Analysis Overview
SHA256
f27233b2db7e1465a4d41ffdd6e12c86f202fb46e78f5e4571e1a3f535e7659f
Threat Level: Likely malicious
The file FastReporter3_64_Bit-v3.14.zip was found to be: Likely malicious.
Malicious Activity Summary
Suspicious Office macro
Office macro that triggers on suspicious action
Executes dropped EXE
Loads dropped DLL
Network Service Discovery
Blocklisted process makes network request
Enumerates connected drives
Checks computer location settings
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Checks processor information in registry
Modifies registry class
Enumerates system info in registry
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-24 20:18
Signatures
Office macro that triggers on suspicious action
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious Office macro
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-24 20:14
Reported
2024-07-24 20:24
Platform
win10v2004-20240709-en
Max time kernel
150s
Max time network
166s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
Network Service Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation | C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation | C:\Program Files\EXFO\FastReporter 3\FastReporter 3.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\tlbinf32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\cw3dgrph.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mscomctl.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msdatgrd.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msflxgrd.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mshflxgd.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msstdfmt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\sysinfo.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\comctl32.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\cw3dgrph.dep | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mscomm32.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\tabctl32.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\comct232.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\comdlg32.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\cwui.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\cwui.dep | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mscomct2.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msmask32.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msstkprp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\richtx32.ocx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\comct332.ocx | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\EXFO\FastReporter 3\Microsoft.Extensions.Options.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\ru\Metrino.FastReporter.ExfoConnect.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Oltsx.UI.WinForms.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.FastReporter.700.FIPPlug.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\de\Metrino.Otdr.Detection.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\es\Metrino.Kernos.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\es\Metrino.FastReporter.Common.UI.Controls.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\es\Metrino.FastReporter.ExfoConnect.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\fr\Metrino.FastReporter.400.CDPlug.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\fr\Metrino.Otdr.FileConverter.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\de\Metrino.FastReporter.500.PMDPlug.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\de\Metrino.FastReporter.Otdr.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\locales\fa.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Otdr.Globalization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Pmd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Compliance.OTDR.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.FastReporter.Loopback.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Microsoft.AI.WindowsServer.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\PInvoke.Kernel32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\zh-CHS\Metrino.Otdr.PowerMeter.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\zh-CHS\Metrino.Catalog.Optical.Cuif.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\es\Metrino.Oltsx.UI.WinForms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\es\Metrino.FastReporter.OfmPlug.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\ru\FastReporter 3.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\de\Metrino.FastReporter.200.OltsPlug.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Platform.Client.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\locales\cs.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Catalog.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\locales\hr.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\BusinessObjects.Enterprise.Sdk.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Results5500B.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\EXFO\Bin\fi-FI\LicensingInformationCollector.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Cursors\Vertical.cur | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\PCLCrypto.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\es\Metrino.FastReporter.iOLM.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Catalog.Optical.Cuif.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\ICSharpCode.SharpZipLib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Help FastReporter 3.pdf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\EXFO\Bin\FilemngrFr.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\es\Metrino.Compliance.OTDR.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\ru\Metrino.FastReporter.iOLM.Winforms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Mxp.Module.Oltsx.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\locales\bg.