Analysis Overview
SHA256
d33e30f08fa2e2a19906054c40e7d19c7a34451026fd30b2072c91e720616222
Threat Level: Shows suspicious behavior
The file SigmaXL_Version_10_Setup.msi was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Drops file in Program Files directory
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:39
Reported
2024-06-12 15:43
Platform
win11-20240508-en
Max time kernel
59s
Max time network
67s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Attribute Data - U Chart Defects.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\TurboActivate.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_XYZ_Interp.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\1 Sample Equivalence - CI Mean.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Montgomery Table 9.1.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_ADBC_V7.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Chemical Process Concentration - Series A.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_RSM.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L8 Seven Factor.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\C Chart Template.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_DMAIC_2016_Ribbon.xlam | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\One-Way Chi-Square Exact.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Customer Data.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_Tolerance_Interval.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\GageRRCharts.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Sample Size and Difference Worksheet.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\tbbmalloc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L27 Thirteen Factor.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\TurboActivate.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\libiomp5md.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Attribute C ARL Calculator.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Conover Grass Type Experiment.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_DOE.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\DLIB\xyz_interp_761.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\2 Proportions Test CI.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Rare Events Prob G.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Stimulant Test.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\TurboActivate.x64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\DLIB\signal.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Individuals.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Wafer Thickness.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Catapult DOE Data for Adv MReg.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\cityhash.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\DLIB\arima_stl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\readstat.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_ANOM.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\GLM GageRR (Crossed) Metrics without Interaction.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Shewhart ARL Calculator.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\RSM Example - Cake Bake Data for Adv MReg.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_Forecast.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\EWMA ARL Calculator JN.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\G Chart Template.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\GLM GageRR (Nested) Metrics.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\g.gkf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\EWMA ARL Calculator.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\FMEA_V8.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_Descriptive.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L9 Four Factor.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\1 Proportion Test CI.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Mobile Cellular Subscriptions per 100 people by Region and Year.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\zlib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L16 Eight Factor.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Monthly Airline Passengers - Modified for Control Charts.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L8 Six Factor.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Attribute Data.