Malware Analysis Report

2024-09-23 13:17

Sample ID 240612-w5f7zavfjh
Target TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com].rar
SHA256 743e017c850a7b043acf840da6b5ebaea89c1f89db5aa62bf221c2fb199d173e
Tags
bootkit persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

743e017c850a7b043acf840da6b5ebaea89c1f89db5aa62bf221c2fb199d173e

Threat Level: Shows suspicious behavior

The file TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com].rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:30

Reported

2024-06-12 18:35

Platform

win11-20240419-en

Max time kernel

131s

Max time network

142s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Loaders\Student\Injection.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Loaders\Student\Injection.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/2464-0-0x0000000000400000-0x0000000000419000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 18:30

Reported

2024-06-12 18:35

Platform

win11-20240611-en

Max time kernel

147s

Max time network

150s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX CAS\Injection.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX CAS\Injection.dll",#1

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp

Files

memory/3444-0-0x0000000000400000-0x0000000000419000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-12 18:30

Reported

2024-06-12 18:35

Platform

win11-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX CAS\Loader.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX CAS\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX CAS\Loader.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/2072-0-0x0000000000400000-0x0000000000444000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-12 18:30

Reported

2024-06-12 18:35

Platform

win11-20240611-en

Max time kernel

146s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX\Injection.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX\Injection.dll,#1

Network

Country Destination Domain Proto
NL 52.111.243.30:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/4304-0-0x0000000000400000-0x0000000000419000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:30

Reported

2024-06-12 18:35

Platform

win11-20240611-en

Max time kernel

84s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
N/A N/A C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\slabvcp.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\SETECD2.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tinspusb.inf_amd64_404827dbec0928e5\tinspusb.PNF C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\SETE8AA.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\SETE8AC.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\x64\SETE9C4.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\SETE4E2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE764.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\SETE9C6.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\slabvcp.inf_amd64_68f00fa9ebb8b3ef\slabvcp.PNF C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE753.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\SETE8AA.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\clauth1 C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE765.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\SETEB0E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\tisledos.inf_amd64_9e28b7911d278368\tisledos.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\tiusbcomp.inf_amd64_975d3cba9dc0379d\TIUSBComp.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\tinspusb.inf_amd64_404827dbec0928e5\tinspusb.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\tinwbusb.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tisledusb.inf_amd64_d9f889cf87b635a6\tisledusb.PNF C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\SETE8AD.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tisledos.inf_amd64_9e28b7911d278368\tisledos.PNF C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\SETEBD7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\tisledusb.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\tiusbcomp.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\SETEBD8.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\SETECC1.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\tinwbusb.inf_amd64_fc232bae276a3248\tinwbusb.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\tinspusb.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tihifusb.inf_amd64_665ed84772543204\tihifusb.PNF C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\tisledusb.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\clauth2 C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\tinspusb.inf_amd64_404827dbec0928e5\tinspusb.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\SETECC1.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE764.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\tihifusb.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\SETE9C5.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\slabvcp.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\ssprs C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\SETE4E3.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\SETE4E3.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\tinspusb.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\SETE763.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3dc88b2d-ce4f-d546-b394-c5061b3af056}\SETE4E2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\tinwbusb.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\x64\SETE9C4.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\SETEB0C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\x64\silabser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\tisledos.inf_amd64_9e28b7911d278368\tisledos.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tiusbcomp.inf_amd64_975d3cba9dc0379d\TIUSBComp.PNF C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\tinspusb.inf_amd64_404827dbec0928e5\tinspusb.inf C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\api-ms-win-crt-multibyte-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\app\lsdcod64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\jdk.unsupported\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\include\jvmti.h C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.scripting\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\javafx.graphics\mesa3d.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\fonts\TINSSaBD.TTF C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\CaffeUtil.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\sda_core.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.desktop\giflib.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\javafx.web\webkit.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\xercesImpl.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.xml\jcup.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\help\TI-NspireStudentHelp_SV.pdf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\api-ms-win-core-debug-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledusb.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\TI Shared\icons\tco2.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_da.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.rmi\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.net.http\ASSEMBLY_EXCEPTION C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_it_ch.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\api-ms-win-crt-convert-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\bin\jsound.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\bin\nio.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\javafx.graphics\opengl_fx.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\server\jvm.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\soap.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\XP\x64\tisledusb.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\XP\x64\TIUSBComp.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit\tihifusb.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.base\icu.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\jide-plaf-jdk7.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\slas-admin.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\lib\security\default.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-32bit\tinwbusb.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\jdk.unsupported\ADDITIONAL_LICENSE_INFO C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\fonts\TINspireKeys.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\jdom.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\javafx.controls\ASSEMBLY_EXCEPTION C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\jsound.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-32bit\tihifusb.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\conf\security\policy\unlimited\default_local.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\api-ms-win-crt-utility-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.xml\ASSEMBLY_EXCEPTION C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-32bit\tihifusb.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\lib\fontconfig.bfc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\api-ms-win-core-console-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\lib\classlist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP\slabvcp.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\TIUSBComp.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\conf\security\policy\unlimited\default_US_export.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\pdfbox-2.0.15.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\conf\security\java.security C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Vista\x64\tisledos.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\legal\java.prefs\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_fr_be.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\jfxwebkit.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\lib\forms-1.0.4.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\lib\psfontj2d.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\api-ms-win-crt-string-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\{52287019-2302-4208-B05F-B772BEDD07E6}\TINspireCXCASStudentSoftware.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{52287019-2302-4208-B05F-B772BEDD07E6}\TIDiagnostic.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57accc.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File opened for modification C:\Windows\inf\oem9.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Fonts\TINspireKeysCX.ttf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TINSSaBI.TTF C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE24.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem8.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIB153.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIF0C5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem8.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIB220.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TI-NspireBd.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TI-NspireBdIt.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TINspireKeysTouch.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TINSSaBD.TTF C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File created C:\Windows\SystemTemp\~DFB870E86DD7E88AED.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{52287019-2302-4208-B05F-B772BEDD07E6} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TINspireKeysChinese.ttf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem7.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SystemTemp\~DF422C4037AED09A44.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TINSSaRG.TTF C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE41F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIAD76.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAE15.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF5B23D23C006C5A24.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TINspireKeys.ttf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIADF4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAE64.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF898DB2AF66EF363D.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem7.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB722.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TINSSaIT.TTF C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe N/A
File created C:\Windows\inf\oem9.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\e57acca.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{52287019-2302-4208-B05F-B772BEDD07E6}\TIDiagnostic.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED58.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAE05.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\TI-Nspire.ttf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE2F6.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\java.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS.Document\shell C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS-tnsp.Document\shell\open\command\ = "\"C:\\Program Files\\TI Education\\TI-Nspire CX CAS Student Software\\TI-Nspire CX CAS Student Software.exe\" \"%1\"" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCT2.Document\shell\open\command\ C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\91078225203280240BF57B27EBDD706E\Feature = "\x06" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tmo C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCO2.Document\shell C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{52287019-2302-4208-B05F-B772BEDD07E6}\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS.Document\ = "TI-Nspire CX CAS Student Software Document" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS.Document\DefaultIcon C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS-tnsp.Document\shell\open\command C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\DefaultIcon C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tlo\ = "TLO.Document" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TNC.Document\shell\open\command C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tcc C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tnb\ = "TNB.Document" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TLO.Document\DefaultIcon\ = "\"C:\\Program Files\\Common Files\\TI Shared\\icons\\tlo.ico\"" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMC.Document\shell\open C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TNO.Document\DefaultIcon C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tmc C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS-tnsp.Document C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMC.Document\shell\open\command C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tno\ = "TNO.Document" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TNB.Document\shell\open\command\ C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tns\OpenWithProgIds C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tnsp\OpenWithProgIds\TI-NspireCXCAS-SS-tnsp.Document C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\rayat00c\Value = "B\n%i\x14£[n" C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\aishwarya C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\91078225203280240BF57B27EBDD706E\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS-tnsp.Document\TI-Nspire CX CAS Student Software Document C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCO2.Document\DefaultIcon\ = "\"C:\\Program Files\\Common Files\\TI Shared\\icons\\tco2.ico\"" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TNO.Document\shell\open\command C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\alra02z C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\shell\open C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMO.Document\shell\open\command C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tnc C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMC.Document C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tnsp\OpenWithProgIds C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TNC.Document C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TNC.Document\DefaultIcon C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMC.Document\shell C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sara03y C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\PackageCode = "E86D1C48FAAE10240A440A88E5A637B0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\jpra00b C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\jpra00b C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\ C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCO.Document\shell C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\rasobh00a C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\aishwarya\Value = "¤¦\x0fìLjI8ã" C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCO.Document C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCT2.Document C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\DefaultIcon\ = "\"C:\\Program Files\\Common Files\\TI Shared\\icons\\tcc2.ico\"" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCC2.Document\shell C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tco2\ = "TCO2.Document" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TNO.Document\shell\open\command\ C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\sara03y\Value = "\x14ÞðkEV´" C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TNO.Document\DefaultIcon\ = "\"C:\\Program Files\\Common Files\\TI Shared\\icons\\tno.ico\"" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TNB.Document\shell C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\aishwarya C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\91078225203280240BF57B27EBDD706E\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCO2.Document\shell\open\command C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TI-NspireCXCAS-SS.Document\shell\open\command\ = "\"C:\\Program Files\\TI Education\\TI-Nspire CX CAS Student Software\\TI-Nspire CX CAS Student Software.exe\" \"%1\"" C:\Windows\System32\MsiExec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 792 wrote to memory of 896 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 792 wrote to memory of 896 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 792 wrote to memory of 896 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2336 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe
PID 2336 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe
PID 2336 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe
PID 792 wrote to memory of 1312 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 792 wrote to memory of 1312 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 792 wrote to memory of 1312 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 792 wrote to memory of 2532 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 792 wrote to memory of 2532 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 792 wrote to memory of 2532 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 792 wrote to memory of 3780 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 792 wrote to memory of 3780 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3780 wrote to memory of 1912 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 1912 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 2568 wrote to memory of 4232 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2568 wrote to memory of 4232 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3780 wrote to memory of 1576 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 1576 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 2568 wrote to memory of 1084 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2568 wrote to memory of 1084 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3780 wrote to memory of 3936 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 3936 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 3684 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 3684 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 2568 wrote to memory of 3464 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2568 wrote to memory of 3464 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3780 wrote to memory of 3924 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 3924 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 4968 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 4968 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 2568 wrote to memory of 5096 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2568 wrote to memory of 5096 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3780 wrote to memory of 3508 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 3508 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 2568 wrote to memory of 1680 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2568 wrote to memory of 1680 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3780 wrote to memory of 3584 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 3584 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 2568 wrote to memory of 5048 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2568 wrote to memory of 5048 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3780 wrote to memory of 3492 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 3780 wrote to memory of 3492 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe
PID 2568 wrote to memory of 3268 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2568 wrote to memory of 3268 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3780 wrote to memory of 3564 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe
PID 3780 wrote to memory of 3564 N/A C:\Windows\System32\MsiExec.exe C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe
PID 3780 wrote to memory of 4260 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 4260 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 2988 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 2988 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 5076 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 5076 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 3296 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 3296 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 1804 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 1804 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 2096 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 2096 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 4824 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 4824 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 3744 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe
PID 3780 wrote to memory of 3744 N/A C:\Windows\System32\MsiExec.exe C:\Windows\System32\cacls.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe

