Analysis Overview
SHA256
743e017c850a7b043acf840da6b5ebaea89c1f89db5aa62bf221c2fb199d173e
Threat Level: Shows suspicious behavior
The file TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com].rar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:30
Reported
2024-06-12 18:35
Platform
win11-20240419-en
Max time kernel
131s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Loaders\Student\Injection.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/2464-0-0x0000000000400000-0x0000000000419000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-12 18:30
Reported
2024-06-12 18:35
Platform
win11-20240611-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX CAS\Injection.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.14:443 | tcp |
Files
memory/3444-0-0x0000000000400000-0x0000000000419000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-12 18:30
Reported
2024-06-12 18:35
Platform
win11-20240508-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX CAS\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX CAS\Loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/2072-0-0x0000000000400000-0x0000000000444000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-12 18:30
Reported
2024-06-12 18:35
Platform
win11-20240611-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX\Injection.dll,#1
Network
| Country | Destination | Domain | Proto |
| NL | 52.111.243.30:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/4304-0-0x0000000000400000-0x0000000000419000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:30
Reported
2024-06-12 18:35
Platform
win11-20240611-en
Max time kernel
84s
Max time network
94s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\slabvcp.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\SETECD2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\tinspusb.inf_amd64_404827dbec0928e5\tinspusb.PNF | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\SETE8AA.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\SETE8AC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\x64\SETE9C4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\SETE4E2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE764.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\SETE9C6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\slabvcp.inf_amd64_68f00fa9ebb8b3ef\slabvcp.PNF | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE753.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\SETE8AA.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\clauth1 | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE765.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\SETEB0E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\tisledos.inf_amd64_9e28b7911d278368\tisledos.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\tiusbcomp.inf_amd64_975d3cba9dc0379d\TIUSBComp.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\tinspusb.inf_amd64_404827dbec0928e5\tinspusb.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\tinwbusb.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\tisledusb.inf_amd64_d9f889cf87b635a6\tisledusb.PNF | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\SETE8AD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\tisledos.inf_amd64_9e28b7911d278368\tisledos.PNF | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\SETEBD7.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\tisledusb.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\tiusbcomp.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\SETEBD8.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\SETECC1.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\tinwbusb.inf_amd64_fc232bae276a3248\tinwbusb.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\tinspusb.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\tihifusb.inf_amd64_665ed84772543204\tihifusb.PNF | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\tisledusb.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\clauth2 | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\tinspusb.inf_amd64_404827dbec0928e5\tinspusb.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\SETECC1.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE764.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\tihifusb.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\SETE9C5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\slabvcp.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\ssprs | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\SETE4E3.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\SETE4E3.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\tinspusb.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE763.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\SETE4E2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\tinwbusb.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\x64\SETE9C4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\SETEB0C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\x64\silabser.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\tisledos.inf_amd64_9e28b7911d278368\tisledos.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\tiusbcomp.inf_amd64_975d3cba9dc0379d\TIUSBComp.PNF | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\tinspusb.inf_amd64_404827dbec0928e5\tinspusb.inf | C:\Windows\system32\DrvInst.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\app\lsdcod64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\jdk.unsupported\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\include\jvmti.h | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.scripting\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\javafx.graphics\mesa3d.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\fonts\TINSSaBD.TTF | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\CaffeUtil.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\sda_core.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.desktop\giflib.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\javafx.web\webkit.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\xercesImpl.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.xml\jcup.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\help\TI-NspireStudentHelp_SV.pdf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\api-ms-win-core-debug-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledusb.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\TI Shared\icons\tco2.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_da.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.rmi\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.net.http\ASSEMBLY_EXCEPTION | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_it_ch.