v90.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\swscale-4.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\synsss32.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\haspms32.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-444MP.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-7OD3M.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-O28KQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-KBE1A.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-3MHNT.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-COKLH.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\fr-FR\ProtoCOL3.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\zh-CHS\ProtoCOL3.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\zh-CHS\Synoptics.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-RMQVT.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-38U62.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-VA0LQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\x86\is-IQ4H1.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ko-KR\Synoptics.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\en-US\Synoptics.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3Spy.exe | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-QV5HT.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-25KHI.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ExcelLibrary.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-VCQIC.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-HDH9E.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-RCJ24.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\Synoptics.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\x86\liblept168.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-MGR64.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\PdfSharp.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\PdfSharp.Charting.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\cli_basetypes.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-3QRNG.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Chart Controls\Assemblies\System.Windows.Forms.DataVisualization.Design.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ReportLibrary.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\EPPlus.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-9ETMD.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Chart Controls\Assemblies\System.Windows.Forms.DataVisualization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\GeneralMatrix.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-SS5SK.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-VSHCR.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\Synoptics.DMXLib.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtocolCameraTool.exe | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-QSNCI.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ja-JP\is-D98BF.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-H0NGG.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-27MAH.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ru-RU\is-IKQSE.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-C8EF1.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-3PRAO.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-UDOBV.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ja-JP\Synoptics.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-Q6ME1.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-C78A7.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\DatabaseUpdater.exe | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-VROUC.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-NSS5S.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-02INH.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-LUUV0.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-V9MLN.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-0HPLE.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\MigraDoc.RtfRendering.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-5RB8F.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-RUN07.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-VVU0L.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\Synoptics.Controls01.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\fr-FR\Synoptics.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-4JA5L.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-J77VQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Synbiosis\ProtoCOL3\is-HLD5F.tmp | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112927072.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\e57d0d2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{9A25302D-30C0-39D9-BD6F-21E6EC160475} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927088.0\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927103.0\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927134.0\9.0.30729.1.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927072.0\9.0.21022.8.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927088.0\msvcp90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112927119.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.1\9.0.30729.1.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112927150.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112927134.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{41785C66-90F2-40CE-8CB5-1C94BFC97280} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927103.0\mfc90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927103.0\mfcm90u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\8A23OZLL\System.Web.DataVisualization.Design.