"C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6EE4F730AD649DB900CA621A8C77A65B C

C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe

"C:\Users\Admin\AppData\Local\Temp\TI-Nspire CX CAS Student Software 5.4.0.259 (x64) Multilingual[PeskTop.com]\TINspireCXCASStudentSoftware-5.4.0.259.exe" /i C:\Users\Admin\AppData\Local\Temp\{52287019-2302-4208-B05F-B772BEDD07E6}\tempTINspireCXCASStudentSoftware.msi /L*V "C:\Users\Admin\AppData\Roaming\TI-Nspire CX CAS Student Software-5.4.0.259-Installation.log" AI_EUIMSI=1 APPDIR="C:\Program Files\TI Education" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs" SECONDSEQUENCE="1" CLIENTPROCESSID="2336" AI_MORE_CMD_LINE=1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A769697B7AAC6041CEA02BEAA388B125 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6993DB7F3F270172202E4545FCF6979F

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding E780F3FD91FA3DC884C70490A402BD50 E Global\MSI0000

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\Nspire\Win7\x64\tinspusb.inf"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\Nspire\Win7\x64\tinspusb.inf" "9" "4a46d32df" "00000000000000BC" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\Nspire\Win7\x64"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit\tihifusb.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit\tihifusb.inf" "9" "4db413e73" "0000000000000158" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /u "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-64bit\tinwbusb.inf"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-64bit\tinwbusb.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-64bit\tinwbusb.inf" "9" "48fffc79f" "000000000000015C" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAPCommon\Win7-64bit"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /u "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP\slabvcp.inf"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP\slabvcp.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP\slabvcp.inf" "9" "4261651cf" "000000000000017C" "WinSta0\Default" "0000000000000180" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\USBVCP"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledos.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledos.inf" "9" "43758f01b" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledusb.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\tisledusb.inf" "9" "4fedb62c3" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe" /p "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\TIUSBComp.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\TIUSBComp.inf" "9" "410bcacb7" "0000000000000184" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\Persistence\Persistence64.exe" {F5A0B0CA-6C5F-4029-AE7F-17B5A067E4E0} TI-NspireCASSE 1.0

C:\Windows\System32\cacls.exe

"cacls" "C:\ProgramData\TI-Nspire CX CAS" /e /t /c /g EVERYONE:C

C:\Windows\System32\cacls.exe

"cacls" "C:\ProgramData\TI-Nspire CX CAS" /e /t /c /g USERS:C

C:\Windows\System32\cacls.exe

"cacls" "C:\ProgramData\TI-Nspire CX CAS" /e /t /c /g GUESTS:C

C:\Windows\System32\cacls.exe

"cacls" "C:\ProgramData\TI-Nspire CX CAS\res" /e /t /c /g EVERYONE:C

C:\Windows\System32\cacls.exe

"cacls" "C:\ProgramData\TI-Nspire CX CAS\res" /e /t /c /g USERS:C

C:\Windows\System32\cacls.exe

"cacls" "C:\ProgramData\TI-Nspire CX CAS\res" /e /t /c /g GUESTS:C

C:\Windows\System32\cacls.exe

"cacls" "C:\ProgramData\TI-Nspire CX CAS\license" /e /t /c /g EVERYONE:C

C:\Windows\System32\cacls.exe

"cacls" "C:\ProgramData\TI-Nspire CX CAS\license" /e /t /c /g USERS:C

C:\Windows\System32\cacls.exe

"cacls" "C:\ProgramData\TI-Nspire CX CAS\license" /e /t /c /g GUESTS:C

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 91C2016596D22545797C5B33758B4F82