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\Sample Data\Monthly Airline Passengers - Missing Values.xlsx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_ARL.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_Gage_linearity_Bias.gcg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\1 Poisson Rate Test CI.xlsm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\SigmaXL_DMAIC_2016_Ribbon.xlam | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\TurboActivate.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\xls.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\SigmaXL\V10\SXL_Stats\Attribute MSA.xlsm | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI63E5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\UNINST_Uninstall_S_86A8AA8FC5374446B85D3419441965DB.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e586243.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58623f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{8FC20039-94AD-47B5-8C24-8CFD0B7B2069} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF2D0DCCC3BA46E844.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58623f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\UNINST_Uninstall_S_86A8AA8FC5374446B85D3419441965DB.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\NewShortcut10_B9C4D019D8C042959C28E61D4368901B.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\NewShortcut10_B9C4D019D8C042959C28E61D4368901B.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\NewShortcut11_630B57E167964E56A130CD36498C0FE7.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6648.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A50.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\NewShortcut11_630B57E167964E56A130CD36498C0FE7.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF83678F7B4237667D.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF6857A590A526C08E.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF152BD4CFD4B54B68.TMP | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EB889732E30533E49BDE05F6A645B524\93002CF8DA495B74C842C8DFB0B70296 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Downloaded Installations\\{AA7A84DF-16EB-4C0D-BB6E-3D3693A63EC4}\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Downloaded Installations\\{AA7A84DF-16EB-4C0D-BB6E-3D3693A63EC4}\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\93002CF8DA495B74C842C8DFB0B70296 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\ProductIcon = "C:\\Windows\\Installer\\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\\ARPPRODUCTICON.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\93002CF8DA495B74C842C8DFB0B70296\Excel_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\PackageCode = "FD48A7AABE61D0C4BBE6D363396AE34C" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EB889732E30533E49BDE05F6A645B524 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\AuthorizedLUAApp = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\PackageName = "SigmaXL_Version_10_64-Bit.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Media\1 = "DISK1;1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\ProductName = "SigmaXL" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\Version = "167903232" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\SigmaXL_Version_10_Setup.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7B1564D62A21318F8F885397B4AE4646 U
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{24EDE6C2-3FD4-4D0E-88A5-0FF4F1B7EC51}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10A04516-BC9D-4699-9146-99E390827917}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3652401E-D09C-40D4-B9BE-3D50051E0A7E}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D5EFC7E4-B8B2-4159-9F4B-854F0813C77C}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{80115D54-1C42-40A0-8BB5-9AE52C100F2C}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0FEC10DB-BC4A-4842-B9DC-5DB124DE89D0}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{82058BBB-7157-491C-A99A-262D073C0F04}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8040AACB-2267-4434-96A7-C126E9520369}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7DA6F577-F1C9-4E39-8090-2638FFDD2A23}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{103F8B32-50FE-4FED-8F7A-7314891B93E2}
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\SigmaXL_Version_10_64-Bit.exe