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927056.0\atl90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | \??\c:\Windows\Installer\e57d0d1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927150.1\9.0.30729.1.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927103.0\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927103.0\mfcm90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1AA8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\94798G57\System.Windows.Forms.DataVisualization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\XGMS1MWW\System.Windows.Forms.DataVisualization.Design.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112927056.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | \??\c:\Windows\Installer\e57d0d2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\WBW3UUCV\System.Web.DataVisualization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927056.1\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927088.0\msvcm90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112927056.1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927056.1\vcomp90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | \??\c:\Windows\Installer\e57d0cd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927056.1\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927056.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90esp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\mfc90chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927134.0\9.0.30729.1.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | \??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112927088.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\e57d0cd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927088.0\msvcr90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927056.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927150.0\9.0.30729.1.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112927103.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927103.0\mfc90u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240509112927150.1 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID39C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927072.0\9.0.21022.8.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240509112927119.0\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03.cat | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc9redist_x86.exe | N/A |
| N/A | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc12redist_x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc12redist_x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc13redist_x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc13redist_x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc19redist_x86.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{897C4252-F799-4486-92FA-14C2366DFE88}\.cr\vc19redist_x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\MSChart.exe | N/A |
| N/A | N/A | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Synbiosis\ProtoCOL3\DatabaseUpdater.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4CEC008D-D9A5-11CF-AB39-0020AF71E433}\VersionIndependentProgID\ = "IO.IOPoint" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOColorStatistics.1\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BFB758-5FDB-11CF-882D-444553540000}\TypeLib\ = "{C0BFB74B-5FDB-11CF-882D-444553540000}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{39D6207C-6D26-11D4-B35E-0080C8D9F878}\TypeLib\ = "{95CBADD0-EE34-11D4-B386-0080C8D9F878}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD2B08A5-50CC-491B-A1D7-E4433F3C65E9} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59B23FE2-A814-11CF-9EC7-444553540000} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2CAE70E8-CE5B-4C9A-ACDC-898858F490DF}\ = "IIO3DDisplayDraw" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF0F4952-D2E9-4175-87FE-6FE90180AD52}\AppID = "{73FB929C-6F2C-4EA4-90EF-34FC172D7DD8}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C755DFC9-ED9D-48C0-AF7B-CD8258563DB4}\1.0\FLAGS | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{64E3F5AD-92CD-4C33-9239-A1D4A766AA94}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4EA90F61-EBA4-11CF-9EC8-444553540000}\ = "IOColorStatistics Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8102DCBF-1143-4358-830B-CC961E2E3D13}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27FCFFD3-942C-4FF4-86B8-9DD716AF22EF}\TypeLib\Version = "1.4" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Lumenera.LumeneraCamera\ = "LumeneraCamera Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOPoints.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7EAFE56C-D6A6-4BC0-BDB3-606AEE5B20B6}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{E88B860B-0E6B-4DAA-A443-84EF57C55C3A} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{73781EB2-4FF5-4F9A-A43B-78D923B80B10}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C0BFB759-5FDB-11CF-882D-444553540000}\ProgID\ = "IO.IOImage.