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe"

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\java.exe

"C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin\java.exe" "-XX:ErrorFile=C:\Users\Admin\AppData\Roaming\Texas Instruments\TI-Nspire CX CAS Student Software\logs\NN-crash-20240612-183432.log" -XX:OnError=ProcessCrash.bat -Djava.rmi.server.hostname=localhost -Djava.rmi.server.useLocalHostname=true -cp "C:/Program Files/TI Education/TI-Nspire CX CAS Student Software/lib/navnet.jar" com.ti.eps.navnet.server.RemoteNavnetServer -c 0 -d 3 -l "C:\Users\Admin\AppData\Roaming\Texas Instruments\TI-Nspire CX CAS Student Software\logs\navnetlog.log" -r "C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\jre\bin"

Network

Country Destination Domain Proto
US 152.199.19.74:80 rb.symcd.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 152.199.19.74:80 rb.symcd.com tcp
BE 92.123.55.170:80 education.ti.com tcp
BE 92.123.55.170:443 education.ti.com tcp
N/A 127.0.0.1:1099 tcp
N/A 127.0.0.1:1099 tcp
N/A 127.0.0.1:1099 tcp
N/A 127.0.0.1:52772 tcp
N/A 127.0.0.1:52772 tcp
N/A 127.0.0.1:52560 tcp

Files

C:\Users\Admin\AppData\Local\Temp\{52287019-2302-4208-B05F-B772BEDD07E6}\tempTINspireCXCASStudentSoftware.msi

MD5 af4b7d2986bc871b659e9138a8b6fb32
SHA1 cb39398364c4d0a10ce7c81c2483bd0072f138db
SHA256 279bf8e6474e2161c408a9869af0d41adfd10f612d53cc12f163e4906fa54b40
SHA512 90b1c0a6e26f70046f1c23734ee95569467bbee0f7a633aefcc8c721140897d74cdbc6b35dd294129396c7acc5ff22dea32e50d4c98e94ac06bcf58fa1a9786f

C:\Users\Admin\AppData\Local\Temp\MSI982A.tmp

MD5 de3a2835b4645ddf37c5885ad2698a1b
SHA1 f246cdeb6fb08bc4656e5a7d69837d22ecc738d4
SHA256 cd906a2bb5e5a6a44619fb89f5d1b390c569a40ab89d1540898cdda606e81eef
SHA512 d2c8019e1add1113c14c049c67e5323d94dd24077cd2de4531bd58abfd83405f2ba3b12bf188ab4e9bc8630d5fa356b930bb3ba16701adaad8b27f06b969be48

C:\Users\Admin\AppData\Local\Temp\MSI9898.tmp

MD5 d23c9b725dc88a729250a65229e35b39
SHA1 112a859b1c905e6514e0f18a8a41ec6455ca617f
SHA256 284e1b5af1e6a57f776cd82093be19820ab3c90ca1c4639c4b11f7a00a3e6877
SHA512 e049af99a7d4a265eb8cd9a2e31c4d387b8a42683d4a80fe935ead8a95b1f456407129dad241aa956fc6ebc2b3b52886a5668499d7f256232c3c372c70a8f465

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\background.bmp

MD5 2064f9bb7b19bafdf041aabd23df9936
SHA1 1bfb8c2150e905ba287dd37478b43a41946045e7
SHA256 660d65c4275f3c8ddd22bd692e023e7513d5e69e7e8d1bffca208457e39d7a12
SHA512 189e91450e2c98d3255a046cc17fa0bbdee879ae2f13cdda05aa270d4990ba7bcc2fe72d99c2b60471cdd32dd11e57c774d467bd5cce05b8f2ce3b738889ad04

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Gray_Line1.bmp_1

MD5 5e462744a8ef72c1ee9578fe725966e8
SHA1 d4e72939e769c56d872f92501e30b455c1d25210
SHA256 a4745acb810b9f49bf820eb10db97e68d46b686d920a1e81e1fae8fca2f043fb
SHA512 0a901f39cac7f11f2df4a8cd619d002ca0d24987e51693a40d66807492057da2e7d7475daef4150816e7bcc3e24824dc0666ddf6adc449eef8c9186979c3fbf8

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\TI_Logo.bmp

MD5 e0712ad9765c9a6b626184d03499beab
SHA1 2bad459e97c36c40adcff764281d7afb4a202f6c
SHA256 941594a5b141695a42226b6df5b62b4c25e58e4eab9d201ef5c3613cb6a793c1
SHA512 1284187f60358d8f70c9938a6f373ea30993657c1dd0a35737e78c879400be05f8d0246b07e09b72f533374c4a791de839576bdf67f8f6d61e6c5271f5e9b30a

C:\Users\Admin\AppData\Local\Temp\MSI99D7.tmp

MD5 c7190f385147c4c510f0801ad68d7e29
SHA1 61bdfe36fa91224c7560ddc3111e0ccb4bd6ff26
SHA256 791ab32f5b3a81ca520b55cecad6bec35ffa215148f1c9f979efadecbba4ba82
SHA512 862c7f8ba3cf4376a3adeed3e61435dd15f9cb0b9d8dd2c679da564cd33428fe29c24838e6987374aace731b9c69e55db002e73563e185f07cf456fb72452c45

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Install_Button.bmp

MD5 e80b2a08f1d45529f4c25839b35f00d2
SHA1 217368981681181eee0ddb95779e015036ac3a4f
SHA256 1f7ff2188f20f2148542b51c2ca9965ee09c549794b4ebdd459be0c1c83e758d
SHA512 326a853c74f6cb20a1d9fe9a26e034716fcaa17026cc9fb05795c156ffc16b6e604ecb608e8989e3155b465fd85e85bcfd4e4e8f2ac12c9c5cc3c7b9769a5d03

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\SelectFolder_Button.bmp_1

MD5 30b919d5a9e6bcc2db72821b1637e132
SHA1 90f449c99ea346e615324190dfe90b240b1d59df
SHA256 88c091deb74c2ab0eb28d5acba0b59a608deab63bb55bbc6580d7f2cbd35faf2
SHA512 d1b2389c56841bfdd49ba5b5b2659ec14c2374c3ba1ca43944ce108030a9f170f023dc14bc2aba2517818c41666051825ec9fdf1b197bd58f2c559d93040cde6

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Gray_Line2.bmp_1

MD5 e0be4386d8d5609c942dee28172d4341
SHA1 542d946599d74e4b80dffb36dea95cf69e021fe9
SHA256 f63386b69ebae634c0977c9bbf0eb7d6cfd3bcbb1ceb430a3cf9a6d4c45bd553
SHA512 67cac38fd62b444bc733093538d3ee8e82b93fc0dd54e35862bf6cb2f5beaf51e9dc36598674b8727c348fe208faa8ae34e967e818bb22a82b2c39588f6ca701

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Red_Line.bmp_1

MD5 313487c9477d181a853c24faa992d1de
SHA1 9d5124432562269c7e992ecd19cf5bae4bffe62c
SHA256 67d3db390627990fb200a39af8a01ea595bf976c7ba8f2ec4b7d44c2839ddbfc
SHA512 2624533ffb4ace54c67d8d579f4a2c68d155a71d2c5496653f999fe60d48d453f4213c00d65e086cb0eb201fd265e2b1379c4d07d8f0f21e0319c927fdbac1bb