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\de\Metrino.FastReporter.400.CDPlug.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Mxp.Module.Common.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Metrino.Olm.SignalProcessing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\locales\da.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\locales\gu.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\ja\Metrino.FastReporter.Common.UI.Controls.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\zh-Hant\Metrino.Otdr.FileConverter.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\it\Metrino.Report.Module.Otdr.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\it\Metrino.FastReporter.AsposeReports.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\fr\Metrino.Kernos.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\de\Metrino.Catalog.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\locales\de.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\Svg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\de\Metrino.Kernos.UI.WinForms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\System.Buffers.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\es\Metrino.Kernos.AppModel.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\ru\Metrino.Otdr.SignalProcessing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\System.Text.Json.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\it\Metrino.FastReporter.100.OtdrPlug.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\it\Metrino.FastReporter.Otdr.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\EXFO\FastReporter 3\es\Metrino.Renderer.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_1069A4FC_9DC4_4C14_A598_6B5D005CBD8C | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_F5EA22DE_A8AF_458B_BFE0_CDB2FCEB4492 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\TGHVHC5S\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\3PROGR5O\Z2OP138O | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_29D56BE7_C9E0_469E_8DB8_5DCD21BDEE13 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\AWNV3FSJ\Metrino.Kernos.Licensing.Cryptography.Resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\AXEUSHWX\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\IDNZ864O\policy.2.1.Metrino.Kernos.Licensing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\F59629D56ED3BB04897E6315884A3FAE\3.14.0\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_8EDB2377_94C8_4A9B_92EF_9754EB519768 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\pubpol24.dat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240724202153155.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240724202153014.0\msxml4.Manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240724202153014.0\msxml4.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\F59629D56ED3BB04897E6315884A3FAE\3.14.0\Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\F59629D56ED3BB04897E6315884A3FAE\3.14.0\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_289A2642_E576_4A98_9F59_32738CDC5957 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\0MM8WDKY\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\X4W4C7VY\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\F59629D56ED3BB04897E6315884A3FAE\3.14.0\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\NewShortcut1.76427A7A_1F17_4D15_A42C_CE8B27011B90.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_9C6616F4_0D1F_4266_BEE5_84838AFCECC7 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_939039BD_7CD5_461F_8DB4_FC87E846E315 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_8EDB2377_94C8_4A9B_92EF_9754EB519768 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\RNJKRVAR\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\M7G4Z8JS\C9RGMZ02 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_A51CD896_0A1C_409C_A8B0_05E9369BE68D | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\pubpol25.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\I9XJLYR6\45L2FQEU | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\F59629D56ED3BB04897E6315884A3FAE\3.14.0\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\F59629D56ED3BB04897E6315884A3FAE\3.14.0\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_939039BD_7CD5_461F_8DB4_FC87E846E315 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_2A244C17_91FC_415A_857C_58C2C6D98FFC | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_E4BC7226_376D_45F3_818D_98AFD1348630 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_92DDC71D_9BA2_4BEB_9BED_53153C5238A5 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\VNJ9MBCB\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\pubpol27.dat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\pubpol29.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\NewShortcut1_9A491FDC74BF405486CE552561AE560E.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\NDAU5AYR\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\F59629D56ED3BB04897E6315884A3FAE\3.14.0\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_1A906F22_9389_4539_81FF_6C383E06D0FB | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_F5EA22DE_A8AF_458B_BFE0_CDB2FCEB4492 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\G2U5301L\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_6BCA84A2_2986_4D3F_8EB3_6B942A2E6C03 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58340d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\pubpol26.dat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\pubpol30.dat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240724202153014.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_BD8AC01D_BE73_4BDB_8DDE_73AA3FCDC902 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\F59629D56ED3BB04897E6315884A3FAE\3.14.0\Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\F59629D56ED3BB04897E6315884A3FAE\3.14.0\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\NewShortcut1.76427A7A_1F17_4D15_A42C_CE8B27011B90.