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7275760-F05C-11CF-9EC8-444553540000}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63EA5BB8-3F41-4ECD-9338-EE8A64A1E592}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{683D6E19-BEEF-4A73-9A51-4B93ECAB6EB4}\TypeLib\Version = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08B93C42-BAB3-424F-AF8A-D59338E96531}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5535384A-2432-454E-9450-D147180CA3A4}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C3777908-3350-41DB-8292-5AAD41A4F26D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8AE898D3-206B-4299-BA13-0CF2B8E94546}\TypeLib\Version = "1.4" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FocusIndicator.FocusCalculator.1\CLSID\ = "{5535384A-2432-454E-9450-D147180CA3A4}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04EAC770-E24A-11D4-B37E-0080C8D9F878}\TypeLib\Version = "1.4" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{858B0163-ED5F-11D0-8808-0040950397EE}\Programmable | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5535384A-2432-454E-9450-D147180CA3A4}\TypeLib\ = "{878CF29D-B8CC-4124-84D4-DDF5EB3DC645}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{57F82446-0C90-11D5-9E9B-0080C8ECB1E3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4EA90F60-EBA4-11CF-9EC8-444553540000}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOColorStatistics\CLSID\ = "{4EA90F61-EBA4-11CF-9EC8-444553540000}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{325A17C6-60A1-11CF-882D-444553540000}\NumMethods\ = "25" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F8267752-4AB6-4D3B-A4D9-693A4EEEC82E}\ = "IIOLensControl" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOPoint.1\ = "IOPoint Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.CRT,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004300520054005f007800380036003e006b0027005600490037006f00520050007e00370055003d006f0029006d00730026002c003300420000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOPoint.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D186E4-39C8-4E99-BA46-30D92A414F70}\VersionIndependentProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D186E4-39C8-4E99-BA46-30D92A414F70}\InprocServer32\ = "C:\\Windows\\SysWow64\\ExposeControl.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64E3F5AD-92CD-4C33-9239-A1D4A766AA94} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0044421-FA07-4EA4-85C2-444B0639AFEE}\ = "IIOGrabCameraID" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FocusIndicator.FocusBar\CLSID\ = "{E3603690-D7DC-462C-A62B-6C645640A1AE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4CEC008D-D9A5-11CF-AB39-0020AF71E433}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CB56E7C-8FBA-44B7-AC5C-0E3643A2F8E0}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59B23FE0-A814-11CF-9EC7-444553540000}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7EAFE56C-D6A6-4BC0-BDB3-606AEE5B20B6} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F8267752-4AB6-4D3B-A4D9-693A4EEEC82E}\ = "IIOLensControl" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F956166C-B960-485A-B091-6D507A1CB1D2}\1.0\FLAGS\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOVector.1\CLSID\ = "{B7275761-F05C-11CF-9EC8-444553540000}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOAnnotations\CurVer | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C0BFB756-5FDB-11CF-882D-444553540000}\Programmable | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28079A20-D575-11D2-B948-0080C8276C2D} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{30EF06CF-2101-4A07-BED2-C9314346ADA6}\TypeLib\ = "{95CBADD0-EE34-11D4-B386-0080C8D9F878}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IO.IOAnnotation\ = "IOAnnotation Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Lumenera.LumeneraCamera.1\ = "LumeneraCamera Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B21954DF-C555-11D4-B373-0080C8D9F878}\Categories\Cameras\ = "Cameras" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F8267752-4AB6-4D3B-A4D9-693A4EEEC82E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1008EEB1-D863-4E4C-9ECA-1BD2C13C5276} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{59B23FE1-A814-11CF-9EC7-444553540000}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39D6207C-6D26-11D4-B35E-0080C8D9F878}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D186E4-39C8-4E99-BA46-30D92A414F70}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\ExposeControl.dll, 101" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5F47BFA-D64C-4CE6-B2CA-44FD8CDF1DB6}\Info\Type = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb028030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000040000000100000010000000c5dfb849ca051355ee2dba1ac33eb028030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| N/A | N/A | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| N/A | N/A | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| N/A | N/A | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| N/A | N/A | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| N/A | N/A | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| N/A | N/A | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| N/A | N/A | \??\c:\4a051f497f7543617520ac\SPInstaller.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeTcbPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeSecurityPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeBackupPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeRestorePrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeShutdownPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeDebugPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeAuditPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeUndockPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| N/A | N/A | \??\c:\baae18ae73fa398b245866\install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc12redist_x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc13redist_x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp" /SL5="$8011E,110133280,125952,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc9redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc9redist_x86.exe" /QB