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\TINSPCX_CAS_SS.bmp

MD5 77e399b8deac91b325d4a4763c3529f7
SHA1 a4982e320aff9bc93d307bf2769b69d3244e3201
SHA256 bd16766893dab0ae8910ac1913b3b55fe05b02928c19cd957a1a6f6e3eceff32
SHA512 113e6f1152a0f744e12717f0245e7f53cec2c931395bafa6eb49b34528ca33f3a6676dea53b28733283f388c5fd2e70badddfd2d042903accb815b09d4b092a5

C:\Users\Admin\AppData\Roaming\TI-Nspire CX CAS Student Software-5.4.0.259-Installation.log

MD5 80a59f3db18e8444d132e76a97da8e5b
SHA1 25c1b1fe4039feda4d165e8b1b19c0f4fe3d67e4
SHA256 12ef2f209891bbdc1389c1420542969e46abfb5ecfb91acc0da98b46d17d6653
SHA512 23f98aa6853673f5df0e0615535ad292d868ca1231caed9b10dc3c0b992575f8ea8365b38246cfcdda6216c85bc03d0c33c7f47f003ec229459b378c09b02ae2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1401C7EC8E96BC79CBFD92F9DF762D_5398732881722BDE3E78D6CA6BB2B78B

MD5 5cbdcd45aa4cafcab44f03ca8469e8f3
SHA1 1506468653f6210653063f04f7296ebcdf627ae3
SHA256 972b79c159005ed7fe79fcedb19cb79b64cf717cb9ee47bbe748a09fa3f25710
SHA512 38eaf1961552e38c83b22a139d07484759a831204f8569f71c1a40a448d5d34dc614f2c6a6d0f645cd6a97f970b8bc9e1237204e897ad7d84cdc03e68cea731e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CDE89F9DCB25D8AC547E3CEFDA4FB6C2_67FBF2E314389DF5A2621A34F9343C73

MD5 a59713da83a72ae67970da1e2f210971
SHA1 68524dd2aedf104331546d465e38789b130f8a8a
SHA256 f0715abe3de17566cb74c96b50bdf8cfe8e14af9e7b0e267f55a1735e14d00f1
SHA512 221f437aeace54c2089ac784fd73909dd10ff7457f12df42a5d80c8ba5282e746089c4e789445820ba9525bc628b5ae70f898e32934a9b63051de7a4d8020d33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CDE89F9DCB25D8AC547E3CEFDA4FB6C2_67FBF2E314389DF5A2621A34F9343C73

MD5 68b411a55e6a7bc4f6bfca1cecf63510
SHA1 0a03370ce1d036be648106458c80fb71f552b04a
SHA256 8d728ab57bb0eac17852de945dbaa43ea637ec7f1a3b923c1d6583e219423396
SHA512 2e5de73626c2c6f92e4c922c3113faedb901d679a73f507e25ed0b4454d7e81ae40333d8d06f57187f2a118d5514f74c87c2fefca88f8ac6f8c593b652505e2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1401C7EC8E96BC79CBFD92F9DF762D_5398732881722BDE3E78D6CA6BB2B78B

MD5 ae4d7aa077f95e7ad608297431ba2860
SHA1 0f2cfb7ca1cf28277c9504ee28bc7443398ddd8c
SHA256 9a4e15a8aab754947013fe33482eaf310993e2ab4e1ea5490ba1bd43ea6245ff
SHA512 1773ec4c8f5bad4cdd3359f6fa9b4b21aac150d78585fdb8eefbd09550f76b9a277c9e57d7160989a35d7c63b01911052fe385a1edef6173646d0f240b4d1039

C:\Users\Admin\AppData\Local\Temp\shiAAD6.tmp

MD5 b40e4304f279119d9345be970babce41
SHA1 f76f5b30e7c333efcba1d4e19215ef1fd21d6943
SHA256 06285446d57089fe85b3b6127bbc92508773af458ad5cf20abf4570d41c0fee7
SHA512 ad7e6b30b3ba32d641737f499874f23ccda7c4539def0465d1723d579c79c5e3e981df8526d31f2eb79dc0fe572eb4b71a780eb63df11170d4b6a0786f588299

C:\Users\Admin\AppData\Roaming\TI-Nspire CX CAS Student Software-5.4.0.259-Installation.log

MD5 79dc953284d1c8eeb99181bcdf3fec1b
SHA1 378e442bb66b5c59a16c964d5c589ace84d12a4b
SHA256 f04e8fec847c3305e410ba5a42a6c8a090f509cc9df594c9cb8668bcd13a1bdc
SHA512 a328e2a3c52b5aa45a1450e16c5762b166f42d7b82e075e64de0e841535e99e958e435911176263a4346c11dc996b3e1cb2d7efb8333aa80a40638fe42400251

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_en_uk.html

MD5 fc5800eb6188c07a9e5841044de2face
SHA1 0917d57f28eecacfa75ab025b0aeffe1fac6c7d9
SHA256 41c7309875144d88fa085f5d43771696e779c9e432722f64cb98cd84b16b0e1a
SHA512 ab2fc480803d456d5e4bee4d672e7b2f07d7949d18205e51cc41bf4793aed3e470aedece27a26ea643f120d79433d38aabf3c1bdb1735a13275e226bee6c1749

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\license\license_es_es.html

MD5 8512fb3a4946e5ceb666e26c80d3b982
SHA1 57620a7126e7dae517778158657bf8854b4a4952
SHA256 82dacb175687a49f1dbe364eadd7dd1833d3e886df3ffa89d6bcd86349a37445
SHA512 b226d317f92d8b4c021c8748617e878070e03749d46b1ea38217a4254653372384c170cf025852c3da00ad052cde8450f054d5ea575756f25906e49b734cf269

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.management\ADDITIONAL_LICENSE_INFO

MD5 19c9d1d2aad61ce9cb8fb7f20ef1ca98
SHA1 2db86ab706d9b73feeb51a904be03b63bee92baf
SHA256 ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9
SHA512 7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.management\ASSEMBLY_EXCEPTION

MD5 7caf4cdbb99569deb047c20f1aad47c4
SHA1 24e7497426d27fe3c17774242883ccbed8f54b4d
SHA256 b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a
SHA512 a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\apps\TI-Diagnostics\runtime\legal\java.management\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\Nspire\Win7\x86\tinspusb.inf

MD5 943b536056945bbed4d7aba0a076d110
SHA1 c870f5d1566d1d6ff69b85be76426db1fafbce06
SHA256 eb5915598d2c0793697bd4a6df07375b49d73f4cf2efb9050f6b3cf72819da7f
SHA512 73f54363b1529819a1b44ae81108623a3b785d8927a02bf35354f150b625c58bd84c2e5daa2047e22409164a3cc6e851a80dcd76d939a2af62af0637aeafbbd8

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\TI-Nspire CX CAS Student Software.exe

MD5 4a857ee9b23aca8edef07a9f1e6287d9
SHA1 1fc61099e324d9083a7d3a794402a82c788998ce
SHA256 6cc3710bbe289865a59042258c6049f8bba434130afead4f9b5fe7638886e551
SHA512 53b3cff859a4e2c8be1dfa7739f261491ddb4ba6c45b176c7dd88d63eb98238cbadbe6db965b6683e678ea17e8d497d597311995fcdd41053d85d0853000c0d1