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\api-ms-win-crt-convert-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\bin\jsound.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\bin\nio.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\javafx.graphics\opengl_fx.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\server\jvm.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\soap.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\XP\x64\tisledusb.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\XP\x64\TIUSBComp.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit\tihifusb.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.base\icu.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\jide-plaf-jdk7.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\slas-admin.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\lib\security\default.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-32bit\tinwbusb.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\jdk.unsupported\ADDITIONAL_LICENSE_INFO | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\fonts\TINspireKeys.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\jdom.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\javafx.controls\ASSEMBLY_EXCEPTION | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\jsound.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-32bit\tihifusb.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\conf\security\policy\unlimited\default_local.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\api-ms-win-crt-utility-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.xml\ASSEMBLY_EXCEPTION | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-32bit\tihifusb.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\lib\fontconfig.bfc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\api-ms-win-core-console-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\lib\classlist | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP\slabvcp.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\TIUSBComp.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\conf\security\policy\unlimited\default_US_export.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\pdfbox-2.0.15.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\conf\security\java.security | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Vista\x64\tisledos.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.prefs\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_fr_be.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\jfxwebkit.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\forms-1.0.4.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\lib\psfontj2d.properties | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\api-ms-win-crt-string-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\{52287019-2302-4208-B05F-B772BEDD07E6}\TINspireCXCASStudentSoftware.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{52287019-2302-4208-B05F-B772BEDD07E6}\TIDiagnostic.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57accc.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File opened for modification | C:\Windows\inf\oem9.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Fonts\TINspireKeysCX.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TINSSaBI.TTF | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEE24.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem8.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB153.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF0C5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem8.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB220.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TI-NspireBd.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TI-NspireBdIt.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TINspireKeysTouch.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TINSSaBD.TTF | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB870E86DD7E88AED.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{52287019-2302-4208-B05F-B772BEDD07E6} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TINspireKeysChinese.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem7.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF422C4037AED09A44.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TINSSaRG.TTF | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE41F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAD76.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAE15.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF5B23D23C006C5A24.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TINspireKeys.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIADF4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAE64.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF898DB2AF66EF363D.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem7.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB722.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TINSSaIT.TTF | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe | N/A |
| File created | C:\Windows\inf\oem9.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\e57acca.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{52287019-2302-4208-B05F-B772BEDD07E6}\TIDiagnostic.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIED58.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAE05.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\TI-Nspire.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE2F6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\java.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS.Document\shell | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS-tnsp.Document\shell\open\command\ = "\"C:\\Program Files\\TI Education\\TI-Nspire CX CAS Student Software\\TI-Nspire CX CAS Student Software.exe\" \"%1\"" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TCT2.Document\shell\open\command\ | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\91078225203280240BF57B27EBDD706E\Feature = "\x06" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.tmo | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TCO2.Document\shell | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{52287019-2302-4208-B05F-B772BEDD07E6}\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS.Document\ = "TI-Nspire CX CAS Student Software Document" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS.Document\DefaultIcon | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS-tnsp.Document\shell\open\command | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\DefaultIcon | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.tlo\ = "TLO.Document" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TNC.Document\shell\open\command | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.tcc | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.tnb\ = "TNB.Document" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TLO.Document\DefaultIcon\ = "\"C:\\Program Files\\Common Files\\TI Shared\\icons\\tlo.ico\"" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TMC.Document\shell\open | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TNO.Document\DefaultIcon | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.tmc | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS-tnsp.Document | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TMC.Document\shell\open\command | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.tno\ = "TNO.Document" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TNB.Document\shell\open\command\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.tns\OpenWithProgIds | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.tnsp\OpenWithProgIds\TI-NspireCXCAS-SS-tnsp.Document | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\rayat00c\Value = "B\n%i\x14£[n" | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\aishwarya | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\91078225203280240BF57B27EBDD706E\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS-tnsp.Document\TI-Nspire CX CAS Student Software Document | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TCO2.Document\DefaultIcon\ = "\"C:\\Program Files\\Common Files\\TI Shared\\icons\\tco2.ico\"" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TNO.Document\shell\open\command | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\alra02z | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\shell\open | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TMO.Document\shell\open\command | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.tnc | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TMC.Document | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.tnsp\OpenWithProgIds | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TNC.Document | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TNC.Document\DefaultIcon | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TMC.Document\shell | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\sara03y | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\PackageCode = "E86D1C48FAAE10240A440A88E5A637B0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\jpra00b | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\jpra00b | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TCO.Document\shell | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\rasobh00a | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\aishwarya\Value = "¤¦\x0fìLjI8ã" | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TCO.Document | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TCT2.Document | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\DefaultIcon\ = "\"C:\\Program Files\\Common Files\\TI Shared\\icons\\tcc2.ico\"" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\shell | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.tco2\ = "TCO2.Document" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TNO.Document\shell\open\command\ | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\sara03y\Value = "\x14ÞðkEV´" | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TNO.Document\DefaultIcon\ = "\"C:\\Program Files\\Common Files\\TI Shared\\icons\\tno.ico\"" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TNB.Document\shell | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\aishwarya | C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TCO2.Document\shell\open\command | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS.Document\shell\open\command\ = "\"C:\\Program Files\\TI Education\\TI-Nspire CX CAS Student Software\\TI-Nspire CX CAS Student Software.exe\" \"%1\"" | C:\Windows\System32\MsiExec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe
"C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6EE4F730AD649DB900CA621A8C77A65B C
C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe
"C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe" /i C:\Users\Admin\AppData\Local\Temp\{52287019-2302-4208-B05F-B772BEDD07E6}\tempTINspireCXCASStudentSoftware.msi /L*V "C:\Users\Admin\AppData\Roaming\TI-Nspire CX CAS Student Software-5.4.0.259-Installation.log" AI_EUIMSI=1 APPDIR="C:\Program Files\TI Education" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs" SECONDSEQUENCE="1" CLIENTPROCESSID="2336" AI_MORE_CMD_LINE=1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A769697B7AAC6041CEA02BEAA388B125 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6993DB7F3F270172202E4545FCF6979F
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding E780F3FD91FA3DC884C70490A402BD50 E Global\MSI0000
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\Nspire\Win7\x64\tinspusb.inf"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\Nspire\Win7\x64\tinspusb.inf" "9" "4a46d32df" "00000000000000BC" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\Nspire\Win7\x64"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit\tihifusb.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit\tihifusb.inf" "9" "4db413e73" "0000000000000158" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /u "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-64bit\tinwbusb.inf"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-64bit\tinwbusb.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-64bit\tinwbusb.inf" "9" "48fffc79f" "000000000000015C" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-64bit"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /u "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP\slabvcp.inf"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP\slabvcp.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP\slabvcp.inf" "9" "4261651cf" "000000000000017C" "WinSta0\Default" "0000000000000180" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledos.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledos.inf" "9" "43758f01b" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledusb.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledusb.inf" "9" "4fedb62c3" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\TIUSBComp.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\TIUSBComp.inf" "9" "410bcacb7" "0000000000000184" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe" {F5A0B0CA-6C5F-4029-AE7F-17B5A067E4E0} TI-NspireCASSE 1.0