\??\c:\baae18ae73fa398b245866\install.exe
c:\baae18ae73fa398b245866\.\install.exe /QB
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc12redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc12redist_x86.exe" /passive
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc12redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc12redist_x86.exe" /passive -burn.unelevated BurnPipe.{934C1F13-F3D8-4E56-A1BB-1DEB1130E9B9} {19C77368-7F0B-4F78-BF9E-879E4CDC1225} 848
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc13redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc13redist_x86.exe" /passive
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc13redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc13redist_x86.exe" /passive -burn.unelevated BurnPipe.{D76531FB-ECA7-4E02-828E-0ACAA6A771D7} {97B1AB6D-97ED-4CB9-A6BF-309BE1B2823E} 4136
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc19redist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc19redist_x86.exe" /passive
C:\Windows\Temp\{897C4252-F799-4486-92FA-14C2366DFE88}\.cr\vc19redist_x86.exe
"C:\Windows\Temp\{897C4252-F799-4486-92FA-14C2366DFE88}\.cr\vc19redist_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc19redist_x86.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /passive
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\MSChart.exe
"C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\MSChart.exe" /passive
\??\c:\4a051f497f7543617520ac\SPInstaller.exe
c:\4a051f497f7543617520ac\SPInstaller.exe /passive
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "net stop ArtemisHscServiceMonitor"
C:\Windows\SysWOW64\net.exe
net stop ArtemisHscServiceMonitor
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop ArtemisHscServiceMonitor
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "net stop ArtemisHscService"
C:\Windows\SysWOW64\net.exe
net stop ArtemisHscService
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop ArtemisHscService
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DMX.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\io.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\iograbberinterfaces.olb"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\FocusIndicator.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ExposeControl.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\lumenera.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\GenericDarkroom.olb"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ioArt.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ioPointGrey.dll"
C:\Windows\SysWOW64\NET.exe
"NET" LOCALGROUP "ProtoCOL Admins" /ADD /COMMENT:"The administration group for ProtoCOL"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 LOCALGROUP "ProtoCOL Admins" /ADD /COMMENT:"The administration group for ProtoCOL"
C:\Windows\SysWOW64\NET.exe
"NET" LOCALGROUP "ProtoCOL Advanced Users" /ADD /COMMENT:"The advanced user group for ProtoCOL"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 LOCALGROUP "ProtoCOL Advanced Users" /ADD /COMMENT:"The advanced user group for ProtoCOL"
C:\Windows\SysWOW64\NET.exe
"NET" LOCALGROUP "ProtoCOL Users" /ADD /COMMENT:"The user group for ProtoCOL"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 LOCALGROUP "ProtoCOL Users" /ADD /COMMENT:"The user group for ProtoCOL"
C:\Program Files (x86)\Synbiosis\ProtoCOL3\DatabaseUpdater.exe
"C:\Program Files (x86)\Synbiosis\ProtoCOL3\DatabaseUpdater.exe" /install
C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe
"C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| BE | 2.17.196.96:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 96.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 10.127.0.90:1433 | tcp | |
| N/A | 10.127.0.90:1433 | tcp | |
| N/A | 10.127.0.90:1433 | tcp | |
| N/A | 10.127.0.90:1433 | tcp | |
| N/A | 10.127.0.90:1433 | tcp | |
| N/A | 10.127.0.90:1433 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| N/A | 10.127.0.90:1433 | tcp | |
| N/A | 10.127.0.90:1433 | tcp | |
| N/A | 10.127.0.90:1433 | tcp | |
| US | 8.8.8.8:53 | 235.17.178.52.in-addr.arpa | udp |
Files
memory/4832-0-0x0000000000400000-0x0000000000429000-memory.dmp
memory/4832-2-0x0000000000401000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-QV0V4.tmp\Setup.tmp
| MD5 | 898d42b5939b4bbc6057c4a85c4e0cfb |
| SHA1 | 219fc6d4f8f82260f1a9194f262770e2b3509339 |
| SHA256 | acb1db9d7755b12718c02acc9d10660046fc39626e000f763e037a06e52719ea |
| SHA512 | 7c36c852e0b6288267a28323e34f60dd3c7799982def2c3e9d86848c3967ad64ad043ecfcef7a7eb3232739279cc53b0fd98945b7321647373bdc955ca410d43 |
memory/1212-6-0x0000000000400000-0x000000000052E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\_isetup\_isdecmp.dll
| MD5 | 77d6d961f71a8c558513bed6fd0ad6f1 |
| SHA1 | 122bb9ed6704b72250e4e31b5d5fc2f0476c4b6a |
| SHA256 | 5da7c8d33d3b7db46277012d92875c0b850c8abf1eb3c8c9c5b9532089a0bcf0 |
| SHA512 | b0921e2442b4cdec8cc479ba3751a01c0646a4804e2f4a5d5632fa2dbf54cc45d4cccffa4d5b522d42afc2f6a622e07882ed7e663c8462333b082e82503f335a |
memory/4832-13-0x0000000000400000-0x0000000000429000-memory.dmp
memory/1212-14-0x0000000000400000-0x000000000052E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc9redist_x86.exe
| MD5 | 5689d43c3b201dd3810fa3bba4a6476a |
| SHA1 | 6939100e397cef26ec22e95e53fcd9fc979b7bc9 |
| SHA256 | 41f45a46ee56626ff2699d525bb56a3bb4718c5ca5f4fb5b3b38add64584026b |
| SHA512 | 4875134c664503242ec60717232f2917edca20286fc4b675223edbbe5dc0239ebfaf8f67edd76fedcaa2be5419490dc6f47930ca260e6c9988ccf242416c204b |