"C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\SigmaXL_Version_10_64-Bit.exe" /s /v/qn /V"AUTOLOADPLUGIN=FALSE"
C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}\SigmaXL_Version_10_64-Bit.exe
C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}\SigmaXL_Version_10_64-Bit.exe /q"C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\SigmaXL_Version_10_64-Bit.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}" /s /v/qn /V"AUTOLOADPLUGIN=FALSE" /IS_temp
C:\Windows\system32\MSIEXEC.EXE
"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Downloaded Installations\{AA7A84DF-16EB-4C0D-BB6E-3D3693A63EC4}\SigmaXL_Version_10_64-Bit.msi" /qn AUTOLOADPLUGIN=FALSE SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}" SETUPEXENAME="SigmaXL_Version_10_64-Bit.exe"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 2F09C2164A4AA0782E9B23C8B9330F2D
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{108FA52B-ADB3-4922-9FE2-BEEB4A53BEAF}
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1E82868D-6056-436C-8D74-6A44B4F7E5B0}
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0BA5B277-039A-4D74-ACBD-DAA55D5126F3}
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C4EB9993-C998-4D14-8B8A-899AC56E0F9B}
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D8958F86-4083-44BD-A6E7-7E0BA2DC5700}
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8C1951B9-8510-4989-931A-B800425E0F71}
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{267064DC-DC63-4883-8BD9-F98C0A6ABD01}
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3964F179-1123-4E71-B20B-731F8D4765D0}
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3DB90828-6912-4962-AD89-F452B930F0C7}
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8D99768F-DFB7-438C-A3A0-7153AFD734DD}
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\MSI10835\ISSetup.dll
| MD5 | 252f6bdb4866cd1b8b3d503015f3123b |
| SHA1 | 239ac836065ec18b258968404fa27cf93138d329 |
| SHA256 | 470be2fcc8b45984543a92a9cb00608fea561390e60faeee79925315ccab6f47 |
| SHA512 | b922e5194976dce6a33891f3b3e0ea27979aaa72bcca37c3573f7c08485de1f0ad16f211787ebbaedc4bd69a0f969edd0ee8a17f12b810c0d8bf40c06c1ac827 |
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISSetupFilesHelper.dll
| MD5 | a18a877af745547c52be37224ad1e989 |
| SHA1 | 7feb6233b02fc965d24ac55e2f154f925bff837b |
| SHA256 | fe00005797dd4ddd1d029065997a07003d21c71857a93af09781bcaf30dfe4ff |
| SHA512 | 9e684b98f488ffaed061f5ae3a1a639b60c008296e7610c0b9dccf448ef23d32553be02f41f03e63e949dde13d2f62bf7c7ef4da707aa0e908f8e3caf3be5ca1 |
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe
| MD5 | aa9eb5317eac5401d5eb0b96a19af711 |
| SHA1 | 87e0d072d1212f6f696a2750162fd1d57394652f |
| SHA256 | 1360a6ec6d8a575780b7740e2dd56fcfcf2db997dc1c908f7e7e381ee4f12a1b |
| SHA512 | f17f84344a1ffd094bdb5ac52698c1abfa8ad9013e64915c2edba301504bc8cf765a82d57897655163a86fcd2939d97068a321849cf98937d4a1a305656355e8 |
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISRT.dll
| MD5 | b4171921e8339f2c5712b3c58cd86965 |
| SHA1 | 146ac8f91f65780269b9aa12ff90079159578275 |
| SHA256 | d72c678d0265d44898f6f85ae0a65ad5429a10564ee5070de93a75511f438f2a |
| SHA512 | 8d009c6863e782ceeeabeb8f1a39cf594e916fb94eac4a215e4cf9e82174170fa5eead12312801f3e787c7e7ad9badd20f5a03c7302cc63a2d33dbd0d77f4536 |
memory/4164-47-0x0000000010000000-0x0000000010114000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\_isuser_0x0409.dll
| MD5 | 1f65b77db1bd5878ac251490cf44247e |
| SHA1 | 38b9aa626a23734d53040a1be9ae825f25a683dd |
| SHA256 | 4d67108f2e60c3643df93960754e5ff1ec3591a50bf8c48333cc6d2e42b57b1a |
| SHA512 | 3ad4fd20cc7ad7bdee49d32da968cc0525c59bf48e5b9eec9871695f3a508c21fe25f02fcc9bd3c9c82bf872750b9fd5722bc1022ae140b6ad9e44c56ba9c624 |
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\_isres_0x0409.dll
| MD5 | 2da96148e97e0633ab934ce7b45e2587 |
| SHA1 | 7e9ce033c16c5dbc28b2dbf424eae02fd49c2085 |
| SHA256 | 613ba147f5877d6f78ec722e29103e6d71be9c04d0659910811ad7caeaa12b8f |
| SHA512 | 2d01e83761bd64abda598da7b5e67d0b5b9cb3dad4c0b01f347df69d2a9fa85687de4587f7cbf46365ca475456c43a647ab10920196be301c1820635fb43ddb4 |
memory/4164-52-0x0000000003550000-0x0000000003717000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SigmaXL_UI_log.log
| MD5 | 13bc9437003013c3e0f630ee251c93e5 |
| SHA1 | fcc7da6babbceeb6313cf1d6f8327ed849003a87 |
| SHA256 | 724ce5dc489bb932624dab871e3f2170443fc538357dfd3f4a877878777f3152 |