C:\Windows\System32\cacls.exe
"cacls" "C:\ProgramData\TI-Nspire CX CAS" /e /t /c /g EVERYONE:C
C:\Windows\System32\cacls.exe
"cacls" "C:\ProgramData\TI-Nspire CX CAS" /e /t /c /g USERS:C
C:\Windows\System32\cacls.exe
"cacls" "C:\ProgramData\TI-Nspire CX CAS" /e /t /c /g GUESTS:C
C:\Windows\System32\cacls.exe
"cacls" "C:\ProgramData\TI-Nspire CX CAS\res" /e /t /c /g EVERYONE:C
C:\Windows\System32\cacls.exe
"cacls" "C:\ProgramData\TI-Nspire CX CAS\res" /e /t /c /g USERS:C
C:\Windows\System32\cacls.exe
"cacls" "C:\ProgramData\TI-Nspire CX CAS\res" /e /t /c /g GUESTS:C
C:\Windows\System32\cacls.exe
"cacls" "C:\ProgramData\TI-Nspire CX CAS\license" /e /t /c /g EVERYONE:C
C:\Windows\System32\cacls.exe
"cacls" "C:\ProgramData\TI-Nspire CX CAS\license" /e /t /c /g USERS:C
C:\Windows\System32\cacls.exe
"cacls" "C:\ProgramData\TI-Nspire CX CAS\license" /e /t /c /g GUESTS:C
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 91C2016596D22545797C5B33758B4F82
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe"
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\java.exe
"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\java.exe" "-XX:ErrorFile=C:\Users\Admin\AppData\Roaming\Texas Instruments\TI-Nspire CX CAS Student Software\logs\NN-crash-20240612-183432.log" -XX:OnError=ProcessCrash.bat -Djava.rmi.server.hostname=localhost -Djava.rmi.server.useLocalHostname=true -cp "C:/Program Files/TI Education/TI-Nspire CX CAS Student Software/lib/navnet.jar" com.ti.eps.navnet.server.RemoteNavnetServer -c 0 -d 3 -l "C:\Users\Admin\AppData\Roaming\Texas Instruments\TI-Nspire CX CAS Student Software\logs\navnetlog.log" -r "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin"
Network
| Country | Destination | Domain | Proto |
| US | 152.199.19.74:80 | rb.symcd.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 152.199.19.74:80 | rb.symcd.com | tcp |
| BE | 92.123.55.170:80 | education.ti.com | tcp |
| BE | 92.123.55.170:443 | education.ti.com | tcp |
| N/A | 127.0.0.1:1099 | tcp | |
| N/A | 127.0.0.1:1099 | tcp | |
| N/A | 127.0.0.1:1099 | tcp | |
| N/A | 127.0.0.1:52772 | tcp | |
| N/A | 127.0.0.1:52772 | tcp | |
| N/A | 127.0.0.1:52560 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\{52287019-2302-4208-B05F-B772BEDD07E6}\tempTINspireCXCASStudentSoftware.msi
| MD5 | af4b7d2986bc871b659e9138a8b6fb32 |
| SHA1 | cb39398364c4d0a10ce7c81c2483bd0072f138db |
| SHA256 | 279bf8e6474e2161c408a9869af0d41adfd10f612d53cc12f163e4906fa54b40 |
| SHA512 | 90b1c0a6e26f70046f1c23734ee95569467bbee0f7a633aefcc8c721140897d74cdbc6b35dd294129396c7acc5ff22dea32e50d4c98e94ac06bcf58fa1a9786f |
C:\Users\Admin\AppData\Local\Temp\MSI982A.tmp
| MD5 | de3a2835b4645ddf37c5885ad2698a1b |
| SHA1 | f246cdeb6fb08bc4656e5a7d69837d22ecc738d4 |
| SHA256 | cd906a2bb5e5a6a44619fb89f5d1b390c569a40ab89d1540898cdda606e81eef |
| SHA512 | d2c8019e1add1113c14c049c67e5323d94dd24077cd2de4531bd58abfd83405f2ba3b12bf188ab4e9bc8630d5fa356b930bb3ba16701adaad8b27f06b969be48 |
C:\Users\Admin\AppData\Local\Temp\MSI9898.tmp
| MD5 | d23c9b725dc88a729250a65229e35b39 |
| SHA1 | 112a859b1c905e6514e0f18a8a41ec6455ca617f |
| SHA256 | 284e1b5af1e6a57f776cd82093be19820ab3c90ca1c4639c4b11f7a00a3e6877 |
| SHA512 | e049af99a7d4a265eb8cd9a2e31c4d387b8a42683d4a80fe935ead8a95b1f456407129dad241aa956fc6ebc2b3b52886a5668499d7f256232c3c372c70a8f465 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\background.bmp
| MD5 | 2064f9bb7b19bafdf041aabd23df9936 |
| SHA1 | 1bfb8c2150e905ba287dd37478b43a41946045e7 |
| SHA256 | 660d65c4275f3c8ddd22bd692e023e7513d5e69e7e8d1bffca208457e39d7a12 |
| SHA512 | 189e91450e2c98d3255a046cc17fa0bbdee879ae2f13cdda05aa270d4990ba7bcc2fe72d99c2b60471cdd32dd11e57c774d467bd5cce05b8f2ce3b738889ad04 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Gray_Line1.bmp_1
| MD5 | 5e462744a8ef72c1ee9578fe725966e8 |
| SHA1 | d4e72939e769c56d872f92501e30b455c1d25210 |
| SHA256 | a4745acb810b9f49bf820eb10db97e68d46b686d920a1e81e1fae8fca2f043fb |
| SHA512 | 0a901f39cac7f11f2df4a8cd619d002ca0d24987e51693a40d66807492057da2e7d7475daef4150816e7bcc3e24824dc0666ddf6adc449eef8c9186979c3fbf8 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\TI_Logo.bmp
| MD5 | e0712ad9765c9a6b626184d03499beab |
| SHA1 | 2bad459e97c36c40adcff764281d7afb4a202f6c |
| SHA256 | 941594a5b141695a42226b6df5b62b4c25e58e4eab9d201ef5c3613cb6a793c1 |
| SHA512 | 1284187f60358d8f70c9938a6f373ea30993657c1dd0a35737e78c879400be05f8d0246b07e09b72f533374c4a791de839576bdf67f8f6d61e6c5271f5e9b30a |
C:\Users\Admin\AppData\Local\Temp\MSI99D7.tmp
| MD5 | c7190f385147c4c510f0801ad68d7e29 |
| SHA1 | 61bdfe36fa91224c7560ddc3111e0ccb4bd6ff26 |
| SHA256 | 791ab32f5b3a81ca520b55cecad6bec35ffa215148f1c9f979efadecbba4ba82 |
| SHA512 | 862c7f8ba3cf4376a3adeed3e61435dd15f9cb0b9d8dd2c679da564cd33428fe29c24838e6987374aace731b9c69e55db002e73563e185f07cf456fb72452c45 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Install_Button.bmp
| MD5 | e80b2a08f1d45529f4c25839b35f00d2 |
| SHA1 | 217368981681181eee0ddb95779e015036ac3a4f |
| SHA256 | 1f7ff2188f20f2148542b51c2ca9965ee09c549794b4ebdd459be0c1c83e758d |
| SHA512 | 326a853c74f6cb20a1d9fe9a26e034716fcaa17026cc9fb05795c156ffc16b6e604ecb608e8989e3155b465fd85e85bcfd4e4e8f2ac12c9c5cc3c7b9769a5d03 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\SelectFolder_Button.bmp_1
| MD5 | 30b919d5a9e6bcc2db72821b1637e132 |
| SHA1 | 90f449c99ea346e615324190dfe90b240b1d59df |
| SHA256 | 88c091deb74c2ab0eb28d5acba0b59a608deab63bb55bbc6580d7f2cbd35faf2 |
| SHA512 | d1b2389c56841bfdd49ba5b5b2659ec14c2374c3ba1ca43944ce108030a9f170f023dc14bc2aba2517818c41666051825ec9fdf1b197bd58f2c559d93040cde6 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Gray_Line2.bmp_1
| MD5 | e0be4386d8d5609c942dee28172d4341 |
| SHA1 | 542d946599d74e4b80dffb36dea95cf69e021fe9 |
| SHA256 | f63386b69ebae634c0977c9bbf0eb7d6cfd3bcbb1ceb430a3cf9a6d4c45bd553 |
| SHA512 | 67cac38fd62b444bc733093538d3ee8e82b93fc0dd54e35862bf6cb2f5beaf51e9dc36598674b8727c348fe208faa8ae34e967e818bb22a82b2c39588f6ca701 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Red_Line.bmp_1
| MD5 | 313487c9477d181a853c24faa992d1de |
| SHA1 | 9d5124432562269c7e992ecd19cf5bae4bffe62c |
| SHA256 | 67d3db390627990fb200a39af8a01ea595bf976c7ba8f2ec4b7d44c2839ddbfc |
| SHA512 | 2624533ffb4ace54c67d8d579f4a2c68d155a71d2c5496653f999fe60d48d453f4213c00d65e086cb0eb201fd265e2b1379c4d07d8f0f21e0319c927fdbac1bb |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\TINSPCX_CAS_SS.bmp
| MD5 | 77e399b8deac91b325d4a4763c3529f7 |
| SHA1 | a4982e320aff9bc93d307bf2769b69d3244e3201 |
| SHA256 | bd16766893dab0ae8910ac1913b3b55fe05b02928c19cd957a1a6f6e3eceff32 |