C:\baae18ae73fa398b245866\install.exe
| MD5 | 33c9213ff5849ef7346799cae4d8ac80 |
| SHA1 | 5421169811570171e9d2d0a1cdca9665273e7b59 |
| SHA256 | 3377e31d233ff41aea253e6221815820997763acdf40b005f8791400366cb8ff |
| SHA512 | da0fc3f57156e06c0c37c1fb5176e1b147ce4aa21f519112123722496b04ad4bc3d366e2b51fd78de1ba0304d35bfd5e5fc95cabc2b3eb174f77636a8fa162a1 |
\??\c:\baae18ae73fa398b245866\install.ini
| MD5 | 5feaa6a36fea7dfdb88c18d69ba6d6a9 |
| SHA1 | 7afd91a7b046d68b6ee9fd367bcd7a4fec546216 |
| SHA256 | 67a50ffbb8a1d500eaa4d9f0227d6a8595a2750154e6b31662fc4f51286e47fc |
| SHA512 | 6c8c0456f232a02a49d51b3f1a830a18b9078e621cd0dc3f4f76f79b83035e8affac67bce3af9a37fa9096a34a8499c59cf982b63a4b2400b9190d2db293e682 |
\??\c:\baae18ae73fa398b245866\install.res.1033.dll
| MD5 | 8e97ea8a1ed69806232e8743f9a28706 |
| SHA1 | e911d3802e64f9be0e1ac68865bbcc92624d6a1f |
| SHA256 | 2893b1b9751f833d4a3ded7c1fba1a96cada2927a2349c5d751365eed647c100 |
| SHA512 | aa57fe0b822145aa1d8eb72f9735ef5d92036f24c4c80392799d701447d18ea510331f5653b39c43dc923cd0f1a61bf87be0f8a4927f6e3754d19ac76fd443c3 |
\??\c:\baae18ae73fa398b245866\globdata.ini
| MD5 | 0a6b586fabd072bd7382b5e24194eac7 |
| SHA1 | 60e3c7215c1a40fbfb3016d52c2de44592f8ca95 |
| SHA256 | 7912e3fcf2698cf4f8625e563cd8215c6668739cae18bd6f27af2d25bec5c951 |
| SHA512 | b96b0448e9f0e94a7867b6bb103979e9ef2c0e074bcb85988d450d63de6edcf21dc83bb154aafb7de524af3c3734f0bb1ba649db0408612479322e1aa85be9f4 |
memory/1212-53-0x0000000000400000-0x000000000052E000-memory.dmp
\??\c:\baae18ae73fa398b245866\vc_red.msi
| MD5 | 6e17361f8e53b47656bcf0ed90ade095 |
| SHA1 | bce290a700e31579356f7122fb38ce3be452628a |
| SHA256 | 8811e5fe167223d906701bc8deb789de0a731e888e285834bcae164b03d43c96 |
| SHA512 | a566fc8bbb4d354db32f13de2fde73a1210c61b1c30a1be22b16c7e98b8d51c673259c57a924b04035cb9f0bf4a087a3e8b32221e7ff87032cddc840ffe3ed2f |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI07E3.txt
| MD5 | a55df22b32b19c4d96d5339c358739c2 |
| SHA1 | 8b95c133c5da7a5bc179697b104dc7bc101f1098 |
| SHA256 | 559a984cce25afd5491a56334b86cf27378a0ec904d07c6e08cb7bc5f52ef315 |
| SHA512 | 589f59e4707890888d44de6fe731138eccc5513bf606e378b59cf72ca770406f747d86085eebacce00e9e71a3550734af05e82039b2e11e4503be98a766ca2e5 |
\??\c:\baae18ae73fa398b245866\install.res.1042.dll
| MD5 | d276d0c01bf44cb781ff5d293676674b |
| SHA1 | f96e3a9bbac867b4dd9b24312845a852a5b44ed4 |
| SHA256 | d6f45cb0308e3790b0d819cae9d87e61d79468414ce7f78bd41e7289fc832945 |
| SHA512 | 46100a058157b8435633bf0fc6a2c92086d74c60e480e0faa016e7aaba848e16c2431e48b83e738c28e3a393592ff6cc27b7a2c2a55ff6d94494cf83686175c7 |
\??\c:\baae18ae73fa398b245866\install.res.1028.dll
| MD5 | 5e7e93fb7b9d36665b10be97703dafe5 |
| SHA1 | 17b42892768e9742920febf70e9214997e3f04ef |
| SHA256 | b8f0f576199e32fd906538537c8da052ee666a91ef971c577a53fd715e544604 |
| SHA512 | 8f2828606ae34a691be77cdc5dc20f3aeb641bb24742fac04860a6f847c42cdc8453b8e5f9722f7b016438849c2b57fc8ea9b41111b69ffed30624e16824a1d6 |
\??\c:\baae18ae73fa398b245866\VC_RED.cab
| MD5 | ecca3c1acb74cb73c600eabdd3f9c9d9 |
| SHA1 | f015759f623c377494a5996670204f1fcd0895e3 |
| SHA256 | 43b7648183347374236296f2176c7c7da920da9c1a08adda761e12614efb299e |
| SHA512 | 2785b8e8cfc310ec114cee696c5b85900fc71186dcbf0c99a9c13f4f0fdcc9e9dd583c9d1fd82492a680efcd7071c3593b02b628bd947bc19b1302b931aca807 |
\??\c:\baae18ae73fa398b245866\vcredist.bmp
| MD5 | 06fba95313f26e300917c6cea4480890 |
| SHA1 | 31beee44776f114078fc403e405eaa5936c4bc3b |
| SHA256 | 594884a8006e24ad5b1578cd7c75aca21171bb079ebdc4f6518905bcf2237ba1 |
| SHA512 | 7dca0f1ab5d3fd1ac8755142a7ca4d085bb0c2f12a7272e56159dadfa22da79ec8261815be71b9f5e7c32f6e8121ecb2443060f7db76feaf01eb193200e67dfd |
\??\c:\baae18ae73fa398b245866\eula.2052.txt
| MD5 | ec4b365a67e7d7db46f095f1b3dcb046 |
| SHA1 | d4506530b132ef4aad51fcbc0315dadc110c9b81 |
| SHA256 | 744275c515354ece1a997dd510f0b3ea607147bbf2b7d73f8fca61839675ba27 |
| SHA512 | 5e5d1e196fc6ac194589bc6c6ab24e259aed8cbd856999390495fd5ec4211f212c6898e1b63538bfbb4401a5b4da08f3a2e09bca1cfb2e9c2cee38e63190b2a2 |
\??\c:\baae18ae73fa398b245866\eula.1028.txt
| MD5 | f187c4924020065b61ec9ef8eb482415 |
| SHA1 | 280fc99fb90f10a41461a8ee33dbfba5f02d059d |
| SHA256 | cfa4f2c6c2a8f86896c5a6f9a16e81932734136c3dfde6b4ed44735e9c8115c2 |
| SHA512 | 1d5a8e80fb6805577258f87c4efd7c26a9ac1c69f7dea1553d6f26bcc462d2d9c01d4b94077f70110a33b39648c9aa3bb685e10534f19ba832d475e9ee6aa743 |
\??\c:\baae18ae73fa398b245866\eula.1031.txt
| MD5 | 3168ed3b48c1dc8d373c2abc036574cf |
| SHA1 | 7ffbcfb6cd9b262a0e9a55853d76055693f60c60 |
| SHA256 | 3e4d78fcc11eecb23af12a4eaa316114bb36d39561f6062a3921c08a43261321 |
| SHA512 | 9465640705c382bb736e468a2ffb303ecfb2637c55ddca759d1fb190279b98103def64a8c599deaa1439e58c41d7b2c2809332c2a5f18945e9ee3d6c046a5197 |
\??\c:\baae18ae73fa398b245866\eula.3082.txt
| MD5 | c2d1221cd1c783b5d58b150f2d51aebf |
| SHA1 | 3bc9b6419a5f9dcf9064ae9ef3a76c699e750a60 |
| SHA256 | c79ff7b9e67aed57f939343a3d5fd4fb01aa7412530693464571148b893b7132 |
| SHA512 | c4ec596814b408e3c0aaf98864e2769c6175dba020f3014dd79f0190d81812020c932afca449e6b8b35233f36f2ab2efad0dc8d0d68dccdb40f6715fb1d050b4 |
\??\c:\baae18ae73fa398b245866\eula.1036.txt
| MD5 | c360851dfdf51b6ddc9cfcc62c584898 |
| SHA1 | f8fbe6b98039d01700dc49eb454bb1c1d8cc4aa6 |
| SHA256 | 3456ebc9c6decef8b27b10d97f7f6d30a73b5da0024e1b8a0657e3b9a1cc93d9 |
| SHA512 | a340a7d98b4b6f925a803805224e733433e76230a36c4ab17e28f9d5951b81280d776153414701b29bb05b496b726932683e35fb603587d7ff5b716a88fece8d |
\??\c:\baae18ae73fa398b245866\eula.1040.txt
| MD5 | 04b833156f39fcc4cee4ae7a0e7224a1 |
| SHA1 | 2ffa9577a21962532c26819f9f1e8cd71ab396bd |