C:\Windows\Installer\MSIE2F6.tmp

MD5 b640cebcd6e50fecbf5dd7d423c0234d
SHA1 f45c841fd83aba6ee47a0067c2d777c9c8424760
SHA256 a0f50bfaec3245f3301cd7d34dbdf041a046e0a87d7e3721284c80de12dbfbbf
SHA512 e3acbe95a1155653bbf91cf14cff1db4628e3665c3c17aa026c06a87f424dce6c9c3fd870e15ed3a00591988c5c4d0c8b60a28f60049a94d03cd0c91441d0a9f

C:\Windows\Installer\MSIE41F.tmp

MD5 d72c497092b50c06e6b49e5e13864b54
SHA1 40c59f111c9e64d32235875a14121c982b4954b5
SHA256 457e44ccaac08057e855af809a634b1f297333ab4e2a7b7266cea5c247328571
SHA512 ed77e61f97a5e9362010f98b6a43392d90883de902bbc0bba89f2c70a91d644cce2d22125b3b09851825ec9d7f2c83586cddea9e1ee8025df542ec47b52341ed

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\legacy\Win7\x64\DIFxCmd.exe

MD5 56ed723523176d28f452a3d6c4a1eb9b
SHA1 e851cbfab5a521cd91fddb4ba7e3915274f4de95
SHA256 44505ca0dc3ccbcd5993f748bbeb478e7681fa5fe5dd171ba0ca7848495e4633
SHA512 6ce706e014d5ebbc8b3ccffcf9bccb6431eb5a06837a2dcbab261d3bf4452d6e4ca679cdd8b6c079f27b617f0f5cee01221ca036829dafa32c77b470e1c2f681

C:\PROGRA~1\TIEDUC~1\TI-NSP~1\drivers\Nspire\Win7\x64\tinspusb.cat

MD5 6834a8a4c1d1430eef83eff8deb0e9ba
SHA1 752c2f837d1133c64b72243c223b2b96319ca7e2
SHA256 6d6db16614b7e63bc70c84a08e08825a31172b8da4fe4e4f668167e4e44b8d8b
SHA512 b7d46b880d92af26c7472fbcc999e562489582aaf80b1d2a693d8c416409aec2cf2a3afe716d4de4c0eb2813cfc696ba646fcce3e751e031c4935c0fb0b0187d

C:\PROGRA~1\TIEDUC~1\TI-NSP~1\drivers\Nspire\Win7\x64\tinspusb.sys

MD5 c44d96b1cdde705b23f55ab423cca73d
SHA1 5c1889f64d6e224d832a257e55b2ff7b8504e3d4
SHA256 ab9842e90dd3d686e66bdbe043eb0068272b611d6f63c818eb9d1b6fe2fe23bd
SHA512 06cec365642f454151a1ab961210749ccca71830c2099fe8ad77d8ef81b49dc1b671d40ac6e3ba5fdab4588a3959acae1288050af73b5a21d1e3203fd2d4ee3b

C:\Windows\System32\CatRoot2\dberr.txt

MD5 ee7750dbc0dbda30447cde740a39057d
SHA1 602ecd8a6c9593b69f34f9497e23e5945ac108d4
SHA256 0c9b7bb3b741d25ccc3e77001b968a99d1cde8348e2a4a07a1a96c7f02907f5e
SHA512 6333be392723917ad53697a079b0d2d55c55b672df2ff2129bc327897b95599aaff321ab607f945b681e21b548c2b73a772dad9be7caacc4361158448244c699

C:\Program Files\TI Education\TI-Nspire CX CAS Student Software\drivers\NavAP3\Win7-64bit\tihifusb.inf

MD5 16ce7f0800c03b47a73a6dfc1904ca53
SHA1 9e1332f529ce698b0815655c7b43edd2c54cd7fe
SHA256 839d0b3595e609d4e9370b7938d8cbac2eaa328343c64d75a354d4d9730b7fd4
SHA512 f4f872633b117fc5c3e51c0e0dd69f1558bccbdb5ec0e5f78650dc791b2aa12592d6368852d6087bab8518083c80f350e7b386aad55aba5927314441362657de

C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\WdfCoInstaller01009.dll

MD5 4da5da193e0e4f86f6f8fd43ef25329a
SHA1 68a44d37ff535a2c454f2440e1429833a1c6d810
SHA256 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e
SHA512 b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\TIHifUsb.cat

MD5 d9ded781f85e710c9bd3d9814fb50472
SHA1 2628d4cb092623d480b9c3f0a8270b765fdafebd
SHA256 a555dcd2727720c6734e0943aa1c92d6a40e41e3eddf73b0c063b0bcef78d581
SHA512 bd87d12129dea39b0688b0205823f5d01d0f0cdcc311e95b4c5a5004262fc6145d6bf07ee34efb81dbcf4c7a95815ea14a73fc5d5f60ef7a54f0e1ebeb1c6b0d

C:\Windows\System32\DriverStore\Temp\{38fa2569-66a2-b746-a764-5042b1c42d0a}\tihifusb.sys

MD5 7f320b3649fd507b1da08024bfada9c9
SHA1 2f77f851f64156355af9082667f5de87a520cb20
SHA256 2365c8fbf875626e6aa77a47f560ad6423805fc3792e12f815c7431c4dcbc721
SHA512 a14e7f30721c7e0f7c35888c596acbeb70f371a39606369e0fa71706d87d8bc896b146b6698ddd0cb9ae46a49ec0f0709ac9a22a3aefbe90b6d0bb971a015480

C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\tinwbusb.inf

MD5 77dc3ae73e7e935bdb0d97aae72096a8
SHA1 1a6cfb5c33082bcbd4e4037798bccd3cc7cfb5d5
SHA256 03eb5b6f313a3d21e631e17a6f9cfda67d27f11692525bd8ac833788e5dceb11
SHA512 ec5a05329bb8f04459186d7d441c89a9704bfa475acd283604049e21646fc99e3f2b28fda2e908c7d26e63b581c0a0e81f2b107822631a7846a61a4cd700575d

C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\TINwbUsb.cat

MD5 45f70aa9344e537be7ac5bd974205d6f
SHA1 6356df139c4923145a50f8d438e2a405e7fd88b7
SHA256 52a2ccbb83fe7a3a80215d16b76e5d856914857da66e4a1b40e0b6ec5496fa89
SHA512 ee51ebef4999e3e56c5f8b84681e296306a62979f68b79b778ca0acb4a23ef9acde29d48d108c7bd0ec9ef0bb02eba66856156fb285f058f148893b65b83a223

C:\Windows\System32\DriverStore\Temp\{1a50c02e-a7f5-564d-888e-5b53a29cd5ef}\tinwbusb.sys

MD5 afe98e9d341f7fd637bbf9e5693ac140
SHA1 cd86c8240f78715320e20794f2209d7d7d82d8ad
SHA256 dcf0030d78050e4e6c21bce692362284e88310ff8c6e568d428bfc888e2eaa7d
SHA512 551ec5cb89f557559d8d5975378468f96a8c8560829435087d8b0dc6ac36b06b715db5a29c3eeb063503308845effeddf8dd87c7a40f05294cae35152b5cda30