| SHA512 | 113e6f1152a0f744e12717f0245e7f53cec2c931395bafa6eb49b34528ca33f3a6676dea53b28733283f388c5fd2e70badddfd2d042903accb815b09d4b092a5 |
C:\Users\Admin\AppData\Roaming\TI-Nspire CX CAS Student Software-5.4.0.259-Installation.log
| MD5 | 80a59f3db18e8444d132e76a97da8e5b |
| SHA1 | 25c1b1fe4039feda4d165e8b1b19c0f4fe3d67e4 |
| SHA256 | 12ef2f209891bbdc1389c1420542969e46abfb5ecfb91acc0da98b46d17d6653 |
| SHA512 | 23f98aa6853673f5df0e0615535ad292d868ca1231caed9b10dc3c0b992575f8ea8365b38246cfcdda6216c85bc03d0c33c7f47f003ec229459b378c09b02ae2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1401C7EC8E96BC79CBFD92F9DF762D_5398732881722BDE3E78D6CA6BB2B78B
| MD5 | 5cbdcd45aa4cafcab44f03ca8469e8f3 |
| SHA1 | 1506468653f6210653063f04f7296ebcdf627ae3 |
| SHA256 | 972b79c159005ed7fe79fcedb19cb79b64cf717cb9ee47bbe748a09fa3f25710 |
| SHA512 | 38eaf1961552e38c83b22a139d07484759a831204f8569f71c1a40a448d5d34dc614f2c6a6d0f645cd6a97f970b8bc9e1237204e897ad7d84cdc03e68cea731e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CDE89F9DCB25D8AC547E3CEFDA4FB6C2_67FBF2E314389DF5A2621A34F9343C73
| MD5 | a59713da83a72ae67970da1e2f210971 |
| SHA1 | 68524dd2aedf104331546d465e38789b130f8a8a |
| SHA256 | f0715abe3de17566cb74c96b50bdf8cfe8e14af9e7b0e267f55a1735e14d00f1 |
| SHA512 | 221f437aeace54c2089ac784fd73909dd10ff7457f12df42a5d80c8ba5282e746089c4e789445820ba9525bc628b5ae70f898e32934a9b63051de7a4d8020d33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CDE89F9DCB25D8AC547E3CEFDA4FB6C2_67FBF2E314389DF5A2621A34F9343C73
| MD5 | 68b411a55e6a7bc4f6bfca1cecf63510 |
| SHA1 | 0a03370ce1d036be648106458c80fb71f552b04a |
| SHA256 | 8d728ab57bb0eac17852de945dbaa43ea637ec7f1a3b923c1d6583e219423396 |
| SHA512 | 2e5de73626c2c6f92e4c922c3113faedb901d679a73f507e25ed0b4454d7e81ae40333d8d06f57187f2a118d5514f74c87c2fefca88f8ac6f8c593b652505e2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1401C7EC8E96BC79CBFD92F9DF762D_5398732881722BDE3E78D6CA6BB2B78B
| MD5 | ae4d7aa077f95e7ad608297431ba2860 |
| SHA1 | 0f2cfb7ca1cf28277c9504ee28bc7443398ddd8c |
| SHA256 | 9a4e15a8aab754947013fe33482eaf310993e2ab4e1ea5490ba1bd43ea6245ff |
| SHA512 | 1773ec4c8f5bad4cdd3359f6fa9b4b21aac150d78585fdb8eefbd09550f76b9a277c9e57d7160989a35d7c63b01911052fe385a1edef6173646d0f240b4d1039 |
C:\Users\Admin\AppData\Local\Temp\shiAAD6.tmp
| MD5 | b40e4304f279119d9345be970babce41 |
| SHA1 | f76f5b30e7c333efcba1d4e19215ef1fd21d6943 |
| SHA256 | 06285446d57089fe85b3b6127bbc92508773af458ad5cf20abf4570d41c0fee7 |
| SHA512 | ad7e6b30b3ba32d641737f499874f23ccda7c4539def0465d1723d579c79c5e3e981df8526d31f2eb79dc0fe572eb4b71a780eb63df11170d4b6a0786f588299 |
C:\Users\Admin\AppData\Roaming\TI-Nspire CX CAS Student Software-5.4.0.259-Installation.log
| MD5 | 79dc953284d1c8eeb99181bcdf3fec1b |
| SHA1 | 378e442bb66b5c59a16c964d5c589ace84d12a4b |
| SHA256 | f04e8fec847c3305e410ba5a42a6c8a090f509cc9df594c9cb8668bcd13a1bdc |
| SHA512 | a328e2a3c52b5aa45a1450e16c5762b166f42d7b82e075e64de0e841535e99e958e435911176263a4346c11dc996b3e1cb2d7efb8333aa80a40638fe42400251 |
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_en_uk.html
| MD5 | fc5800eb6188c07a9e5841044de2face |
| SHA1 | 0917d57f28eecacfa75ab025b0aeffe1fac6c7d9 |
| SHA256 | 41c7309875144d88fa085f5d43771696e779c9e432722f64cb98cd84b16b0e1a |
| SHA512 | ab2fc480803d456d5e4bee4d672e7b2f07d7949d18205e51cc41bf4793aed3e470aedece27a26ea643f120d79433d38aabf3c1bdb1735a13275e226bee6c1749 |
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_es_es.html
| MD5 | 8512fb3a4946e5ceb666e26c80d3b982 |
| SHA1 | 57620a7126e7dae517778158657bf8854b4a4952 |
| SHA256 | 82dacb175687a49f1dbe364eadd7dd1833d3e886df3ffa89d6bcd86349a37445 |
| SHA512 | b226d317f92d8b4c021c8748617e878070e03749d46b1ea38217a4254653372384c170cf025852c3da00ad052cde8450f054d5ea575756f25906e49b734cf269 |
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.management\ADDITIONAL_LICENSE_INFO
| MD5 | 19c9d1d2aad61ce9cb8fb7f20ef1ca98 |
| SHA1 | 2db86ab706d9b73feeb51a904be03b63bee92baf |
| SHA256 | ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9 |
| SHA512 | 7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b |
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.management\ASSEMBLY_EXCEPTION
| MD5 | 7caf4cdbb99569deb047c20f1aad47c4 |
| SHA1 | 24e7497426d27fe3c17774242883ccbed8f54b4d |
| SHA256 | b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a |
| SHA512 | a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619 |
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.management\LICENSE
| MD5 | 16989bab922811e28b64ac30449a5d05 |
| SHA1 | 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a |
| SHA256 | 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192 |
| SHA512 | 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608 |
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\Nspire\Win7\x86\tinspusb.inf
| MD5 | 943b536056945bbed4d7aba0a076d110 |
| SHA1 | c870f5d1566d1d6ff69b85be76426db1fafbce06 |
| SHA256 | eb5915598d2c0793697bd4a6df07375b49d73f4cf2efb9050f6b3cf72819da7f |
| SHA512 | 73f54363b1529819a1b44ae81108623a3b785d8927a02bf35354f150b625c58bd84c2e5daa2047e22409164a3cc6e851a80dcd76d939a2af62af0637aeafbbd8 |
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe
| MD5 | 4a857ee9b23aca8edef07a9f1e6287d9 |
| SHA1 | 1fc61099e324d9083a7d3a794402a82c788998ce |
| SHA256 | 6cc3710bbe289865a59042258c6049f8bba434130afead4f9b5fe7638886e551 |
| SHA512 | 53b3cff859a4e2c8be1dfa7739f261491ddb4ba6c45b176c7dd88d63eb98238cbadbe6db965b6683e678ea17e8d497d597311995fcdd41053d85d0853000c0d1 |
C:\Windows\Installer\MSIE2F6.tmp
| MD5 | b640cebcd6e50fecbf5dd7d423c0234d |
| SHA1 | f45c841fd83aba6ee47a0067c2d777c9c8424760 |
| SHA256 | a0f50bfaec3245f3301cd7d34dbdf041a046e0a87d7e3721284c80de12dbfbbf |
| SHA512 | e3acbe95a1155653bbf91cf14cff1db4628e3665c3c17aa026c06a87f424dce6c9c3fd870e15ed3a00591988c5c4d0c8b60a28f60049a94d03cd0c91441d0a9f |
C:\Windows\Installer\MSIE41F.tmp
| MD5 | d72c497092b50c06e6b49e5e13864b54 |
| SHA1 | 40c59f111c9e64d32235875a14121c982b4954b5 |
| SHA256 | 457e44ccaac08057e855af809a634b1f297333ab4e2a7b7266cea5c247328571 |
| SHA512 | ed77e61f97a5e9362010f98b6a43392d90883de902bbc0bba89f2c70a91d644cce2d22125b3b09851825ec9d7f2c83586cddea9e1ee8025df542ec47b52341ed |
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
| MD5 | 56ed723523176d28f452a3d6c4a1eb9b |
| SHA1 | e851cbfab5a521cd91fddb4ba7e3915274f4de95 |
| SHA256 | 44505ca0dc3ccbcd5993f748bbeb478e7681fa5fe5dd171ba0ca7848495e4633 |
| SHA512 | 6ce706e014d5ebbc8b3ccffcf9bccb6431eb5a06837a2dcbab261d3bf4452d6e4ca679cdd8b6c079f27b617f0f5cee01221ca036829dafa32c77b470e1c2f681 |
C:\PROGRA~1\TIEDUC~1\TI-NSP~1\drivers\Nspire\Win7\x64\tinspusb.cat
| MD5 | 6834a8a4c1d1430eef83eff8deb0e9ba |
| SHA1 | 752c2f837d1133c64b72243c223b2b96319ca7e2 |