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_BF8B0180_F9DC_4E3C_B10D_212B18D016AC | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_3F3C9942_3C89_45AB_8451_670E251C5F09 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4150.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\HONJQ4QO\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_4B89FF10_D186_4084_9033_9C204A46DC6A | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_7A283BED_8595_4FDE_8695_2BD9A3AAD8B8 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\87Q5EADU\Metrino.Kernos.Licensing.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\YFQK84KI\policy.2.3.Metrino.Kernos.Licensing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\T7CR8EQC\CNMHGHMM | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000004640681c343585510000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800004640681c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809004640681c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d4640681c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004640681c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\EXFO\FastReporter 3\FastReporter 3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Program Files\EXFO\FastReporter 3\FastReporter 3.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\EXFO\FastReporter 3\FastReporter 3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\EXFO\FastReporter 3\FastReporter 3.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9AE53D52-2A33-439B-96E1-B4DA7C372F21}\InprocServer32\InprocServer32 = 320077003f00290046004800350049006d0038002b005d0063002b00420030006f005d005300740050004d0044003e005900340066006d0037004100310043006300390047002e0036003500600044004400500024004e0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FastReporter 3 OLTS File | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADDCED38-8662-43CF-9027-9D25B73DAA8E}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DD9DA662-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Toolbar\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C798BD20-2319-11D2-A253-00A024D8324D} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ComCtl2.Animation\ = "Microsoft Animation Control, version 5.0 (SP2)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{2E12B4AB-8722-4560-8F02-26F64EA308E2}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6810EEF1-232D-11D2-BEC7-00A024585300}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{399F278A-451E-4388-BAD5-A23DC1491F6D} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A877ABC-3F1F-4575-9DDA-6457248B2ABA}\TypeLib\Version = "1.6" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.SBarCtrl.1\ = "Microsoft StatusBar Control, version 5.0 (SP2)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A1-850A-101B-AFC0-4210102A8DA7}\ = "IPanel10" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{668521B2-CD1E-4DBF-A8DF-39953583E905} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{951738D1-D2B7-11D0-B292-00A0C908FB55}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C5C27164-E469-42F1-9E6B-DD25CB61B4FC} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{04ED3BB7-984D-4F0F-B51B-7362C65E8AB6}\1.0\0\win32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ToolboxBitmap32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8B21774B-717D-11CE-AB5B-D41203C10000}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F59629D56ED3BB04897E6315884A3FAE\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DEFECB48-F1D2-45D4-926C-659E61494243}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{310FDEA2-B150-11D3-B3F0-00104B726EA8}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWOW64\\mscomctl.ocx" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EXFO.CDInstrument.Source\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D940E4BE-6079-11CE-88CB-0020AF6845F6}\MiscStatus\ = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A483B4F5-16E8-4859-A9C5-ABD34E38200D}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\EXFO.Results5500B.Acquisition | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\MiscStatus\ = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{0713E8A1-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8B21774D-717D-11CE-AB5B-D41203C10000} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18915301-AA28-4B76-962C-ABE5971F7259}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|EXFO|FastReporter 3|Metrino.Pmd.PmdB.PmdFileImportExport.Interop.dll | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{31445F32-11B6-4DE9-BD55-5E894BB748EA}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Module3930.AlimTools3930 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Metrino.Kernos.Licensing.resources,Version="2.5.0.0",PublicKeyToken="E1335BAED691AFE9",Culture="cs",FileVersion="5.2.14310.1",ProcessorArchitecture="MSIL" = 320077003f00290046004800350049006d0038002b005d0063002b00420030006f005d0053007400430044003e003700730038006700710043005300650060003f0067007a0065005b004c0060005e002a004000400000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{E6E17E80-DF38-11CF-8E74-00A0C90F26F8}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{232E4565-87C3-11D1-8BE3-0000F8754DA1}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1707911E-094A-47DC-98DF-E83BC5AF3FF0} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{57FC8B21-CA0A-40BB-A616-0707990735E2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\ProgID\ = "COMCTL.Toolbar.1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\FastReporter 3 iolmconfig file\shell\Open\command\command = 