| SHA512 | 557e0ac448e6772c28d7164c6416f28d63f61193107a179a58878fcfe0e036594d7ec7ff2da1452a6528430149e376d6d15428dfc84bde66ebe34352532a101f |
C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}\_ISMSIDEL.INI
| MD5 | 2bc47f89b07c51cea2f8715facdd3183 |
| SHA1 | 994fecd6583d326787e7c79b01e7f18c469379cc |
| SHA256 | 82bb93d82279334b481a80678557f6b7123f070a562de44b0377e96d4e3d313e |
| SHA512 | 6c73a6e396defdb3a1bf08f8ee606d4485510cd8a25db98dd309ca60f855c493fe5f7dd52e439c7f4d67333b866014c7c8a2771771072442eb4230d2a81da83d |
C:\Users\Admin\AppData\Local\Temp\~5939.tmp
| MD5 | be4db0f272173a4b7f4e3687603d8312 |
| SHA1 | 5edd4e61fee61b17f8b85d3f0d48ed9c86a51f87 |
| SHA256 | d368b7e705a91785fcbbce83668864cb6b622b33e8846968c1882ba345af4b00 |
| SHA512 | e968370ce7e3cc0e8fbeba047bfb8cc0cbb09986397bf3183063a31067fbe805be6646f15568f4e90e7082c69c06e34f26903b57b1a69af83d6de92ac35b8d2b |
C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}\0x0409.ini
| MD5 | a108f0030a2cda00405281014f897241 |
| SHA1 | d112325fa45664272b08ef5e8ff8c85382ebb991 |
| SHA256 | 8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948 |
| SHA512 | d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298 |
memory/4164-160-0x0000000010000000-0x0000000010114000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iss6158.tmp
| MD5 | 9b8d88a2ffea9e3df1d7d40515f60345 |
| SHA1 | 4980beab01dfe210fa9244feaf81f5f00363aeed |
| SHA256 | 2fa5e02fdbe2fe880826cf2a02a85216a2e830254cff268249d6b1d7d47e293f |
| SHA512 | 4ce9ebd3508c53d4da138ae33a88e0ec971b63bf945ca8f0c9a5e25e928eb453082d887eb611c87380c83d4556a57c504049ae058314435491303b554f1c8042 |
C:\Users\Admin\AppData\Local\Temp\MSI861e2.LOG
| MD5 | 3ae2c04c3a0d7f85f5d55934cc611488 |
| SHA1 | f67e16729149add6d4f6c4d85650028be8190204 |
| SHA256 | c7aef4f973ecaf57398abee9efe6f7892108173d39a1afd3363a9990f353e7e4 |
| SHA512 | 0e0c26aacca97c6996f736f3f285ba1790b34db173475478c804c26c5edc754e55d3b8764836b0cc075dd92e398a2342885d13927a0ebaf52678ec91e08c2419 |
C:\Windows\Installer\MSI63E5.tmp
| MD5 | caab36876c8757cb23ceb224c583903a |
| SHA1 | 41872dced001b6898309a5dc005e162c9d450d7c |
| SHA256 | fb6fd34e42619110bdd4e7410e6cf5792d48da3579d451a4ca8853cdaa681ff4 |
| SHA512 | ac3ae007dd3ae3fc29fabb0cb694e174339f78ce7e11b0ab624ae9316adcd6d3f86a701c045074c3eb1a7a34060528cce4cb86a457c11a39f7338b0c0f25483b |
C:\Users\Admin\AppData\Local\Temp\{C2606CF7-E025-4E01-8DF3-D5FEA473F5ED}\IsConfig.ini
| MD5 | 8f18269fca810207a49201f5c1abc72a |
| SHA1 | eae6d0362f6e7ed8a8fbf185a7ac5b5206d0865a |
| SHA256 | c52b1d47d18964f13433896ecd67e1f338eb19403d4a51cf411cd9f6317e90e7 |
| SHA512 | d18d937ce37436070cce6a1a2fa6ae40233b79785a3517b46b46f8bc94c4b2def9669ac8ecc4cf6033bef98d817e305637ddd7d2c3a826f36c87d3b1b5b4360c |
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\setup.inx
| MD5 | c306ef16835f01966b0b7b0b79eb55bb |
| SHA1 | 4e97cc8e7bdbde7be3134c77a22730c2f672c3c9 |
| SHA256 | d6a38c864139e7a63156590eb61357c2b9caf0789e22efea607fbbe0330829de |
| SHA512 | 6f9580aceb9be8d7a2129be0c946f6132cedc12ed0b8ca778ff512bc413319fa6ea52ac3cddef0082621051ef4e3c2cfdcefc8657a94ec97fded7931377b9051 |
memory/2772-243-0x0000000010000000-0x0000000010114000-memory.dmp
memory/2772-247-0x0000000003900000-0x0000000003AC7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\String1033.txt
| MD5 | 040fdf59432fe943da295e0fd115c180 |
| SHA1 | efb354981fd6c82347556ecd329c20bdba51c6d6 |
| SHA256 | 9fd5f1ef1099c9d1a3843d8cb51b6ecb44762da7c933d27eb6f79ac50b788609 |
| SHA512 | db4dc507295f2d1be731471f0f3e0e047bcd64804b2ebf23ee0a91ab259bee566d336f77f420908ca69a18136a57ccd727259c1bb21cec9f3a86c9a6da772904 |
C:\Config.Msi\e586242.rbs
| MD5 | cfdb4459ce4f4b2db1241814cb09442f |
| SHA1 | a8ea318087443499c43c52077eb4436ef799d927 |
| SHA256 | 99dcf8c85ffe9e8d1e227621ba9f8c2a1879638076785f0cc027b433377f23db |
| SHA512 | 7f0b78d6ad7a0e51a91a5855bea8ebbccd0711d7f214d3d23347d5884aba627635ca0b86ae08b4006eb122a69317b94430b6be1abc8dd0624f77dc7107b320d5 |
C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}\_ISMSIDEL.INI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}\_ISMSIDEL.INI
| MD5 | c10f0c1c213324eb2d479d8617a58197 |
| SHA1 | 5d830ffc7950e47de2a7f9efafca8425c37a382c |
| SHA256 | 06d38311dc59cf5a078491d01fe65e579b3c5d72764bf93e35ae24cd74a805be |
| SHA512 | 6b73dd20de1f288999bf2590f8cf095f5804ae2648ab85d136a919ffe0e0430180c91a46b2ad6192104ee8802d982f70bc0fcca87cd8189a5be3e04312d1a702 |
memory/4164-584-0x0000000010000000-0x0000000010114000-memory.dmp