| SHA256 | 6d6db16614b7e63bc70c84a08e08825a31172b8da4fe4e4f668167e4e44b8d8b |
| SHA512 | b7d46b880d92af26c7472fbcc999e562489582aaf80b1d2a693d8c416409aec2cf2a3afe716d4de4c0eb2813cfc696ba646fcce3e751e031c4935c0fb0b0187d |
C:\PROGRA~1\TIEDUC~1\TI-NSP~1\drivers\Nspire\Win7\x64\tinspusb.sys
| MD5 | c44d96b1cdde705b23f55ab423cca73d |
| SHA1 | 5c1889f64d6e224d832a257e55b2ff7b8504e3d4 |
| SHA256 | ab9842e90dd3d686e66bdbe043eb0068272b611d6f63c818eb9d1b6fe2fe23bd |
| SHA512 | 06cec365642f454151a1ab961210749ccca71830c2099fe8ad77d8ef81b49dc1b671d40ac6e3ba5fdab4588a3959acae1288050af73b5a21d1e3203fd2d4ee3b |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | ee7750dbc0dbda30447cde740a39057d |
| SHA1 | 602ecd8a6c9593b69f34f9497e23e5945ac108d4 |
| SHA256 | 0c9b7bb3b741d25ccc3e77001b968a99d1cde8348e2a4a07a1a96c7f02907f5e |
| SHA512 | 6333be392723917ad53697a079b0d2d55c55b672df2ff2129bc327897b95599aaff321ab607f945b681e21b548c2b73a772dad9be7caacc4361158448244c699 |
C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit\tihifusb.inf
| MD5 | 16ce7f0800c03b47a73a6dfc1904ca53 |
| SHA1 | 9e1332f529ce698b0815655c7b43edd2c54cd7fe |
| SHA256 | 839d0b3595e609d4e9370b7938d8cbac2eaa328343c64d75a354d4d9730b7fd4 |
| SHA512 | f4f872633b117fc5c3e51c0e0dd69f1558bccbdb5ec0e5f78650dc791b2aa12592d6368852d6087bab8518083c80f350e7b386aad55aba5927314441362657de |
C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\WdfCoInstaller01009.dll
| MD5 | 4da5da193e0e4f86f6f8fd43ef25329a |
| SHA1 | 68a44d37ff535a2c454f2440e1429833a1c6d810 |
| SHA256 | 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e |
| SHA512 | b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853 |
C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\TIHifUsb.cat
| MD5 | d9ded781f85e710c9bd3d9814fb50472 |
| SHA1 | 2628d4cb092623d480b9c3f0a8270b765fdafebd |
| SHA256 | a555dcd2727720c6734e0943aa1c92d6a40e41e3eddf73b0c063b0bcef78d581 |
| SHA512 | bd87d12129dea39b0688b0205823f5d01d0f0cdcc311e95b4c5a5004262fc6145d6bf07ee34efb81dbcf4c7a95815ea14a73fc5d5f60ef7a54f0e1ebeb1c6b0d |
C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\tihifusb.sys
| MD5 | 7f320b3649fd507b1da08024bfada9c9 |
| SHA1 | 2f77f851f64156355af9082667f5de87a520cb20 |
| SHA256 | 2365c8fbf875626e6aa77a47f560ad6423805fc3792e12f815c7431c4dcbc721 |
| SHA512 | a14e7f30721c7e0f7c35888c596acbeb70f371a39606369e0fa71706d87d8bc896b146b6698ddd0cb9ae46a49ec0f0709ac9a22a3aefbe90b6d0bb971a015480 |
C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\tinwbusb.inf
| MD5 | 77dc3ae73e7e935bdb0d97aae72096a8 |
| SHA1 | 1a6cfb5c33082bcbd4e4037798bccd3cc7cfb5d5 |
| SHA256 | 03eb5b6f313a3d21e631e17a6f9cfda67d27f11692525bd8ac833788e5dceb11 |
| SHA512 | ec5a05329bb8f04459186d7d441c89a9704bfa475acd283604049e21646fc99e3f2b28fda2e908c7d26e63b581c0a0e81f2b107822631a7846a61a4cd700575d |
C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\TINwbUsb.cat
| MD5 | 45f70aa9344e537be7ac5bd974205d6f |
| SHA1 | 6356df139c4923145a50f8d438e2a405e7fd88b7 |
| SHA256 | 52a2ccbb83fe7a3a80215d16b76e5d856914857da66e4a1b40e0b6ec5496fa89 |
| SHA512 | ee51ebef4999e3e56c5f8b84681e296306a62979f68b79b778ca0acb4a23ef9acde29d48d108c7bd0ec9ef0bb02eba66856156fb285f058f148893b65b83a223 |
C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\tinwbusb.sys
| MD5 | afe98e9d341f7fd637bbf9e5693ac140 |
| SHA1 | cd86c8240f78715320e20794f2209d7d7d82d8ad |
| SHA256 | dcf0030d78050e4e6c21bce692362284e88310ff8c6e568d428bfc888e2eaa7d |
| SHA512 | 551ec5cb89f557559d8d5975378468f96a8c8560829435087d8b0dc6ac36b06b715db5a29c3eeb063503308845effeddf8dd87c7a40f05294cae35152b5cda30 |
C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\slabvcp.inf
| MD5 | 5ab148e9238b8c4e1eefc77439739e7b |
| SHA1 | c9c3e5ccb43eef685dd0e2bb4263ddc88c9b3834 |
| SHA256 | 9b4ddf8f4a513d3d32d7a6a6922d445cff17ea41d952e591f93b74d17b94d18a |
| SHA512 | e25e7df959b99e35e52c0062b3ed538d741ff4aa2aa4b6333d881467594faddaea314c88836bb1272dbd77f806d9930314777d8f3506878a86bf41837ee68dc8 |
C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\slabvcp.cat
| MD5 | 37d19dfe0a682bf4a3ca21966bff788d |
| SHA1 | f46e3cf27fc41053d7800692c0c7d626a8d783a8 |
| SHA256 | ae47b51d0c97ecd82c2e196f9005f914a41504e8bbd1e9fec6ee007afe743fd3 |
| SHA512 | 5e48751719b263960d59b45217d6180d4a9aa89810c271a3f33b7350989e70fd48a13ecd5447a772ab4b7e7d68ee667141fe50187266b3251475f0216d8d567a |
C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\x64\silabser.sys
| MD5 | 0586bf25ce29189803e377610a15c4a5 |
| SHA1 | f8359676e7797238a2325f7a45467b1c98a35119 |
| SHA256 | d1a4b2fa462dbdfed7e263df79e9f96f779eebc1026cd4d8e1c1bb31f48eeb69 |
| SHA512 | 521f316c66845df154da7b0f81400961b6f237e1a5d8e4c3709573f01319f2df839418cc8d054431cae9a217ad6b1f0c4f047562793f3e991929c1d715143be6 |
C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\SETEB0E.tmp
| MD5 | 2222889d682eeea89717c3d15ab65ea4 |
| SHA1 | 2aa6fc20b79c1bf930183ed5a4efb172053ca8d8 |
| SHA256 | 7b4c3a5145e1441133db65f729cb8b264ec62c2e48657f4ce251def863d5308e |
| SHA512 | 730c5ccd224f6c480ce9f9bfdf5e79ce23e1ad3b60bbade97c7b41816eb474437e44423c99538716f3d297af8857e7454281de5bdebb78325929b1a7dc063426 |
C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\SETEB0D.tmp
| MD5 | eeca8645d4359d89e932b37ea2d72d2b |
| SHA1 | 6546951a8c99518e09433a441f18f9a0fa795905 |
| SHA256 | ca73eecdecbcc4b4dc1f252346918565a5e53d5941d150627e66d2fd4b256472 |
| SHA512 | c36b5da8e0d83e6d425970dd896a36eb6262baaa7f440efb88a33356c50a0bb600356f9cc777593a452ac932cc743502c7ce7f2efb60c59fc001c557c2c6f46a |
C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\tisledos.cat
| MD5 | 2d0caccafb9238f2c8fda06ad0c3dae1 |
| SHA1 | f65a4ebb002f8efd073f66612d1985ce1d3f7ed3 |
| SHA256 | 9ca08ce9b5c26519a7c9d06d76acc6bdd1426e7fbdbe45342671189c49ef1903 |
| SHA512 | 532e7b411c110cc3f10749db78fdc145085bf4fba4094cc878061086960d7f8210ba8b579ac5f4c9d2b06c2beb7b4f32d0f9e862a7442c76a6b7589bbe1a7a70 |
C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\tisledusb.cat
| MD5 | 40677b72b9c31d0b0001011656e76be1 |
| SHA1 | 30d4aaed158c4e2383801a998ad9e38dbccc1566 |
| SHA256 | e0fe0f103f6040ecea5a5e36c05658ecc497baf6ddd34c8a78cfb6a0ac19c480 |
| SHA512 | 26d27cfcc9749fef2a3c407aa9e15985bbb87e39d1a4d7f2af6820379a0864ddea3ab1de3cc5a5482638235894cb6cf12413eca4ce9dbfeb69a35304b4ecb95e |
C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\SETEBD9.tmp
| MD5 | 3afa67f9ca3d360c91f63fbf6f41644d |
| SHA1 | 8cfe2a8c3d983ba877fa260c4d4008cf25c13ea8 |
| SHA256 | b4864bf3962145d68118779a2586a6bc379043a454a1a8701d29296f6a9d5c2e |
| SHA512 | 9cd6ed4a29c6611dcc1e4c519f9a3802484f2b10b1f1f945ce8fd7f8d4dd1e2a9be55571761d24330989d946a62caf0a4ab487dff30cd3dafa2c23e66ee720c8 |
C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\SETEBD8.tmp