320077003f00290046004800350049006d0038002b005d0063002b00420030006f005d005300740046006100730074005200650070006f0072007400650072003e0076007700670049006f006e004f003200730038005e007b00410035004c00480038004900240034002000220025003100220000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}\ = "ISliderEvents" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32\ = "C:\\Windows\\SysWOW64\\mscomct2.ocx, 1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F0D03500-9A68-4817-AF6A-AD0C1B5ADB19}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8432BB8D-91A1-4879-88A8-FBF2851E2B68}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\ = "Common Dialog Color Property Page Object" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA446721-595A-11D2-A3AA-00A024D8325C} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E9D00F06-D948-11D0-BCF7-00C04FC2FB86}\ = "DataGrid Splits Property Page Object" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Version\ = "2.0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B217749-717D-11CE-AB5B-D41203C10000}\TypeLib\Version = "1.0" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\EXFO\FastReporter 3\FastReporter 3.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\EXFO FastReporter 3 (64 Bit).msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 86AC1614318077191E62C585A034CE53 C
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{61F9072C-5D40-444E-BE53-6C841CE9DA3B}
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E0295389-F43F-4080-A9A0-038D1A67AE53}
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{75CB1A90-6AC7-441E-9EB9-59D4879903D0}
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{84E5B819-5526-424F-8860-E887F93FC08D}
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD80D28A-BBAD-4989-A3E5-42F4E13D6B10}
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7663B900-D1E0-4422-9968-91AF6878B9A5}
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7337BD75-28BB-44E2-A82A-5BF746FD655A}
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1E0F7C1E-64FA-494E-B896-B738EB6F3335}
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E7A5A8C5-5E4C-49FC-99CA-D54EBD8130E2}
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5957E83E-9582-4A20-A80C-3C7C80A88C79}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6CB8777A-24DB-4181-96B1-41EEC27B4323}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6F6B1BF3-AD04-4CBF-869A-F276AFD384A8}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ABB39FFC-0F50-44C6-ADFE-95FA4DEDA918}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{97D5CDDF-78F5-4455-949A-6BB56A99E125}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C8CF8B4D-E42C-4279-B469-F6BE4D0F2FAE}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E58B1A7E-5BF6-41CE-8B34-30ACA174FE6C}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2C6E1369-2005-4481-8F33-50D130604C0E}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B6AF1BAE-A66D-46D8-BB71-2DBC35B5AFBE}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FE3BB85A-6E2E-4499-929E-FA32E0AB496E}
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E7F3CEF0-804F-4F21-8DA5-1AD4395C6368}
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 32BD96D2071A188FFDF9A7909F3D7665
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3B044615-AC93-4B57-B36D-D2254017FED8}
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8915D503-C87B-405E-8AA5-CC770CF8639E}
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B25256A3-1CCF-4917-8DBE-6CEDF67139B1}
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9FD2C36D-FCB3-4FB9-AB36-E66E5E0409BC}
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3F617A1A-D45D-46A7-B860-66D1A7357441}
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A8C73BA2-34D8-4695-9FC7-812EE78D4AD8}
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37E08B63-64A4-414F-8FBD-37C0535D92C5}
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2F8181BD-DD33-4B5C-8BFD-77EFA86B7E6F}
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F1987FA8-3120-48BC-B0BC-F7473710A1D6}
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{16DF813A-ED49-40B0-83F1-B0EC2EE25EBD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C6BDAF3F-D52D-46EA-B99E-735950D41A33}
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 9FA4B2B447C1451B793FB887404A0AA1 M Global\MSI0000
C:\Program Files\EXFO\FastReporter 3\FastReporter 3.exe
"C:\Program Files\EXFO\FastReporter 3\FastReporter 3.exe"
C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe
"C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Metrino\FastReporter" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Program Files\EXFO\FastReporter 3\debug.log" --mojo-platform-channel-handle=2748 --field-trial-handle=2780,i,838780942592673755,6561727518835853724,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2 --host-process-id=536
C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe
"C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Metrino\FastReporter" --cefsharpexitsub --log-file="C:\Program Files\EXFO\FastReporter 3\debug.log" --mojo-platform-channel-handle=3104 --field-trial-handle=2780,i,838780942592673755,6561727518835853724,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8 --host-process-id=536
C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe
"C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Metrino\FastReporter" --cefsharpexitsub --log-file="C:\Program Files\EXFO\FastReporter 3\debug.log" --mojo-platform-channel-handle=5324 --field-trial-handle=2780,i,838780942592673755,6561727518835853724,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8 --host-process-id=536
C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe
"C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\Metrino\FastReporter" --cefsharpexitsub --first-renderer-process --no-sandbox --force-device-scale-factor=1 --log-file="C:\Program Files\EXFO\FastReporter 3\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4248 --field-trial-handle=2780,i,838780942592673755,6561727518835853724,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --host-process-id=536 /prefetch:1