C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\slabvcp.inf

MD5 5ab148e9238b8c4e1eefc77439739e7b
SHA1 c9c3e5ccb43eef685dd0e2bb4263ddc88c9b3834
SHA256 9b4ddf8f4a513d3d32d7a6a6922d445cff17ea41d952e591f93b74d17b94d18a
SHA512 e25e7df959b99e35e52c0062b3ed538d741ff4aa2aa4b6333d881467594faddaea314c88836bb1272dbd77f806d9930314777d8f3506878a86bf41837ee68dc8

C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\slabvcp.cat

MD5 37d19dfe0a682bf4a3ca21966bff788d
SHA1 f46e3cf27fc41053d7800692c0c7d626a8d783a8
SHA256 ae47b51d0c97ecd82c2e196f9005f914a41504e8bbd1e9fec6ee007afe743fd3
SHA512 5e48751719b263960d59b45217d6180d4a9aa89810c271a3f33b7350989e70fd48a13ecd5447a772ab4b7e7d68ee667141fe50187266b3251475f0216d8d567a

C:\Windows\System32\DriverStore\Temp\{c70cd072-899c-8042-b454-71779990fa5a}\x64\silabser.sys

MD5 0586bf25ce29189803e377610a15c4a5
SHA1 f8359676e7797238a2325f7a45467b1c98a35119
SHA256 d1a4b2fa462dbdfed7e263df79e9f96f779eebc1026cd4d8e1c1bb31f48eeb69
SHA512 521f316c66845df154da7b0f81400961b6f237e1a5d8e4c3709573f01319f2df839418cc8d054431cae9a217ad6b1f0c4f047562793f3e991929c1d715143be6

C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\SETEB0E.tmp

MD5 2222889d682eeea89717c3d15ab65ea4
SHA1 2aa6fc20b79c1bf930183ed5a4efb172053ca8d8
SHA256 7b4c3a5145e1441133db65f729cb8b264ec62c2e48657f4ce251def863d5308e
SHA512 730c5ccd224f6c480ce9f9bfdf5e79ce23e1ad3b60bbade97c7b41816eb474437e44423c99538716f3d297af8857e7454281de5bdebb78325929b1a7dc063426

C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\SETEB0D.tmp

MD5 eeca8645d4359d89e932b37ea2d72d2b
SHA1 6546951a8c99518e09433a441f18f9a0fa795905
SHA256 ca73eecdecbcc4b4dc1f252346918565a5e53d5941d150627e66d2fd4b256472
SHA512 c36b5da8e0d83e6d425970dd896a36eb6262baaa7f440efb88a33356c50a0bb600356f9cc777593a452ac932cc743502c7ce7f2efb60c59fc001c557c2c6f46a

C:\Windows\System32\DriverStore\Temp\{93371f1c-b203-6f47-9dd0-34f70f9ae8a7}\tisledos.cat

MD5 2d0caccafb9238f2c8fda06ad0c3dae1
SHA1 f65a4ebb002f8efd073f66612d1985ce1d3f7ed3
SHA256 9ca08ce9b5c26519a7c9d06d76acc6bdd1426e7fbdbe45342671189c49ef1903
SHA512 532e7b411c110cc3f10749db78fdc145085bf4fba4094cc878061086960d7f8210ba8b579ac5f4c9d2b06c2beb7b4f32d0f9e862a7442c76a6b7589bbe1a7a70

C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\tisledusb.cat

MD5 40677b72b9c31d0b0001011656e76be1
SHA1 30d4aaed158c4e2383801a998ad9e38dbccc1566
SHA256 e0fe0f103f6040ecea5a5e36c05658ecc497baf6ddd34c8a78cfb6a0ac19c480
SHA512 26d27cfcc9749fef2a3c407aa9e15985bbb87e39d1a4d7f2af6820379a0864ddea3ab1de3cc5a5482638235894cb6cf12413eca4ce9dbfeb69a35304b4ecb95e

C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\SETEBD9.tmp

MD5 3afa67f9ca3d360c91f63fbf6f41644d
SHA1 8cfe2a8c3d983ba877fa260c4d4008cf25c13ea8
SHA256 b4864bf3962145d68118779a2586a6bc379043a454a1a8701d29296f6a9d5c2e
SHA512 9cd6ed4a29c6611dcc1e4c519f9a3802484f2b10b1f1f945ce8fd7f8d4dd1e2a9be55571761d24330989d946a62caf0a4ab487dff30cd3dafa2c23e66ee720c8

C:\Windows\System32\DriverStore\Temp\{515efc2a-6370-8243-a85b-e1e0d40a6efa}\SETEBD8.tmp

MD5 7f66d2eb7d62d99d932d2cd33f9026fa
SHA1 4d780708091ca75a7958def7f3eac78722ffe1e3
SHA256 d77084358259fdec6567c62d3bfe0ded82bf2ab7c9c1885b0cef0c844ed88ba3
SHA512 668f68bab83d45958cded8be7a6c5265538faea57c6cad59a945be6f1870d9754462e6c7f0626d58c061e9c2bdff7ae048ef679cef2f14297663aba3dfb6771e

C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\SETECD2.tmp

MD5 b0928646fe329afe0df0d2da16af3118
SHA1 68f24a04afc1a4801f22a58d12ba6919eb2e5544
SHA256 65d37208ac9c9c4c96c9043e5c5b57ba738bea57339ab492ac590acdded4054f
SHA512 43190a84ff936e17271406b9962e280a602112830d24ca6f80aecf2a80f47dae113395957a1c270076a9e5a8506a6e10b2b808ae51efb654b34126c7e6035ba0

C:\Windows\System32\DriverStore\Temp\{68ecf8f9-1b17-e34a-aa04-db6d5598edf5}\tiusbcomp.cat

MD5 29989889adddd1d54fcdcd1d6b776883
SHA1 64fd37357341ec52dbd0cb4db0a5b5d696c771f5
SHA256 ca73334a1aaf31a87e26bd54ee62fb4c6d4e255489afc11edfcd709ea0fcbfb9
SHA512 895b346532326ee9f61ac92eb41bf5c189a31a5a66ca75b3ba293918e644b7c502c0518135c9762b37b56818700906656f98725ac73ac3d9a6045f79b0150c05

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll

MD5 5a236151f25fbd59069b5aa86a4997ac
SHA1 94fe68d20efb7424c2543865a416481fe56a0de7
SHA256 7fc6e04d7cd63f6129121a596e04cc6a7a157fd77e24b6e457e09b0c082d7107
SHA512 9a274d7020b962a5e56a3a912122d1be173ecba15d7a4f5139166546f878a4600fd40508b8116e63e701f4be5737c953d53f2ed76a3e6899f98edab57e5c7ff0

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll

MD5 8794d1c43d139120b35193565518ee9e
SHA1 263aef0a76427a9dfd385f0d1f7282be053eb29c
SHA256 5c843810b2db2d2fcce68a796f38dc1b1389d3cd65616f802661a498a4ffba5d
SHA512 5f76b3e71162ce7782b02a46b9ddb85414a097941661cf4fb56f52f8fc70577520432662c4c7efacdf8e5d499e38e716d8d38ea8c11d08c93a31573918808e61

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll

MD5 4854995261e09e60d14dc7273801b13b
SHA1 400ba2afba33c551e3407bd387238f0b5ece2406
SHA256 5a09cc5fee28dc87247bb435d9ceb5e1636ac5a49bf4d08caae74463774f00c7
SHA512 fb11568553e48aae10a91a28e35362fd2f9e0a5d051d2826802e6c7c8e392c3bdf6e34c5d1a71e25832d196b0cd26153621a2882d31868a226a71edd479c7f98