| SHA256 | ebafaeb37464ed00e579dab5b573908e026cd0e3444079f398aada13fa9a6f66 |
| SHA512 | 8d3f6a900ebd63a3af74ab41ac54d3041de5fe47331a5e0d442d1707f72a8f557d93d2f527bbb857fb1c67dd8332961fd69acc87de81ba4f2006c37b575f9608 |
\??\c:\baae18ae73fa398b245866\eula.1049.txt
| MD5 | bc3a8865b60ec692293679e3e400fd58 |
| SHA1 | 2b43b69e6158f307fb60c47a70a606cd7e295341 |
| SHA256 | f82bca639841fa7387ae9bbf9eca33295fab20fade57496e458152068c06f8a3 |
| SHA512 | 0d9820416802623e7cd5539d75871447f665481b81758c08f392f412bc0fd2ef12008be0960c108d1c1ce6f26422f1b16161705104d7a582df6a1006b0d1b610 |
\??\c:\baae18ae73fa398b245866\eula.1041.txt
| MD5 | 031fab3fb14a85334e7e49d62a5179fe |
| SHA1 | 12370185ef938a791609602245372e3e70db31be |
| SHA256 | 467773ddffdb3f31027595313b70d1ea934c828b124d1063a4aa4dbe90f15961 |
| SHA512 | 7424a52bbb18a006816ee544d47f660e086557d13bb587d765631307da96aba56d8b9cd3d4e7d50c2a791815273910cef95ebe928bc03dd9c540b97ac7a86447 |
\??\c:\baae18ae73fa398b245866\eula.1042.txt
| MD5 | 6fcd6b5ef928a75655d6be51555288c7 |
| SHA1 | eafdcc178343780b83f1280dad9d517aaedab9e4 |
| SHA256 | 3d45f022996cd6d9ebb659a202fbfd099795f9a39ed4e6bbd62ac6f6ed5f8c7b |
| SHA512 | 635ba44d8d8ecfbdb83a88688126f68c9c607e452e67d19247dfe7c307c341dad9b1d2dc3eae56311c4b3e9617ab1ee2bd2a908570df632af6de1e1fa08bf905 |
\??\c:\baae18ae73fa398b245866\eula.1033.txt
| MD5 | 162fc8231b1bd62f1d24024bb70140d5 |
| SHA1 | 7fa4601390f1a69b4824ee1334bee772c2941a24 |
| SHA256 | c68a0fd93e8c64139a42af4fcd4670c6faea3a5d5d1e9dd35b197f7d5268d92b |
| SHA512 | a707b5ef0e914ba61e815be5224831441922ed8d933f7a2ffe8aecf41f5a1790a1e45981f19d86aa5eab5ea73d03b0c8e2ab6b9f398ab0154d1c828da6f6beda |
\??\c:\baae18ae73fa398b245866\install.res.2052.dll
| MD5 | 4b8d230ccfadf8a2d3ea4b1512238292 |
| SHA1 | 53793dde6106277c33367de5cf361f79a52692c2 |
| SHA256 | 8fec53f664217f624ec8229425abde74225eccf6b55e41d4c12c9d9789f4159c |
| SHA512 | 10993d5ca2b40060ba5925e8d7c008d028c06d909cb3b3a8f8da6a289e2cd45b95227114115e7ab6bed7fc91601d94c5b3c1a9d44e08850dc3048e4e9d51423d |
\??\c:\baae18ae73fa398b245866\install.res.1031.dll
| MD5 | a1157142485b86985c03e26add533201 |
| SHA1 | 05320791cdf33ff3a9989396f6b54172b2d7d0ee |
| SHA256 | 94779d2272a18a0340156225485aab95d0473aef478442dfe392d11b7e6f41db |
| SHA512 | 3fa2b3c4c57e071f24cdd02fc53dca5206370c8161cd9ba7b95fa8a9bce9e5268f3f7824908f93df7a087afd38425219447339f40908ffc9b1d593d063ae21c1 |
\??\c:\baae18ae73fa398b245866\install.res.3082.dll
| MD5 | 55a9b25fa0d768fb902842439d041b1f |
| SHA1 | da103afd92af9b6f89b604191db2805a015a8c38 |
| SHA256 | 8f826dba565fc464395ed24219da946f55692705de9f61f501dcfebf338970a3 |
| SHA512 | dc1b1dc345cb0e2e7e055abc07fc1374abbf773afae64fc27db292c5b97a166bfe4eaa69188d6831a91bfa2913c2238277a860a098ee9606b4112cba55067f7d |
\??\c:\baae18ae73fa398b245866\install.res.1036.dll
| MD5 | cbf6e77d932688970a28328ca5263501 |
| SHA1 | b1d469e921ba90df15760943f228ebb2cbc55792 |
| SHA256 | 3ffe888bc0bbe9bb81369b49171d532839fbea931d8553371e857df6ef815c13 |
| SHA512 | eeb2773960f7ecf9e87b5225cc730651388fab7dadda766a38d345f051ce2cab7027ac6c7286092e86f71c67b8c8a8c01c3808f205082280ad051fcba96358c9 |
\??\c:\baae18ae73fa398b245866\install.res.1040.dll
| MD5 | dcca7196203d338b41ead5e1418c6a92 |
| SHA1 | 44267accc8577f093abc77dff8d5f7ff25c343b2 |
| SHA256 | c2a81077da2201d180bd5496129ea6bcfc5930d8a6d256babdb9a552b1a597d2 |
| SHA512 | 13e934786445067be1c9eca38587dc55e294b2df6e1a16d13c584dc3c031126314047c007ecbc4548aa9bbe1f1021f19cd6b639fc66f43ef9465f4c4c10df049 |
\??\c:\baae18ae73fa398b245866\install.res.1049.dll
| MD5 | 2e57ae4186f17be4148077ffe8212a27 |
| SHA1 | edad955ab3deef258c354d134b5a3443369f85f8 |
| SHA256 | ac9ef02d54eb87a5bc2bc8c77a6497853072ff37e7e82495ef8d79f6a5af07e3 |
| SHA512 | b2f239253866aab26cb1ab8a90f89ff90553cdb5897bba2ebf0e08eefb5a975c68bf7904f15b09e33777718478e3cc1a074dff8d8ddacc8a56b675adf125443b |
\??\c:\baae18ae73fa398b245866\install.res.1041.dll
| MD5 | 0fcc2f2bf7c18392514413a3c2a5ec5a |
| SHA1 | bf7f494336589b8763b0936f0558749dbb407c4b |
| SHA256 | 11c111b3f24ba7d197007fb572b9f77e7d6f58c290de239a08f287c2aeb3b89d |
| SHA512 | c704d1264fd2a106487baf87f6db054862bb31576b0716fe1570eca46ba90519c23c3246852c6b33ec1cf1fc6ff1529b163ff38ec9d32c5eb588585545fcb596 |
C:\Users\Admin\AppData\Local\Temp\VWL412.tmp
| MD5 | 9bf58dcaaa3425beb2bc296bc7f73e80 |
| SHA1 | 0768dd256915835aeb4363bf48ba414fc57407f2 |
| SHA256 | 771e518b8a00f296cabed0960be3bf6a9e942fad1f6b98c2e637f454553c707c |
| SHA512 | fca6fc24858b7ff799f0a3ec6fdc968f7953625350d68298205b2e07845a90d4eb9c609cbb501eb59ebf5976d1c37c5484d1ed6c82334784edc705dcea39ecf2 |
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc12redist_x86.exe
| MD5 | 7f52a19ecaf7db3c163dd164be3e592e |
| SHA1 | 96b377a27ac5445328cbaae210fc4f0aaa750d3f |
| SHA256 | b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386 |
| SHA512 | 60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b |
C:\Users\Admin\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\wixstdba.dll
| MD5 | d7bf29763354eda154aad637017b5483 |
| SHA1 | dfa7d296bfeecde738ef4708aaabfebec6bc1e48 |
| SHA256 | 7f5f8fcfd84132579f07e395e65b44e1b031fe01a299bce0e3dd590131c5cb93 |
| SHA512 | 1c76175732fe68b9b12cb46077daa21e086041adbd65401717a9a1b5f3c516e03c35a90897c22c7281647d6af4a1a5ffb3fbd5706ea376d8f6e574d27396019c |
C:\Users\Admin\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc13redist_x86.exe
| MD5 | 99e3d99d8ed70ac88f59e31757ed3d62 |
| SHA1 | 18f81495bc5e6b293c69c28b0ac088a96debbab2 |
| SHA256 | bbc26aca42cd311a0e1ea1356852f061d863af047f1891ac9952ab7e7cb8e04f |
| SHA512 | 34ff42d09d1738df912823fcb8c16ab28927415f736f0a49779f9eddf0e2fe36682fa3d021414b4751532b0d385aa513290f6c44c48936500c9a58b332fc147c |