C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe
"C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\Metrino\FastReporter" --cefsharpexitsub --no-sandbox --force-device-scale-factor=1 --log-file="C:\Program Files\EXFO\FastReporter 3\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4324 --field-trial-handle=2780,i,838780942592673755,6561727518835853724,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --host-process-id=536 /prefetch:1
C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe
"C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\Metrino\FastReporter" --cefsharpexitsub --no-sandbox --force-device-scale-factor=1 --log-file="C:\Program Files\EXFO\FastReporter 3\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5772 --field-trial-handle=2780,i,838780942592673755,6561727518835853724,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --host-process-id=536 /prefetch:1
C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe
"C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\Metrino\FastReporter" --cefsharpexitsub --no-sandbox --force-device-scale-factor=1 --log-file="C:\Program Files\EXFO\FastReporter 3\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5768 --field-trial-handle=2780,i,838780942592673755,6561727518835853724,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --host-process-id=536 /prefetch:1
C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe
"C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Metrino\FastReporter" --cefsharpexitsub --log-file="C:\Program Files\EXFO\FastReporter 3\debug.log" --mojo-platform-channel-handle=5860 --field-trial-handle=2780,i,838780942592673755,6561727518835853724,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8 --host-process-id=536
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc 0x4c8
C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe
"C:\Program Files\EXFO\FastReporter 3\CefSharp.BrowserSubprocess.exe" --type=renderer --log-severity=disable --user-data-dir="C:\Users\Admin\AppData\Local\Metrino\FastReporter" --cefsharpexitsub --no-sandbox --force-device-scale-factor=1 --log-file="C:\Program Files\EXFO\FastReporter 3\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5864 --field-trial-handle=2780,i,838780942592673755,6561727518835853724,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --host-process-id=536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --new-window -inprivate --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" https://exfoexchange.com/signin/fastreporter64:%2F%2Fsignin%2Fcallback
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9f2db46f8,0x7ff9f2db4708,0x7ff9f2db4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --mojo-platform-channel-handle=2740 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --disable-databases --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --disable-databases --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2643999992270799787,11773950837589124956,131072 --disable-databases --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.147.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | testflowapi.exfo.com | udp |
| DE | 3.68.62.15:443 | testflowapi.exfo.com | tcp |
| US | 8.8.8.8:53 | 15.62.68.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.exfo.com | udp |
| DE | 18.184.183.182:443 | login.exfo.com | tcp |
| US | 8.8.8.8:53 | 182.183.184.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 10.127.255.255:1947 | udp | |
| N/A | 255.255.255.255:1947 | udp | |
| N/A | 127.0.0.1:1947 | udp | |
| N/A | 127.0.0.1:1947 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| N/A | 169.254.169.254:80 | tcp | |
| N/A | 10.127.255.255:1947 | udp | |
| N/A | 255.255.255.255:1947 | udp | |
| US | 8.8.8.8:53 | testdns.exfo.com | udp |
| N/A | 127.0.0.1:1947 | udp | |
| N/A | 127.0.0.1:1947 | tcp | |
| US | 8.8.8.8:53 | 18.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ws.exfo.com | udp |
| CA | 199.166.16.246:443 | ws.exfo.com | tcp |
| US | 8.8.8.8:53 | 246.16.166.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | testflownotification.exfo.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 18.184.33.128:443 | testflownotification.exfo.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | www.exfo.com | udp |
| US | 8.8.8.8:53 | www.exfo.com | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 104.18.41.113:443 | www.exfo.com | tcp |
| US | 8.8.8.8:53 | 128.33.184.18.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 23.204.224.203:443 | tcp | |
| US | 13.107.246.64:443 | tcp | |
| GB | 142.250.200.59:443 | tcp | |
| GB | 142.250.200.59:443 | udp | |
| GB | 142.250.200.59:443 | udp | |
| US | 104.17.71.206:443 | tcp | |
| GB | 184.28.198.187:443 | tcp | |
| US | 192.28.144.124:443 | tcp | |
| GB | 151.101.188.157:443 | tcp | |
| DE | 91.228.74.200:443 | tcp | |
| DE | 52.58.31.187:443 | tcp | |
| GB | 216.58.213.14:443 | tcp | |
| US | 199.15.214.243:443 | tcp | |
| GB | 172.217.169.35:443 | tcp | |
| US | 192.28.144.124:443 | tcp | |
| US | 199.15.214.243:443 | tcp | |
| US | 104.244.42.195:443 | tcp | |
| PL | 93.184.221.165:443 | tcp | |
| GB | 23.218.75.88:443 | tcp | |
| GB | 18.245.187.55:443 | tcp | |
| GB | 216.58.213.14:443 | udp | |
| DE | 52.58.31.187:443 | tcp | |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.224.204.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.71.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.198.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.31.58.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.144.28.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.214.15.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.75.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.187.245.18.in-addr.arpa | udp |