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.tgz

MD5 3b0d25419c380765504a0ade057b810e
SHA1 4a68360e361578f752e5eba8d5eeaf1e5677569c
SHA256 f5283f8a57c7736673c01a0656ce84d3561c9195fef87588999dc9784acba1cc
SHA512 baad477c1836141eb29544bd2bd67b05d57828d1b397ad424f0a8899b2be9df024426261aa1042c33e5f012327094041831966c4d93ca13b15874684fef69cb0

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll

MD5 33c92ffb64cd4825a7d509b62db3a651
SHA1 ff6898cbe0a1c7547b6ae3681230efc0b0d33d4f
SHA256 415bdd74171c9c721c681e99a04789655c0bf2469ff57c8b510c2b5c968d6fd3
SHA512 8a3111afa1f8b10d53f5ce2a0aea6a7d3391a342c7fa590e495f78eee58ea656fe83ce2a2cb31b1df8751bec1b279cd07daafb8d063c8a2ae306dcc2346329e6

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.tgz

MD5 7d0beb710e51b5e2e22e1621f1fdb22c
SHA1 a8367d727673028a973d95dc33bd9323ee80c129
SHA256 e646593def4ab46953b66d757c274326e5ee1f14c5b2403406f80380dffcfb91
SHA512 e0625517ae58c540f552698572a500346f2cf0477e93a93b4498661128d36f4a1e9d989c13e406b49d4105fc453b9c6f7f1486de36205d5c1a26fbdb61eb9b6d

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\jxdqvvr.tgz

MD5 80fcdf794a4fcd0879e794229055cd69
SHA1 6dafebf664cf45b40e1c5b4f6fc48c417a51053c
SHA256 67a685c08bd09461e01b85bf7a611c6ee7c2a81d6ca70e78ee6dc49b25215370
SHA512 81649ede62f4d0d583ac37a5c37bbea898f58a9bf38fca5a094804d65e4221bdf2c9b6cfefa1844343d10fc80a2711299af1e9f4347a3bf666c1efab0ace4122

C:\Config.Msi\e57accb.rbs

MD5 cdcb35bfb0fbe24d024a1a2013a15581
SHA1 a276cb566a0bbd1161dfbe9fb1572cc425d80151
SHA256 71d58fdadc4198a0c8791b24567a0294214dd663f5d47c4ab8487a41b0dcc489
SHA512 94e05a55c8b1bd63a81bfccd9f712fd74636338865f074f622222b0e37329adb60ce4a8198a42667e81b3ac33565328cc4e41ca45204f554be415d106544e7df

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Ok_Button2.bmp_1

MD5 7d52c4f4d665b7ae0c8d5e52f4ba71c7
SHA1 060bc987951608873bf85ae62830330d26c94eb0
SHA256 77086cc965de3ffff6890bc55a8bf672bb1cabbc100897cc9de6f19ae267c7e9
SHA512 9124d7c2042e65657eb0b89d587b145274cb815afa718dd684c71ee0c24879424b043d01b09be62589e4c04d0e5a998b99933a4105d75c658170ad2f37447546

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2336\Done_Icon.bmp

MD5 c1e525bf6e5505dbb5cf8adecffbaeb7
SHA1 440766194e8b5d5db15e343deb3a50be71dddd95
SHA256 cddacc9e88152e20eb386822e91e23b3b5bfc4c021262ad269f5a007cb82e0c9
SHA512 97607ceef203673d4fcde05450eb7510e5bb1149a459dd76401fcdb1c147fb9f5ba18fa942e78a957043db572cd1d56268c755fc6624a2ba60b137bf534fce1f

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna11639081003756233109.dll

MD5 e02979ecd43bcc9061eb2b494ab5af50
SHA1 3122ac0e751660f646c73b10c4f79685aa65c545
SHA256 a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a
SHA512 1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll

MD5 30780f0abaee45d4043bdf9141a4fd47
SHA1 6ca4c2c5432c801f7839fa4e6a703f67b6750792
SHA256 c2baa044ee2f5ad66f0816492b203614aa20c1a7612567491a823af89c724efe
SHA512 7d37e3a5eeaf75f5b10d3caaf2a27b4d2be4032fb5fff9d2f49a9ae840081d0638d5e1af676972c66d82121ced3e594f3e4b0da815af4825547362889ef0f9d5

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll

MD5 303666f3dd5336edde2c790df4c0debd
SHA1 262178db350f1651552b24680ed71379d753dce0
SHA256 a961380784113f0004e904fe79c880b7c5eb1ed6b8f90d45e5e3a9fa1ca874e0
SHA512 e2498d14d56980c0a5d6b07898ba05e03283f84a4b9dc3f7afbe9a0578b56cc001abe66d321286485cb060489b3b1e667cc3b3a4604f4c042793692fe2f87550

memory/4660-1906-0x00007FFF5F2A0000-0x00007FFF5F36C000-memory.dmp

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\q64zJJjyvKimu8lztMeO4.cab

MD5 8ca3b7a082bc3c2f7095d749093bea5b
SHA1 ba6abf7482119c4c542b7c44643702d600ba587b
SHA256 f8ae669c993b1420d578867749d4adb30b660afa0a94e21b4a4fbb69ab762d86
SHA512 8adb244ab901c722b6d355a9176deb0a72c290eb3070aa53a27562dd9e5784d5a2986acc9514db2bbaa09ed85e28545fc75fd8a48511803da5983dc25fd0e6d6

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\mFxyBiU-Z4264MRTF2fRS.cab

MD5 3b60aa2c072df38064354dc9d12bb7e7
SHA1 06c309a99517242ef83bf3901a21fe76476ca89f
SHA256 b9e9d3e1675171528fe58af9b7f124cbbfad7d032350dff48f2156e24e172265
SHA512 dce96c9328f9b90798cbd16462412c00564da6c6f6ca5437d8ec581efc57ef722d75329a5345f660d70a6a74953d5cc996e67f972bde4bead1add93ddabc011e

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\Or19E1jD7VkcjFHvRgZ0v.cab

MD5 37d309038e5e4d7a2b815aa890e736e8
SHA1 88128715d7adfd963d8262d089bfa2ea6721883b
SHA256 e9d70baa486c8e6e8d7b70835bebfa80e4c3dd742594dc716987cbea44d28a7f
SHA512 c401944de398481917f6ceb71e998f5ac09c96b7e5dae1d6604256954f739210a7e631dd4a6d077db76aefce531812c8a92e40f493fa8aeb2dd456134eefd3a2

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\FFK6hRIuajiTz7bB68H2p.cab

MD5 cb032e1f1e569bb73465333d762d67ef
SHA1 eb3324021080559b4ff3d195b4e29b33693fd394
SHA256 dfdabe17956f610081759e394b67057f87d42dca5e2209deba1af5c596a7b72a
SHA512 3be87d99862b5b47eb3020740a4c38e0bbe6d16c90a7bc7b485fe62ac6b9eca1dded909ce2196bcea7c82cab1c0d0d2e0b1b935560e6e18e48c4ad27eac671f6