C:\Users\Admin\AppData\Local\Temp\{ce085a78-074e-4823-8dc1-8a721b94b76d}\.ba1\wixstdba.dll
| MD5 | fb45cc1b78259a878ccc2247d4ceb68c |
| SHA1 | 0be045e040f9cffdc2baf021c320abcb471439be |
| SHA256 | 87644901a31aa7ee1f61e5906d225491846563eb4a53a302fa337c4ec25e3714 |
| SHA512 | c9fdb0019b3b0a7c5c97aa5ea880d7b1522496dc09b097f777233352589a43f2564c0a2fe4fbcfc95c9b70720e0ac1b97b369def65352302ab5a4863ab9fa43b |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
| MD5 | ed8339dcfa1167a5042770c73a5641dc |
| SHA1 | f6cf19c148f67c514eddc9946defe7c8eb5a36b5 |
| SHA256 | e9c480dd9637882b633d1e0b01431d27183b4f94be88d84c7b92c36ff9a342b1 |
| SHA512 | a96faff093ad21c6c4ee5a429073d8517dbe179e06178f0c589f1570b99029351eb38e86f8c24323d012fde4e4d43afc5bcf8526ab9d7085d06483e870ffa43c |
C:\Users\Admin\AppData\Local\Temp\{ce085a78-074e-4823-8dc1-8a721b94b76d}\.be\vcredist_x86.exe
| MD5 | e6d5fb03f157f33376e9d8a1055ed70a |
| SHA1 | 541add9491f98277163c822390d7c8da07754ae0 |
| SHA256 | 52a0948253c8120a6e1f96f717978270bbd2d07c0ce46c5f2b8b8ffa7a967494 |
| SHA512 | 51298ec2dde1d8ec6956cee8dce75572fc85217f49e071867a8a2987071e595db03bf1e1b8a4e7b5439d9383fc0daa89dedeb1573aba8ce32aa4c24bf28d1a75 |
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\vc19redist_x86.exe
| MD5 | 35b40b21383ac38487ceec8ab6e53565 |
| SHA1 | 59894bd9c96361b475c3b4b7ca9719c72e813d04 |
| SHA256 | caa38fd474164a38ab47ac1755c8ccca5ccfacfa9a874f62609e6439924e87ec |
| SHA512 | 3a00b40ba8cd1cf8a523efab656f5b8910a3b07f9d8fba4ffc07745165b6375affd77b00fd3064fa72fb984c1773438a39e67a55363be23dd8fe1727c1016b8e |
C:\Windows\Temp\{897C4252-F799-4486-92FA-14C2366DFE88}\.cr\vc19redist_x86.exe
| MD5 | 86123c033231dd7e427d619ddeefd26a |
| SHA1 | 608c085348fd9c4e124e6f28f0388ccdac6ab2b5 |
| SHA256 | d863fb2f65bb6eea492e79ab9d09a53cc226e85f57d6545cb82f60b122a4b737 |
| SHA512 | ffb574123b350d3c9434abc88baa050ae6e54b5b9ebf3f1dcf4bf079284135696004508653e74a3a3c2fa8e4c1b681c3f31d5fe69e0f0c5f45ed37f9ddc61e78 |
C:\Windows\Temp\{3B158E6B-84A6-47E6-9756-55D5DD4CD55E}\.ba\thm.wxl
| MD5 | fbfcbc4dacc566a3c426f43ce10907b6 |
| SHA1 | 63c45f9a771161740e100faf710f30eed017d723 |
| SHA256 | 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce |
| SHA512 | 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e |
C:\Windows\Temp\{3B158E6B-84A6-47E6-9756-55D5DD4CD55E}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Users\Admin\AppData\Local\Temp\is-BIMO3.tmp\MSChart.exe
| MD5 | e7605df8e1a6ef547c2f77a304de8848 |
| SHA1 | 776c876430e692c702a8eabed9c89d1ad94d5927 |
| SHA256 | 95ca5aaa5e9b19dc55127bf89a32abec4f72c4ae03495e461d251a6ecfbeed92 |
| SHA512 | 58c3ea86fb722bcbe074f634901650ec19262d47a42f9011fbae4e57fd80bdca797cd20d849f382da2671eb9eec52883a15a6ee017483d803c7aab46f029ac18 |
C:\4a051f497f7543617520ac\SPInstaller.exe
| MD5 | 075bfb4c71d2fb11b644eaabd8b64a01 |
| SHA1 | 479b6189ca547e6e2926fca014561619766bf8d7 |
| SHA256 | 2a99618b7d7416d86ea55dad961e785688979acb578ba85851c0b9a6dfe41a58 |
| SHA512 | 9230dd2d4956edf6dffa179a0e22bef3ef8432f6d09291c8e3f9db82db5f49bf39fe4faf1ef58f41947085b4e8fe129c0a8919d584bc97d784cd8b320ad91665 |
\??\c:\4a051f497f7543617520ac\SPInstallerEngine.dll
| MD5 | 7c071bc63b58519d2712a13337055fc7 |
| SHA1 | e27822a2e785ba0b64d1b6f14035f2fe2ccf6eb5 |
| SHA256 | d89494e63910cfc528139a0304555577638da38b5258bdfd22aa86300e00fc8a |
| SHA512 | fa86c69bd79bea703ac218ac5e4d3a18b2c9de66f29458e59f502708c4f28eb57743672c3bf20ec97eeed7bce99568a9290bbe46107d9ea968f46452fb41a66a |
\??\c:\4a051f497f7543617520ac\sqmapi.dll
| MD5 | 89e2c7e8af95c3cd3209ed67837d882f |
| SHA1 | def626501cf2d8bacfed0ef3c2f6137a6af0d138 |
| SHA256 | f19eaba1f8e6c28215d93481ddfa37767390500c70ea5cc06d747eb1132b41dd |
| SHA512 | 0b6155c1413ad48c4a1665a7aa87ec004e860c2da2d6cad96ec4b9436e9ff649e5cd807895730f2f49aecd5ba7a1f6bf83d0e47e58b504983033a2bd2ddc9a01 |
C:\Users\Admin\AppData\Local\Temp\HFI17F9.tmp.html
| MD5 | 3fb443021b7cc775653091fbda3f0485 |
| SHA1 | 8d9902c5025fc05e264afbd26d8cc8fa84ef713f |
| SHA256 | dc32ddb61a8d542f16f9acbfe26ced213ab847dd606c934a22beb2dd034b74d3 |
| SHA512 | d7426d5db8a37e970ff61dab3b69e6fdcfd8881c5c62e45b9cc5b9f49286af237f6a55e5bf82e11f5c9cb2d3c3332d922c7d8fdd4e12cd31bcf4f116e233957a |
\??\c:\4a051f497f7543617520ac\DHTMLHeader.html
| MD5 | ed37a53d539007fec2ff78bbfc449ec8 |
| SHA1 | a59b06a2544e612b8c712ebb0e29705922704156 |
| SHA256 | b5f71fb8b34fb75a1a89251b5de3b22c25232ab84c6a392c85f738d75de86678 |
| SHA512 | 921a5e8d68b39019657153b371cbce0fda8b842dca89889a4f11a8187344b2ada74dbf863f8d0f9a9dc7837af11c7e0f94cc5a8fba0d5e8c449758482af8adf9 |
\??\c:\4a051f497f7543617520ac\ParameterInfo.xml
| MD5 | 8d82e881132076df04aa63ee0469017d |
| SHA1 | 941214a5e8082f5dae9fc61dcfe2737045fdc7b0 |
| SHA256 | e1ad3bdb0caeca027126cb8925f19efb504444a12a000a99e97a4bd75290f89b |
| SHA512 | 049345de531f5f5b47aa5ae2aa3f4a90e1ba0f91c24a8e94fdcf5f0e4b5e07ec76c7ce1f6fb47ee36616900df455458576225c0a7bd23025315853c5b9ace19d |
\??\c:\4a051f497f7543617520ac\LocalizedData.xml
| MD5 | 60194fff32d63effec5a298a3de26da1 |
| SHA1 | f149a86d77e56127b9a3721e85e69066638ed92b |
| SHA256 | 66a4a89410cba0b00035e0356120187c1aaf0e2a13787811a782a26d1a832c1d |
| SHA512 | d2bd136593267f0ef9c8a31ea243f5020d56cbbfc2d4f66de8340aeab4eefd42e2c3f85888736d20623fe365ceb735d6554547fbb7c19d1ee76cf25796327c05 |
\??\c:\4a051f497f7543617520ac\SPInstallerUi.dll
| MD5 | c99e0fa0933efc3658dd02525b43fdd7 |
| SHA1 | 3cdd7b8d22f2d8519f5544b7f12ac30a2268a5b9 |
| SHA256 | 7eaf337bcb544eaa50b46c114cfde2d21954299e5b84fade03dc37c15d1b00ab |
| SHA512 | 9b4187863e7057e1f250ed1e0a616e2a4746b11ef4f0ae4b017d2c2cf7dab23de030e12f54ca74edb18427bd009d03e465b6687603344ccab9bd2f3f8aa3772f |