| US | 104.22.29.199:443 | tcp | |
| GB | 172.217.169.35:443 | udp | |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.29.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| GB | 173.222.211.50:443 | tcp | |
| GB | 79.127.237.132:443 | tcp | |
| GB | 13.224.245.87:443 | tcp | |
| NL | 20.50.88.244:443 | tcp | |
| US | 34.86.117.221:443 | tcp | |
| US | 13.107.42.14:443 | tcp | |
| GB | 18.245.253.22:443 | tcp | |
| GB | 99.84.9.26:443 | tcp | |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.88.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.117.86.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.253.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.9.84.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | exfoexchange.com | udp |
| US | 8.8.8.8:53 | 69.242.123.52.in-addr.arpa | udp |
| GB | 108.156.39.27:443 | exfoexchange.com | tcp |
| US | 8.8.8.8:53 | 27.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | createreport.exfoexchange.com | udp |
| US | 8.8.8.8:53 | devicelisting.exfoexchange.com | udp |
| US | 8.8.8.8:53 | createjobreport.exfoexchange.com | udp |
| US | 8.8.8.8:53 | resultbrowser.exfoexchange.com | udp |
| US | 8.8.8.8:53 | homedeviceswrapper.exfoexchange.com | udp |
| US | 8.8.8.8:53 | viewerswrapper.exfoexchange.com | udp |
| US | 8.8.8.8:53 | webcomponent-custom-template-prod-client.s3.amazonaws.com | udp |
| GB | 18.165.201.72:443 | createreport.exfoexchange.com | tcp |
| GB | 108.156.46.46:443 | devicelisting.exfoexchange.com | tcp |
| GB | 108.138.217.24:443 | viewerswrapper.exfoexchange.com | tcp |
| GB | 13.224.132.83:443 | createjobreport.exfoexchange.com | tcp |
| GB | 18.164.68.113:443 | homedeviceswrapper.exfoexchange.com | tcp |
| DE | 52.219.169.115:443 | webcomponent-custom-template-prod-client.s3.amazonaws.com | tcp |
| GB | 99.86.114.23:443 | resultbrowser.exfoexchange.com | tcp |
| US | 8.8.8.8:53 | 72.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.169.219.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o1279347.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o1279347.ingest.sentry.io | tcp |
| US | 34.120.195.249:443 | o1279347.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | ff.exfoapis.com | udp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| NL | 20.50.88.238:443 | dc.services.visualstudio.com | tcp |
| US | 8.8.8.8:53 | 238.88.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 172.217.169.3:443 | tcp | |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.71.105.51.in-addr.arpa | udp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| GB | 23.218.75.88:443 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 142.250.180.2:443 | tcp | |
| GB | 142.250.180.2:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\MSID88D.tmp
| MD5 | 1a42ff9ff5945cb3a3589a74eb683de1 |
| SHA1 | a463b74e1919c3c60a9daf5462de9338b426de9e |
| SHA256 | cde61e213903f7bfb46efe6db64e5946d01cfb169a6859358df20c3302dcd2ed |
| SHA512 | b485a878e43a39934c9715a271f7d5d1612257ef508817feffdf759dfc890bd31ed3c6051a84982f73d3d5915b4739fd3557635b7ce30afdc7b9d29aeb9020bf |
C:\Users\Admin\AppData\Local\Temp\MSID9E6.tmp
| MD5 | 2640e1c49399712536e995c4d3144dce |
| SHA1 | 1bc508458539f4b1947c1cdf6f17e1f7c20aebd7 |
| SHA256 | 14f978cc08214b85557af426efc2ece84b0b77ea502990616f043effbf7342ed |
| SHA512 | 335af96bd9d85b5224709e65789cd9c9a824e53a5094e54f173e13ad8ef9ec84191623558a93a6f83bff9bc20430ac0e26e2f20593f7838b918a78124bad8451 |
C:\Users\Admin\AppData\Local\Temp\MSIDA16.tmp
| MD5 | 7bd433f5a3c6d2d13ca44c317a1556ee |
| SHA1 | 991ba8ed59e0ae44e45251fb583e078ab969c5e4 |
| SHA256 | 765ccdbff230e75109898ab3a44cf0ffb17feca6f6ea8f137251590f64cf222f |
| SHA512 | 75ae703052916ea59e8ef1215d7316392033bc7fb629138b5289e2ac6eaa9b26effc868e1cc18d4962680e5e0d78556660ed72524be4eb12bec375a1f23d9fb2 |
C:\Users\Admin\AppData\Local\Temp\MSIDC3A.tmp
| MD5 | 18e5c693323bc7b09eba8e0fd01c053e |
| SHA1 | fec0fdad9d8759370be13910a370c6ab0a82b669 |
| SHA256 | 3c811c955a228434ca50e404a4204f89e44712738b6f562a983dfb4f35e04582 |
| SHA512 | 9fd38885f0a7fe652aab88b0a3e4eee872e000bd8378c7d9ab6876eb6c0b45572ce51daec15442e36496c2a6e8751ed3273a4a8895042c49ebf2d9e975a65aec |
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISBEW64.exe
| MD5 | 82e1a9d1e3d0107f7e1253fa92f86b10 |
| SHA1 | f8cae61e8d474ba1279baba932b76dc3003ccab6 |
| SHA256 | 7d6a80ad2527b9769742749d091f17865c700452a2cd192b7c6ccac6580a9235 |
| SHA512 | dc569b11c4e22a075a22c6ef0d2f86b8989e76d30dbcb63fc46bfa77f50861b8f8b80e40d49a02f608ffe16fb94681fb0667fdf4bdd3ecfe0e11b40b81bac400 |
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\ISRT.dll
| MD5 | 25ddb7e609d08fe8bc83d452e38bfee1 |
| SHA1 | e7f34c41b9ba7ddd18f7821aa93c305075c53bdf |
| SHA256 | e6daf03f2814583e163372b873a938829f57782d581ee931214c92350d18e903 |
| SHA512 | 99eabdcb2bd1ec77ee5a0a30194b25ca2889bb810572b26b89460caab4dfad7cf65189d2d08054d00723e286188a1004620cf31aa94d8b632dc3d8b65d292c60 |
memory/412-47-0x0000000010000000-0x0000000010112000-memory.dmp
memory/412-52-0x0000000002FE0000-0x00000000031A7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{9B41420A-79E9-413A-95D0-63C2140441A8}\_isres_0x0409.dll
| MD5 | 4f18ab4c0bcc2eda6c5d97bc801402d7 |
| SHA1 | b5786cdc91e50a7f75ccd2a63f59ed565a86694f |
| SHA256 | 919937f108f49eb6d7860717a7abc576c68017e394b8373f01defb2a000cc602 |
| SHA512 | ed5ae3b58b46f9261f264a62b37029ad0362fdaabc6ced9450048e1f748fdff09836c266e706b79c3b2be63d190dfc8d0e94724151471d082df02d7b8a95fcd2 |
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\IsConfig.ini
| MD5 | 267b5fcb549f829cbef8cab902d3bfc5 |
| SHA1 | 11df4d5089d6cf459d9bdb2031bc7d9fd283670f |
| SHA256 | 6410a2fcabc5e14c4e567b629ae6b8446405b1f47a3dc7930ed241db4269fccb |
| SHA512 | 716b7185691d943edf514535d52345b06304bc7d2b36ed516d623a0ee28f396e8f7bb6bfb298d348e0a22b533a9f41d8146c58e60c050ed5809052d8f2880619 |