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\jxdqvvr.dll

MD5 b2d444746fc9083a5dde78e617ce9b2b
SHA1 5ed4f1e6c0f7748cf3f89e952879df037a4376ee
SHA256 2d82bd85ad12766743f84f07d2c490f5d556e4d632e3913bfe68dcf739ed7ab3
SHA512 4fac9a21f5af4c09b8410a7d49bf856bb5b3b5f323ea249f06e46f98f36f09813c6e7bdbad27f4be0a53224baed986680d839dab093541002a17f96fd43278cb

C:\Users\Admin\AppData\Local\Temp\t0000002.tmp

MD5 b67ace5a193cdcab359e8f031377f679
SHA1 6dc4db39ef997a9e25df70ef8c56598559b43bb6
SHA256 6543b5c9ef8388eef2590be60a1e7ed8a6fecc481b5b5a3c057539459b8dd48d
SHA512 e71a83960ba3ae3b9d2097e970dc6f725bb987ec2622bd640b7d2c5138a9fbe35bd8623a5400f121b51a36463a76fe59fde6462e858d6164ffd3813192ae8f00

memory/4660-2283-0x00007FFF5F2A0000-0x00007FFF5F36C000-memory.dmp

C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\jxdqvvr.dll

MD5 f327efc523ffe06a72f02ad8477601e9
SHA1 9365b9615ea7bebfcb0f0b0dad3977f258436790
SHA256 5fd15742a061f5eae96eab0cf859f7fa98e25efb0ea4fa1ee3c05b57d44c60a0
SHA512 f4266fb01b31e4feb94226b07d276558f67b486446f9e0de17c9f1f0a7b530b8342ee2948aa4768870d8856ef58fdf7c57c8c9c94e53dd1794ee08af21ad0132

C:\Users\Admin\AppData\Local\Temp\TI-Nspire-SE-CAS_1777391534383282196\nsp725320757679226134tmp\phoenix\insp\locales\en\iconsColor.res

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

C:\Users\Admin\Documents\TI-Nspire CX\MyLib\linalgcas.tns

MD5 c3ea6ef4509d238da03618c063a47013
SHA1 36951ed7f66bd62022aabdf70cd9450161b36cf5
SHA256 308f0f399dce1570b0c16f61f56058fb607d2c648abb5f6e6219774a8e4c74ac
SHA512 0e17cb9fa2124b3b9e438d351b3b3cf019b89dc0e7900bc236f50a0decd061a3432ef80380a38f998f4fca6891fae50bc72998c82c253e5805417b0bc94ab2d8

C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_rover.tns

MD5 bbf154c9f9ba906617f0c2a34a152fc9
SHA1 4b49ba9128cb371a776e36ff51df46c16ac68fac
SHA256 da521c10152aed01518b018c85c835ebc204c99b2f7abd489721de17f3570031
SHA512 519aa0af957406dc4275b960511e110c05b93f65123a76aab2f4f258935bca566a4e4579735aa61bb2514812d873502189e3a83fe5fbc17050d8709fcc002672

C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_plotlib.tns

MD5 b7b36210a71cd1e190117f1d19cb6b54
SHA1 07ea6a5dd5938c669a36a7a70fd4f3ff09f3ad9a
SHA256 4dcc9b53857412652d973273df0056778198e80474df5fee939ccbe094163857
SHA512 939c87794950a731dcbc9db4a6c62d4d2cf724ff031d7723681335b6a2312e259bd57c9548d0f030ba76830111ec2668731940f0d061bf0c23f143c9f3a878ad

C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_image.tns

MD5 10de60990ed65b63aa8bb9b888ea6235
SHA1 09e465922ad413cf785a689c4915bacfa9c4bb30
SHA256 144823f745f689fa33753619d9510216e6bf1af4237e1ba5c051975122053e8d
SHA512 17395e5c546ef8cd9420f71ba84f8caea30ec1d8b596432a88989c76bcd8132334a7e8c3d5a7199c90c70771ed97af78aa72562ee246f07a284aed98eebe7875

C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_hub.tns

MD5 7249d24cdee68d99639af31b07848d13
SHA1 61e122327f7b196e5dc2c0f5436af4fd2a32c566
SHA256 e1200c343ffd03f45695637b9d8239f85c70c8e3b27625603e900d3a085243e0
SHA512 0136a591b15891a7bda310d6c182e641da0a85004e4a188a7e46c1182237d1e936f2d81a5f05e85e53bff6b5876d677185a63912a49452ae06e32f9f42a95803

C:\Users\Admin\Documents\TI-Nspire CX\MyLib\numtheory.tns

MD5 a47e42f7a707d6f76e9ee0dfb9599644
SHA1 aae610e98984f49b0d0c623515a69558a5be5e52
SHA256 bf3ec9b3105ff95911108656b7883792befbca9a29c424d7fd1c9f4c50603377
SHA512 f99c38523d550602a2294accd733cdf7d24fb24e74e637bf87b75df94fdfecc6089ac0d0031c54484679592d619bff29247368fd31961eace962e3a8dec5390f

C:\Users\Admin\Documents\TI-Nspire CX\PyLib\ti_system.tns

MD5 a64fba7f8b9b1a514725210af4caea34
SHA1 1baa5085706b971b3efcd99a898b899275ea67a0
SHA256 ef5345b8073d94e4566688141e3630da68cbf8cccd135b100168fdab9a71a1e4
SHA512 aa70fb3987ae7a5b756ed26ea8cde97ce42e236e4b81c729ec8bd749f7b7fa9a22eb1fa3b51f9c481ae650edd2e34705d30f0dcc5af48716b153db8e2a2380f8

C:\ProgramData\TI-Nspire CX CAS\res\settings.properties

MD5 a4b019ffb9f65b5e35f0a95adbf4c3b6
SHA1 6e18132e7ae561e60bfd4319cd46736114ba1a74
SHA256 a2eb32008c9271a94397a685e8fe62a92d8ea8dbe183f0723b54242ac42b325a
SHA512 a278b4cf33f477eeb7bcc3717f79b1b3583b93316781a14b575efd224fde85a21f3d05265fc53a87866e4905a848900303b120a9e5ec29e82829f0edf722a1c9

C:\Users\Admin\AppData\Roaming\Texas Instruments\TI-Nspire CX CAS Student Software\preferences.properties

MD5 8cac35321299a3f8e399df0c1e989ef3
SHA1 e50b3764d093ae8cbe66164a102ddda17f316d7e
SHA256 9e3f1f48d2ac206dc0dc2d0662b01d0776abcd7cf6ed68f9e0659f50380fe05f
SHA512 43aaf92d4263dd1c46f4a377b3bbec99e6ab170c0888a1fc1a198de767f35de6a6c40fea1e32ae6fcf237fa1479df4db3c525c785e7123260b95752348390e7a

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 18:30

Reported

2024-06-12 18:35

Platform

win11-20240611-en

Max time kernel

90s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Loaders\Student\Loader.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Loaders\Student\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loaders\Student\Loader.exe"

Network

Country Destination Domain Proto
US 52.111.227.11:443 tcp

Files

memory/2324-0-0x0000000000400000-0x0000000000447000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-12 18:30

Reported

2024-06-12 18:35

Platform

win11-20240419-en

Max time kernel

147s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX\Loader.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loaders\Teacher\CX\Loader.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/3136-0-0x0000000000400000-0x0000000000442000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-12 18:30

Reported

2024-06-12 18:36

Platform

win11-20240508-en

Max time kernel

136s

Max time network

156s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"

Network

Country Destination Domain Proto
US 52.111.229.19:443 tcp

Files

N/A