| MD5 | 7f66d2eb7d62d99d932d2cd33f9026fa |
| SHA1 | 4d780708091ca75a7958def7f3eac78722ffe1e3 |
| SHA256 | d77084358259fdec6567c62d3bfe0ded82bf2ab7c9c1885b0cef0c844ed88ba3 |
| SHA512 | 668f68bab83d45958cded8be7a6c5265538faea57c6cad59a945be6f1870d9754462e6c7f0626d58c061e9c2bdff7ae048ef679cef2f14297663aba3dfb6771e |
C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\SETECD2.tmp
| MD5 | b0928646fe329afe0df0d2da16af3118 |
| SHA1 | 68f24a04afc1a4801f22a58d12ba6919eb2e5544 |
| SHA256 | 65d37208ac9c9c4c96c9043e5c5b57ba738bea57339ab492ac590acdded4054f |
| SHA512 | 43190a84ff936e17271406b9962e280a602112830d24ca6f80aecf2a80f47dae113395957a1c270076a9e5a8506a6e10b2b808ae51efb654b34126c7e6035ba0 |
C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\tiusbcomp.cat
| MD5 | 29989889adddd1d54fcdcd1d6b776883 |
| SHA1 | 64fd37357341ec52dbd0cb4db0a5b5d696c771f5 |
| SHA256 | ca73334a1aaf31a87e26bd54ee62fb4c6d4e255489afc11edfcd709ea0fcbfb9 |
| SHA512 | 895b346532326ee9f61ac92eb41bf5c189a31a5a66ca75b3ba293918e644b7c502c0518135c9762b37b56818700906656f98725ac73ac3d9a6045f79b0150c05 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll
| MD5 | 5a236151f25fbd59069b5aa86a4997ac |
| SHA1 | 94fe68d20efb7424c2543865a416481fe56a0de7 |
| SHA256 | 7fc6e04d7cd63f6129121a596e04cc6a7a157fd77e24b6e457e09b0c082d7107 |
| SHA512 | 9a274d7020b962a5e56a3a912122d1be173ecba15d7a4f5139166546f878a4600fd40508b8116e63e701f4be5737c953d53f2ed76a3e6899f98edab57e5c7ff0 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll
| MD5 | 8794d1c43d139120b35193565518ee9e |
| SHA1 | 263aef0a76427a9dfd385f0d1f7282be053eb29c |
| SHA256 | 5c843810b2db2d2fcce68a796f38dc1b1389d3cd65616f802661a498a4ffba5d |
| SHA512 | 5f76b3e71162ce7782b02a46b9ddb85414a097941661cf4fb56f52f8fc70577520432662c4c7efacdf8e5d499e38e716d8d38ea8c11d08c93a31573918808e61 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
| MD5 | 4854995261e09e60d14dc7273801b13b |
| SHA1 | 400ba2afba33c551e3407bd387238f0b5ece2406 |
| SHA256 | 5a09cc5fee28dc87247bb435d9ceb5e1636ac5a49bf4d08caae74463774f00c7 |
| SHA512 | fb11568553e48aae10a91a28e35362fd2f9e0a5d051d2826802e6c7c8e392c3bdf6e34c5d1a71e25832d196b0cd26153621a2882d31868a226a71edd479c7f98 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.tgz
| MD5 | 3b0d25419c380765504a0ade057b810e |
| SHA1 | 4a68360e361578f752e5eba8d5eeaf1e5677569c |
| SHA256 | f5283f8a57c7736673c01a0656ce84d3561c9195fef87588999dc9784acba1cc |
| SHA512 | baad477c1836141eb29544bd2bd67b05d57828d1b397ad424f0a8899b2be9df024426261aa1042c33e5f012327094041831966c4d93ca13b15874684fef69cb0 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll
| MD5 | 33c92ffb64cd4825a7d509b62db3a651 |
| SHA1 | ff6898cbe0a1c7547b6ae3681230efc0b0d33d4f |
| SHA256 | 415bdd74171c9c721c681e99a04789655c0bf2469ff57c8b510c2b5c968d6fd3 |
| SHA512 | 8a3111afa1f8b10d53f5ce2a0aea6a7d3391a342c7fa590e495f78eee58ea656fe83ce2a2cb31b1df8751bec1b279cd07daafb8d063c8a2ae306dcc2346329e6 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.tgz
| MD5 | 7d0beb710e51b5e2e22e1621f1fdb22c |
| SHA1 | a8367d727673028a973d95dc33bd9323ee80c129 |
| SHA256 | e646593def4ab46953b66d757c274326e5ee1f14c5b2403406f80380dffcfb91 |
| SHA512 | e0625517ae58c540f552698572a500346f2cf0477e93a93b4498661128d36f4a1e9d989c13e406b49d4105fc453b9c6f7f1486de36205d5c1a26fbdb61eb9b6d |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\jxdqvvr.tgz
| MD5 | 80fcdf794a4fcd0879e794229055cd69 |
| SHA1 | 6dafebf664cf45b40e1c5b4f6fc48c417a51053c |
| SHA256 | 67a685c08bd09461e01b85bf7a611c6ee7c2a81d6ca70e78ee6dc49b25215370 |
| SHA512 | 81649ede62f4d0d583ac37a5c37bbea898f58a9bf38fca5a094804d65e4221bdf2c9b6cfefa1844343d10fc80a2711299af1e9f4347a3bf666c1efab0ace4122 |
C:\Config.Msi\e57accb.rbs
| MD5 | cdcb35bfb0fbe24d024a1a2013a15581 |
| SHA1 | a276cb566a0bbd1161dfbe9fb1572cc425d80151 |
| SHA256 | 71d58fdadc4198a0c8791b24567a0294214dd663f5d47c4ab8487a41b0dcc489 |
| SHA512 | 94e05a55c8b1bd63a81bfccd9f712fd74636338865f074f622222b0e37329adb60ce4a8198a42667e81b3ac33565328cc4e41ca45204f554be415d106544e7df |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Ok_Button2.bmp_1
| MD5 | 7d52c4f4d665b7ae0c8d5e52f4ba71c7 |
| SHA1 | 060bc987951608873bf85ae62830330d26c94eb0 |
| SHA256 | 77086cc965de3ffff6890bc55a8bf672bb1cabbc100897cc9de6f19ae267c7e9 |
| SHA512 | 9124d7c2042e65657eb0b89d587b145274cb815afa718dd684c71ee0c24879424b043d01b09be62589e4c04d0e5a998b99933a4105d75c658170ad2f37447546 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Done_Icon.bmp
| MD5 | c1e525bf6e5505dbb5cf8adecffbaeb7 |
| SHA1 | 440766194e8b5d5db15e343deb3a50be71dddd95 |
| SHA256 | cddacc9e88152e20eb386822e91e23b3b5bfc4c021262ad269f5a007cb82e0c9 |
| SHA512 | 97607ceef203673d4fcde05450eb7510e5bb1149a459dd76401fcdb1c147fb9f5ba18fa942e78a957043db572cd1d56268c755fc6624a2ba60b137bf534fce1f |
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna11639081003756233109.dll
| MD5 | e02979ecd43bcc9061eb2b494ab5af50 |
| SHA1 | 3122ac0e751660f646c73b10c4f79685aa65c545 |
| SHA256 | a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a |
| SHA512 | 1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll
| MD5 | 30780f0abaee45d4043bdf9141a4fd47 |
| SHA1 | 6ca4c2c5432c801f7839fa4e6a703f67b6750792 |
| SHA256 | c2baa044ee2f5ad66f0816492b203614aa20c1a7612567491a823af89c724efe |
| SHA512 | 7d37e3a5eeaf75f5b10d3caaf2a27b4d2be4032fb5fff9d2f49a9ae840081d0638d5e1af676972c66d82121ced3e594f3e4b0da815af4825547362889ef0f9d5 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll
| MD5 | 303666f3dd5336edde2c790df4c0debd |
| SHA1 | 262178db350f1651552b24680ed71379d753dce0 |
| SHA256 | a961380784113f0004e904fe79c880b7c5eb1ed6b8f90d45e5e3a9fa1ca874e0 |
| SHA512 | e2498d14d56980c0a5d6b07898ba05e03283f84a4b9dc3f7afbe9a0578b56cc001abe66d321286485cb060489b3b1e667cc3b3a4604f4c042793692fe2f87550 |
memory/4660-1906-0x00007FFF5F2A0000-0x00007FFF5F36C000-memory.dmp
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\q64zJJjyvKimu8lztMeO4.cab
| MD5 | 8ca3b7a082bc3c2f7095d749093bea5b |
| SHA1 | ba6abf7482119c4c542b7c44643702d600ba587b |
| SHA256 | f8ae669c993b1420d578867749d4adb30b660afa0a94e21b4a4fbb69ab762d86 |
| SHA512 | 8adb244ab901c722b6d355a9176deb0a72c290eb3070aa53a27562dd9e5784d5a2986acc9514db2bbaa09ed85e28545fc75fd8a48511803da5983dc25fd0e6d6 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\mFxyBiU-Z4264MRTF2fRS.cab
| MD5 | 3b60aa2c072df38064354dc9d12bb7e7 |
| SHA1 | 06c309a99517242ef83bf3901a21fe76476ca89f |
| SHA256 | b9e9d3e1675171528fe58af9b7f124cbbfad7d032350dff48f2156e24e172265 |
| SHA512 | dce96c9328f9b90798cbd16462412c00564da6c6f6ca5437d8ec581efc57ef722d75329a5345f660d70a6a74953d5cc996e67f972bde4bead1add93ddabc011e |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\Or19E1jD7VkcjFHvRgZ0v.cab