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\setup.inx
| MD5 | a8227d4f9c54a395f337bd777e066921 |
| SHA1 | e54ecad390a87d63a1330c4e28e1978eb24aae37 |
| SHA256 | bfa73c92a8fed819242abcc088aac5f326d95224645bdde963ef41af2bd6d761 |
| SHA512 | 8841f440399dfd31a97d211a16f9f68d11fe882e236c427b88022820f693cf08d11a3a8d1f3c11e6639b4716ee68e754032d4b52af8e8870c42e7797d0f81fb3 |
memory/412-104-0x0000000010000000-0x0000000010112000-memory.dmp
memory/412-109-0x0000000003020000-0x00000000031E7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{7A766E72-4D4F-4C46-8A34-915C2ADF71DB}\String1033.txt
| MD5 | 04a892d731647d00d7e1af40e7ef0524 |
| SHA1 | 7437487968dea86c9d9f5a8d2fc5e4ca7d524a87 |
| SHA256 | eb087aaeb0737182861c12af07b59e907f398b4371d2690c6976001e456f4528 |
| SHA512 | eeee0fb3a902ef36cb4c19d0304ea44449ac4bc8a2291e5d308592490bb4498f6301b6fe6f900d39a4e47127d8562b1a3483e66796373152c0c519013ed09b05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_C5A668EAE1A9A2F9A84DC3BDED6715D6
| MD5 | 41809226afa71a28bb0bdcae16fb69ad |
| SHA1 | 917fb37f21c76b5d5d17ddb8890cfcdfa2e6884f |
| SHA256 | da921d18f16b00151267321af65d67a080b51b1d766c20d878a5230fb92b5616 |
| SHA512 | c26f8eda0b7e6709d31eac4677e929ddfff1193978be3371d2ed29a2a71111e7f9e8aab3a079a9a62e3d3835a56e5062f67d6203b39a742b4684d7ee4f144bf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_C5A668EAE1A9A2F9A84DC3BDED6715D6
| MD5 | da3fe1a2ae5df3a0afdadccdbe30c2aa |
| SHA1 | 79b350c707194db0a25a15dfa04943da80fb18d3 |
| SHA256 | 3ce62026352a0e5d65ac2cebf9a5120887a2aaf0115a2d592309bb733e5011f8 |
| SHA512 | 30c68a1fa1fad2c317e55d2172f51daa3571c062b79ff30d051137fddd9c515f7ff60e031c77d88da19ef6cea62ef6c512ff1da95831712e84503141496d8009 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 401a65544d40a60e15666662cea04e0e |
| SHA1 | 894c782fe90f65b7273db94ffc334e50729f3f57 |
| SHA256 | 4d6924f5bc0de95d24cb2c3d91e1dacbd9f1f4537ca0c276163432bbb989c999 |
| SHA512 | c8c6cec3c1449ee469cf03cff428aab93cf6d6d0b9041eb520a577d996702d85f001d54ec3c253e96889b9125f0dc8e5d794a19116b8318ad7ae2855da0d07b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 2778e7671ba1185e3306268d8f4a8963 |
| SHA1 | b8fed27d741d59c297fb1d5c7604329c2a7f493e |
| SHA256 | 397937f921b5cc2fc9ff03f23563d3b23a8698d5eb94e061ddb510bc6cd48912 |
| SHA512 | d06b96ec6fd1c48e5c89a04f19a8f9f6378187456e0e0a34464a0506f66db53e1106034557bd0b3deb6685f1a4445cc834b763433d29d5c1eac614a28e67f592 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | b9946fd33563f4fdd945e093f0d53cba |
| SHA1 | c776202bdd96dfcf10d236b199e114a37823ba1b |
| SHA256 | 703a06cb2c231e71ba0b637cd5f126482e908e624409c6cb5a1e9ce643a58016 |
| SHA512 | 2a554ea3650b07cc9b76884e262def1623687cca2bc26e32a72422cb610507fbe1e7536a11032803e5cf3497ba412c43c9c71d13207caee5e80f6833f252456c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 3a91ca8f8b30b86ed45b0fc8555bdac0 |
| SHA1 | b99cb48a7f4bf93f0b1c83e451998ee42c8d1d6e |
| SHA256 | b2f1a644507cd3df0d57eb8c663a2850baf4b2c5d1196e307fe50a816aa03074 |
| SHA512 | e11b4942ef03e7ef29c5fb735729e8bc717c4140af81f2ff23929b0050badf83423d4cfcf32c5a21a17c62f299e97cbcfbd64367130808948653fd893f262a46 |
memory/3916-174-0x0000000010000000-0x0000000010112000-memory.dmp
memory/3916-179-0x0000000003140000-0x0000000003307000-memory.dmp
memory/2424-253-0x000001BB770F0000-0x000001BB77100000-memory.dmp
memory/2424-268-0x000001BB77130000-0x000001BB77138000-memory.dmp
memory/2424-280-0x000001BB77170000-0x000001BB7717A000-memory.dmp
memory/2424-301-0x000001BB77350000-0x000001BB77358000-memory.dmp
memory/2424-307-0x000001BB77370000-0x000001BB77378000-memory.dmp
memory/2424-319-0x000001BB773B0000-0x000001BB773B8000-memory.dmp
memory/2424-316-0x000001BB773A0000-0x000001BB773A8000-memory.dmp
memory/2424-322-0x000001BB773C0000-0x000001BB773C8000-memory.dmp
memory/2424-325-0x000001BB773D0000-0x000001BB773D8000-memory.dmp
memory/2424-313-0x000001BB77390000-0x000001BB77398000-memory.dmp
memory/2424-310-0x000001BB77380000-0x000001BB77388000-memory.dmp
memory/2424-328-0x000001BB773E0000-0x000001BB773E8000-memory.dmp
memory/2424-304-0x000001BB77360000-0x000001BB77368000-memory.dmp
memory/2424-298-0x000001BB77340000-0x000001BB77348000-memory.dmp
memory/2424-295-0x000001BB77330000-0x000001BB7733A000-memory.dmp
memory/2424-292-0x000001BB77320000-0x000001BB77328000-memory.dmp
memory/2424-289-0x000001BB77310000-0x000001BB7731A000-memory.dmp
memory/2424-286-0x000001BB77190000-0x000001BB77198000-memory.dmp
memory/2424-283-0x000001BB77180000-0x000001BB7718A000-memory.dmp
memory/2424-277-0x000001BB77160000-0x000001BB77168000-memory.dmp
memory/2424-274-0x000001BB77150000-0x000001BB77158000-memory.dmp
memory/2424-271-0x000001BB77140000-0x000001BB7714A000-memory.dmp
memory/2424-265-0x000001BB77120000-0x000001BB7712A000-memory.dmp
memory/2424-262-0x000001BB77110000-0x000001BB7711A000-memory.dmp
memory/2424-259-0x000001BB77100000-0x000001BB77108000-memory.dmp
memory/2424-256-0x000001BB77270000-0x000001BB7730C000-memory.dmp
memory/2424-248-0x000001BB770E0000-0x000001BB770EA000-memory.dmp
memory/2424-245-0x000001BB771A0000-0x000001BB77264000-memory.dmp
C:\Windows\Installer\{5D92695F-3DE6-40BB-98E7-365188A4F3EA}\_E33B9AAB_3C10_46C5_B5B5_F73A278152E1
| MD5 | 09a406e6230daff97e563b326a963ff7 |
| SHA1 | 51140e7ff7d7f4a261f47811ba0fc90a9f1d9a65 |
| SHA256 | 0cbe8d7114cc9c6656670a243a82b269b596ffcc4dfbfffeee1503ace1c60e9e |
| SHA512 | dd002f86e466da93d1339cf53d704dfde501c902841763c4ec281947704664d050a8f8ac2287dc3f7c4a888fbdf8910417432d519e7dd0017a2c09eba7b8bc4d |
C:\Program Files\EXFO\FastReporter 3\FastReporter 3.exe
| MD5 | 66337072aad72fd8b9d15a3b21d0ceef |
| SHA1 | 19211054c04adf0483aa24b6aca6f4b77eac580f |
| SHA256 | e369b47fcfb5e1015eb9ce0331999dbef54938ddfd34544e11d7ef842f24f9e7 |
| SHA512 | 54b3c07f114d41236eecae9247560d712bda4a1ec3b48e0205a85a5ab7b42529ed90423336de53464cd06a21ac409c0848381567b345f9e6a7dcb25856d09470 |
C:\Windows\assembly\tmp\H5CAJDRW\Metrino.Kernos.Licensing.Data.dll