\??\c:\4a051f497f7543617520ac\UiInfo.xml
| MD5 | bcd1b1b5fd79f3be496c430480a72096 |
| SHA1 | db0a33a1c11c65e9b7a7960ae9737b87f2ef6406 |
| SHA256 | 918d468ecc579e74209643b4a1e16afa5b918b1c3b2fb509ac4c5d01a24aed0e |
| SHA512 | a15d831023d4204070137a9381280880236c916369b41b0a6c444c334b10680df45756554dcc97a65a6a88dd5ca67672803baa9ea14513fa357c2a98c371385f |
\??\c:\4a051f497f7543617520ac\1025\SPInstallerResources.dll
| MD5 | 4cea15e2da2d63993363ff4f4d6e7c48 |
| SHA1 | 5d753d5b72abfe1ca202ad8ed4db60da9d5ae0bf |
| SHA256 | 3a95d2f43ce9727cfc61b68f27f2217e9098e793f01ea1439de62005bbdb55d6 |
| SHA512 | 71700bc823dcbc8333550dab555acfa42bb4a7d6eb15564fb639bfa829b56f8549be125c5679c9f65db9b958c8f924504cae1c8c5ac1377307fd76aa504bd5c7 |
memory/2344-440-0x000001D9C6D10000-0x000001D9C6EBA000-memory.dmp
memory/2344-444-0x000001D9C5700000-0x000001D9C5718000-memory.dmp
memory/2344-448-0x000001D9C6EC0000-0x000001D9C7070000-memory.dmp
memory/2344-452-0x000001D9C5740000-0x000001D9C5756000-memory.dmp
C:\Windows\assembly\tmp\94798G57\System.Windows.Forms.DataVisualization.dll
| MD5 | 4eb366f068876656057fccb2b5360fdb |
| SHA1 | 5ca25be2e5fd5205971c931c30ee52bd1855ed05 |
| SHA256 | 9d193f4ac582a024e9c8a386717944e82d281e30b30bd1b3b4d015dcb52a5d56 |
| SHA512 | 177a0c7f8ac5526ca8622447816412a91c2ff1c6933b6f67bfe3bae4aa9cafd81b787bbc8df106ae96167f1e6f1cdf63ab7b3ed81f9a1370f23af05259abe7dc |
C:\Windows\assembly\tmp\XGMS1MWW\System.Windows.Forms.DataVisualization.Design.dll
| MD5 | f9ce119437c7c56eda862b412f5b7dfd |
| SHA1 | 092dfc99d44b3d1ff9ef2af7e2a80b7941ff0131 |
| SHA256 | 49248d90a581d2e9933b1013b7f2aef8346f6da297851c9215ac45f8fe9fd857 |
| SHA512 | c8ba2f65c040946c26657d4e939ff2b069b806c6adde938a1b5971432df6b3796abb23c1bf9722b1e1483480fa488a42642b71c1e71d909a57d134088eabf620 |
C:\Windows\assembly\tmp\WBW3UUCV\System.Web.DataVisualization.dll
| MD5 | 6502f885536ef34d3011acec9021b4a2 |
| SHA1 | 4ae4723cd4c36c82bf85737580ac29832756a871 |
| SHA256 | ee4b416f47e919459134253dc7429993a3f33bb31fad9e6fb95a16bf4fd3995d |
| SHA512 | e6d68d84c51b11c874eda91a49d67a0ebb4f2221e4531c1aa971178978deb08a16914c7a97e4b8a85af8642aa7ef50b1b4a87ada51d09cdb3e959c5d08106602 |
C:\Windows\assembly\tmp\8A23OZLL\System.Web.DataVisualization.Design.dll
| MD5 | 68921811aae9fc8c544274a580369483 |
| SHA1 | 8f113e1f286c43d8037d58d7047ffc9196e12e05 |
| SHA256 | 41552906188914f8b781315751ed105acc8ccbdcd160baecb7f88ce4caf23923 |
| SHA512 | fb6fe53638b02b6a326ace5dd506302a8b5c32f728a99e4725a701b069605f2f1b3e8ef6d0bf870dcc248fa72c109f0d9a509ae7cfbf4ba17f9bac50e6c970cd |
C:\Config.Msi\e57d0d5.rbs
| MD5 | c3a578eeb6d1fe943a52f7e1f8a98142 |
| SHA1 | 6e0b3d8b918dd61dfc950090cbedf206de95b4d4 |
| SHA256 | a75a574826f056ab1d984874ee0dd33c2ea7a8ded0ceb7533a05ef52028a65e4 |
| SHA512 | 22011e3485fd84fa00c30374a4e59144403a63d7b073ec5678fa1b0eeb77a850158ef21ad4e1da5fe05c9e23b40399170ea1870515efb2e5ad28b4459a110767 |
C:\Windows\Installer\e57d0d2.msi
| MD5 | a497584d5356ece498183eaf9fb353a3 |
| SHA1 | a0d1400b0ee1492b96d5d15972050500a0a7f7a2 |
| SHA256 | 13c8e09908cc076d93ec3f7ade0b9127fc9d38763ea90f8a5d83c57d835c2582 |
| SHA512 | e694c97baa54a642df34385e720f1658392dd7bf87a4d8b0d5332ff41c6b1577d452041e90edaf0b8b459a4da6f867102f5c0cb9273091a806a504f7e07b0152 |
memory/1212-478-0x0000000000400000-0x000000000052E000-memory.dmp
memory/1212-505-0x0000000000400000-0x000000000052E000-memory.dmp
C:\Program Files (x86)\Synbiosis\ProtoCOL3\ProtoCOL3.exe
| MD5 | 827af659355b680117fdbdc542edc328 |
| SHA1 | 2197dd695f2e561387665caa512b3113312d8c7a |
| SHA256 | b617e1f86ef1df71f60811340ed1160cacf69399e7736d641ee9095c1477ac0c |
| SHA512 | dddf5940607cad8f68e0f581ae14b0c734089587d082afa3c92aa6109b46b7c11e9c362047ffa70799bc20ab39ff0fbcd85c0168d18af64922ccf832f95ec11b |
memory/1764-797-0x0000000000B40000-0x0000000000B75000-memory.dmp
memory/1212-800-0x0000000000400000-0x000000000052E000-memory.dmp
memory/312-801-0x0000000002650000-0x00000000035BF000-memory.dmp
memory/312-803-0x00000000035C0000-0x000000000368C000-memory.dmp
memory/4440-808-0x00000000009C0000-0x0000000000E60000-memory.dmp
memory/4440-809-0x0000000005770000-0x00000000057BC000-memory.dmp
memory/4440-810-0x0000000006160000-0x0000000006704000-memory.dmp
memory/4440-811-0x0000000005C90000-0x0000000005D22000-memory.dmp
memory/4440-813-0x0000000006B40000-0x0000000006F70000-memory.dmp
memory/4440-814-0x0000000006110000-0x000000000611A000-memory.dmp
memory/4440-815-0x0000000007C20000-0x0000000007F74000-memory.dmp
memory/4440-816-0x0000000007B50000-0x0000000007B9C000-memory.dmp
memory/4440-817-0x0000000007F80000-0x0000000007FBC000-memory.dmp
memory/4440-818-0x0000000007BB0000-0x0000000007BD1000-memory.dmp
memory/1212-820-0x0000000000400000-0x000000000052E000-memory.dmp
memory/1212-833-0x0000000000400000-0x000000000052E000-memory.dmp
memory/4832-834-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2432-835-0x0000000000550000-0x00000000009DE000-memory.dmp
memory/2432-836-0x00000000055F0000-0x0000000005832000-memory.dmp
memory/2432-837-0x0000000005A90000-0x0000000005ADA000-memory.dmp
memory/2432-838-0x0000000005A60000-0x0000000005A6E000-memory.dmp
memory/2432-839-0x00000000063A0000-0x00000000066F4000-memory.dmp
memory/2432-840-0x0000000006C00000-0x0000000006D86000-memory.dmp
memory/2432-850-0x0000000007090000-0x00000000070E3000-memory.dmp
memory/2432-851-0x00000000075F0000-0x0000000007610000-memory.dmp
memory/2432-852-0x0000000007FB0000-0x0000000007FFC000-memory.dmp
memory/2432-853-0x0000000007890000-0x00000000078B1000-memory.dmp
memory/2432-854-0x0000000009010000-0x0000000009028000-memory.dmp