| MD5 | 37d309038e5e4d7a2b815aa890e736e8 |
| SHA1 | 88128715d7adfd963d8262d089bfa2ea6721883b |
| SHA256 | e9d70baa486c8e6e8d7b70835bebfa80e4c3dd742594dc716987cbea44d28a7f |
| SHA512 | c401944de398481917f6ceb71e998f5ac09c96b7e5dae1d6604256954f739210a7e631dd4a6d077db76aefce531812c8a92e40f493fa8aeb2dd456134eefd3a2 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\FFK6hRIuajiTz7bB68H2p.cab
| MD5 | cb032e1f1e569bb73465333d762d67ef |
| SHA1 | eb3324021080559b4ff3d195b4e29b33693fd394 |
| SHA256 | dfdabe17956f610081759e394b67057f87d42dca5e2209deba1af5c596a7b72a |
| SHA512 | 3be87d99862b5b47eb3020740a4c38e0bbe6d16c90a7bc7b485fe62ac6b9eca1dded909ce2196bcea7c82cab1c0d0d2e0b1b935560e6e18e48c4ad27eac671f6 |
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\jxdqvvr.dll
| MD5 | b2d444746fc9083a5dde78e617ce9b2b |
| SHA1 | 5ed4f1e6c0f7748cf3f89e952879df037a4376ee |
| SHA256 | 2d82bd85ad12766743f84f07d2c490f5d556e4d632e3913bfe68dcf739ed7ab3 |
| SHA512 | 4fac9a21f5af4c09b8410a7d49bf856bb5b3b5f323ea249f06e46f98f36f09813c6e7bdbad27f4be0a53224baed986680d839dab093541002a17f96fd43278cb |
C:\Users\Admin\AppData\Local\Temp\t0000002.tmp
| MD5 | b67ace5a193cdcab359e8f031377f679 |
| SHA1 | 6dc4db39ef997a9e25df70ef8c56598559b43bb6 |
| SHA256 | 6543b5c9ef8388eef2590be60a1e7ed8a6fecc481b5b5a3c057539459b8dd48d |
| SHA512 | e71a83960ba3ae3b9d2097e970dc6f725bb987ec2622bd640b7d2c5138a9fbe35bd8623a5400f121b51a36463a76fe59fde6462e858d6164ffd3813192ae8f00 |
memory/4660-2283-0x00007FFF5F2A0000-0x00007FFF5F36C000-memory.dmp
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\jxdqvvr.dll
| MD5 | f327efc523ffe06a72f02ad8477601e9 |
| SHA1 | 9365b9615ea7bebfcb0f0b0dad3977f258436790 |
| SHA256 | 5fd15742a061f5eae96eab0cf859f7fa98e25efb0ea4fa1ee3c05b57d44c60a0 |
| SHA512 | f4266fb01b31e4feb94226b07d276558f67b486446f9e0de17c9f1f0a7b530b8342ee2948aa4768870d8856ef58fdf7c57c8c9c94e53dd1794ee08af21ad0132 |
C:\Users\Admin\AppData\Local\Temp\TI-Nspire-SE-CAS_1777391534383282196\nsp725320757679226134tmp\phoenix\insp\locales\en\iconsColor.res
| MD5 | 7dea362b3fac8e00956a4952a3d4f474 |
| SHA1 | 05fe405753166f125559e7c9ac558654f107c7e9 |
| SHA256 | af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc |
| SHA512 | 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b |
C:\Users\Admin\Documents\TI-Nspire CX\MyLib\linalgcas.tns
| MD5 | c3ea6ef4509d238da03618c063a47013 |
| SHA1 | 36951ed7f66bd62022aabdf70cd9450161b36cf5 |
| SHA256 | 308f0f399dce1570b0c16f61f56058fb607d2c648abb5f6e6219774a8e4c74ac |
| SHA512 | 0e17cb9fa2124b3b9e438d351b3b3cf019b89dc0e7900bc236f50a0decd061a3432ef80380a38f998f4fca6891fae50bc72998c82c253e5805417b0bc94ab2d8 |
C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_rover.tns
| MD5 | bbf154c9f9ba906617f0c2a34a152fc9 |
| SHA1 | 4b49ba9128cb371a776e36ff51df46c16ac68fac |
| SHA256 | da521c10152aed01518b018c85c835ebc204c99b2f7abd489721de17f3570031 |
| SHA512 | 519aa0af957406dc4275b960511e110c05b93f65123a76aab2f4f258935bca566a4e4579735aa61bb2514812d873502189e3a83fe5fbc17050d8709fcc002672 |
C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_plotlib.tns
| MD5 | b7b36210a71cd1e190117f1d19cb6b54 |
| SHA1 | 07ea6a5dd5938c669a36a7a70fd4f3ff09f3ad9a |
| SHA256 | 4dcc9b53857412652d973273df0056778198e80474df5fee939ccbe094163857 |
| SHA512 | 939c87794950a731dcbc9db4a6c62d4d2cf724ff031d7723681335b6a2312e259bd57c9548d0f030ba76830111ec2668731940f0d061bf0c23f143c9f3a878ad |
C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_image.tns
| MD5 | 10de60990ed65b63aa8bb9b888ea6235 |
| SHA1 | 09e465922ad413cf785a689c4915bacfa9c4bb30 |
| SHA256 | 144823f745f689fa33753619d9510216e6bf1af4237e1ba5c051975122053e8d |
| SHA512 | 17395e5c546ef8cd9420f71ba84f8caea30ec1d8b596432a88989c76bcd8132334a7e8c3d5a7199c90c70771ed97af78aa72562ee246f07a284aed98eebe7875 |
C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_hub.tns
| MD5 | 7249d24cdee68d99639af31b07848d13 |
| SHA1 | 61e122327f7b196e5dc2c0f5436af4fd2a32c566 |
| SHA256 | e1200c343ffd03f45695637b9d8239f85c70c8e3b27625603e900d3a085243e0 |
| SHA512 | 0136a591b15891a7bda310d6c182e641da0a85004e4a188a7e46c1182237d1e936f2d81a5f05e85e53bff6b5876d677185a63912a49452ae06e32f9f42a95803 |
C:\Users\Admin\Documents\TI-Nspire CX\MyLib\numtheory.tns
| MD5 | a47e42f7a707d6f76e9ee0dfb9599644 |
| SHA1 | aae610e98984f49b0d0c623515a69558a5be5e52 |
| SHA256 | bf3ec9b3105ff95911108656b7883792befbca9a29c424d7fd1c9f4c50603377 |
| SHA512 | f99c38523d550602a2294accd733cdf7d24fb24e74e637bf87b75df94fdfecc6089ac0d0031c54484679592d619bff29247368fd31961eace962e3a8dec5390f |
C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_system.tns
| MD5 | a64fba7f8b9b1a514725210af4caea34 |
| SHA1 | 1baa5085706b971b3efcd99a898b899275ea67a0 |
| SHA256 | ef5345b8073d94e4566688141e3630da68cbf8cccd135b100168fdab9a71a1e4 |
| SHA512 | aa70fb3987ae7a5b756ed26ea8cde97ce42e236e4b81c729ec8bd749f7b7fa9a22eb1fa3b51f9c481ae650edd2e34705d30f0dcc5af48716b153db8e2a2380f8 |
C:\ProgramData\TI-Nspire CX CAS\res\settings.properties
| MD5 | a4b019ffb9f65b5e35f0a95adbf4c3b6 |
| SHA1 | 6e18132e7ae561e60bfd4319cd46736114ba1a74 |
| SHA256 | a2eb32008c9271a94397a685e8fe62a92d8ea8dbe183f0723b54242ac42b325a |
| SHA512 | a278b4cf33f477eeb7bcc3717f79b1b3583b93316781a14b575efd224fde85a21f3d05265fc53a87866e4905a848900303b120a9e5ec29e82829f0edf722a1c9 |
C:\Users\Admin\AppData\Roaming\Texas Instruments\TI-Nspire CX CAS Student Software\preferences.properties
| MD5 | 8cac35321299a3f8e399df0c1e989ef3 |
| SHA1 | e50b3764d093ae8cbe66164a102ddda17f316d7e |
| SHA256 | 9e3f1f48d2ac206dc0dc2d0662b01d0776abcd7cf6ed68f9e0659f50380fe05f |
| SHA512 | 43aaf92d4263dd1c46f4a377b3bbec99e6ab170c0888a1fc1a198de767f35de6a6c40fea1e32ae6fcf237fa1479df4db3c525c785e7123260b95752348390e7a |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 18:30
Reported
2024-06-12 18:35
Platform
win11-20240611-en
Max time kernel
90s
Max time network
100s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Loaders\Student\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loaders\Student\Loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.11:443 | tcp |
Files
memory/2324-0-0x0000000000400000-0x0000000000447000-memory.dmp
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-12 18:30
Reported
2024-06-12 18:35
Platform
win11-20240419-en
Max time kernel
147s
Max time network
156s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX\Loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/3136-0-0x0000000000400000-0x0000000000442000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-12 18:30
Reported
2024-06-12 18:36
Platform
win11-20240508-en
Max time kernel
136s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.19:443 | tcp |