| MD5 | 18a7fcbb04bd41afd0a209d4c53c43cb |
| SHA1 | eed255a0f41c370a05e3750d7c56cd0e9015b82e |
| SHA256 | 6450ae14d8d44223ed1de6bf617a878dabadcaa73d88461ab1c9990bed1ffd44 |
| SHA512 | d9f58dc184c2ffa7250009115cc6eb0869284e173ac19336180e9faa981a74d342b767281cdf3163a95d1db0beb2f3082ad5a26ea3b1662b5c30cdeb48a2f41d |
C:\Windows\assembly\tmp\HDTXNZG5\Metrino.Kernos.Licensing.dll
| MD5 | eea0f4aab26ae8927ba409c939228192 |
| SHA1 | cea4ea90271ab8889ea34027d7c4e7339f4f4cd8 |
| SHA256 | 0ee16827d1568b701b9595a201c2d69cc5a23a0521aa62260bc3aa153f5a7008 |
| SHA512 | 519dcbfb9bae980443a6ffcbf34b87ae5e3bf7e0fc32cd1d92afee878eaa6f239d93e08d32238641b394aa83cbb16946d84c981fc1b456b166391f627cbe8290 |
C:\Windows\assembly\GAC_MSIL\Metrino.Kernos.Licensing.resources\2.5.0.0_cs_e1335baed691afe9\Metrino.Kernos.Licensing.resources.dll
| MD5 | 195b90c61c593c956e9b55e72fb30f20 |
| SHA1 | c5674406fd1dfc46a0fc5b6f27959f58fd05958f |
| SHA256 | 1695e5dfad5ef997dd171e81ed6c1e8e32787a21b4a1331dd942625076a5d206 |
| SHA512 | b45a5d9327ca273c6d7f8f34634e84a7190c88a397c99360567b7e9e4c73b609834e1af1d5f2d15c1920db8e7d6bf0569993a7d89be21a1b22559ffe1c67e82e |
C:\Windows\assembly\GAC_MSIL\Metrino.Kernos.Licensing.resources\2.5.0.0_de_e1335baed691afe9\Metrino.Kernos.Licensing.resources.dll
| MD5 | d211676c97f77002b782f3cb0b3ebdc3 |
| SHA1 | 0cea8ee739f8bbbfe7463b4e2d8e41d9ba56f1df |
| SHA256 | 897f15a805099776331d01d9153ed0c50e78c1b6a614a15ef29c086ee53fd377 |
| SHA512 | e7ba2edf7604f8b403ab7d0823804bc79776a5dedfbb1707b979519cf99cce8508667831610a4bfe4e1625f830b101d70c6cc4c90d0526c65327648389f7be26 |
C:\Windows\assembly\GAC_MSIL\Metrino.Kernos.Licensing.resources\2.5.0.0_es_e1335baed691afe9\Metrino.Kernos.Licensing.resources.dll
| MD5 | eb2963bd5deb156d1be87ca582da98f9 |
| SHA1 | 1f99909cd2e7c093afd2e24b1e30f4c7072abdda |
| SHA256 | a74694dd061be75e3da3468e15d5b8e0141bae61c730019d6e33b0a1eced6d8f |
| SHA512 | 5b91f6849141c18dffb5fd1be01f6885e1d2ddc533ec14e64c5b68a7bd538688c4dbc21b2ac1f7af84e15dc613a8b4b494fb161d618274140d2054501402c53f |
C:\Windows\assembly\GAC_MSIL\Metrino.Kernos.Licensing.resources\2.5.0.0_fi-FI_e1335baed691afe9\Metrino.Kernos.Licensing.resources.dll
| MD5 | 0cda6927348051cc0d09eb519e855d96 |
| SHA1 | c7a88cb27ab1145bb016952ee4affb9f5b00f494 |
| SHA256 | acdc7aa028146abdc5d8ff8b7b486fcdd9375b72708ed1704a6904f097af3bd3 |
| SHA512 | 531449288d39047da36d10379bc74e1d175fb4be18b383967c1d1eb89843bbc35f8b6330b0c376ff60cbac87168f49de4d1e22d421c14a1ab9e312c68c8638ab |
C:\Windows\assembly\GAC_MSIL\Metrino.Kernos.Licensing.resources\2.5.0.0_fr_e1335baed691afe9\Metrino.Kernos.Licensing.resources.dll
| MD5 | 46a8a1fd663abac7dc489ac14c385aa7 |
| SHA1 | c17b918517787ebff43b7bb14f52d31c1fa375e8 |
| SHA256 | 7bc608404d787e6aa993897f1ef857c8610e9b8dd1e3eaee67872647c09921ab |
| SHA512 | ec12d38a02574583b7348b8a5becf76c94091dc1931ff0cb68b002806872e01db48c054b5bcbd086d7a4d6d9ff5dd446f553ff90bd349ada7e00b95f7abdb182 |
C:\Windows\assembly\GAC_MSIL\Metrino.Kernos.Licensing.resources\2.5.0.0_hu_e1335baed691afe9\Metrino.Kernos.Licensing.resources.dll
| MD5 | 3329438f18726d60ef1233d7a043f3f6 |
| SHA1 | ce392fe6ff4e34be37e797fd12bdd382b2112984 |
| SHA256 | 2505868c1afd7f736556b6cf1a2c5fb42f2caca06b5a369d94e012329f8f44c1 |
| SHA512 | 8c40ab0e94fe8e0f365e8f867125cbec887bca5ccddf0b30f3cee0e665804ca335daa3e3b446ac1efb04ff8a3232cffcf01cf58c668c8c14907ab8156ff4b14d |
C:\Windows\assembly\GAC_MSIL\Metrino.Kernos.Licensing.resources\2.5.0.0_nb-NO_e1335baed691afe9\Metrino.Kernos.Licensing.resources.dll
| MD5 | d0dbe0325c27bab840f0640e27875c6b |
| SHA1 | e352c30e5d34a34b0c13abe6644610d2d5d7c4d5 |
| SHA256 | 9214cc4506b6744cdaf4780287dc2425c2d25e2b66fa7261988dcd65bc646e68 |
| SHA512 | 5e8d08500d733b6019d286c90ea96d40231af4df241d07281bb0c823ffdfbc3292f4ce51fae4d94c1b62a714273216e7a3d1dde217731d6579263d075fcbb7fd |
C:\Windows\assembly\GAC_MSIL\Metrino.Kernos.Licensing.resources\2.5.0.0_sv_e1335baed691afe9\Metrino.Kernos.Licensing.resources.dll
| MD5 | 58ee2fa849d87b12453ee8411e8a88f7 |
| SHA1 | 721ef593eea02bb301aa518ca3131b1aebef4f06 |
| SHA256 | 476021365cb0caf77e05a706c0ddab895b30fd0e010d17a0eeb88685436c0bf6 |
| SHA512 | 98c2ac0f8d2cec4acd170397a88b841b8060bf8a662a8029ae7ddef8b2f4f7715e51fa62f4e2beddeaf549c9b03a62d56d916a9aa70f52800c9d713355f2903f |
C:\Windows\assembly\GAC_MSIL\Metrino.Kernos.Licensing.resources\2.5.0.0_tr_e1335baed691afe9\Metrino.Kernos.Licensing.resources.dll
| MD5 | 76dd2a332f92713feddaf908bce21674 |
| SHA1 | 70d681cc6e05f585c4ac2e6e497113931c3d3a32 |
| SHA256 | ab5b3e6919cdba74edc08ce523ff1739b2cec2d4c9c62425a978b3e62b0bf92e |
| SHA512 | 473008da319a263bb9e847c098913572efc8a5da3a9ef23dbc10a353dc02b2e92fa9ea33e017f3c8a58ffe512119f6fb178982d2ea1c000fdfe35ad695ff55d9 |
C:\Windows\assembly\GAC_MSIL\policy.1.5.Metrino.Kernos.Licensing\2.5.0.0__e1335baed691afe9\policy.1.5.Metrino.Kernos.Licensing.dll
| MD5 | af79647a4193eb01640edc6be95541a4 |
| SHA1 | b3708cffbb62e85a25d928de068d6b283dbdb697 |
| SHA256 | 8fb5c346917ac42a76916007939ca511cdf16398202bff34b6b4ccb0e4cc64c6 |
| SHA512 | 0e6b1a1f9c9e2d99a2f86b3857ab4df6291b4be42ff69af7412ec009add55d8d4f4103374482b4c4d0d4cee0c320845ef6fc9e8eb1a8af3d0f27b675f77b7cfa |
C:\Windows\assembly\GAC_MSIL\policy.2.0.Metrino.Kernos.Licensing.Data\2.2.0.0__e1335baed691afe9\policy.2.0.Metrino.Kernos.Licensing.Data.dll
| MD5 | 96183eb272c062e4317a7e98b404e2fc |
| SHA1 | c9f48aa5d6c41539a1a216c9509f54495cdd0b91 |
| SHA256 | 328eb46b9c9064001dd7135f7be412377860677d8e52c993834e0a6faab31390 |
| SHA512 | 19f8fa293aec1c30add188511c80e42dfcaaba5b1e7260c93db8411237477c0e433b6e5b20e00a07f156ddb20cf8c50294700a5b4398ab63877ab38627c018c8 |
C:\Windows\assembly\GAC_MSIL\policy.2.0.Metrino.Kernos.Licensing\2.5.0.0__e1335baed691afe9\policy.2.0.Metrino.Kernos.Licensing.dll
| MD5 | 9acfd27074fcc52bac27ec24596143a1 |
| SHA1 | 3d70e31fabd9ce0a6447615ca2bbff107ef38340 |
| SHA256 | e5af7ff0ade3df9f50b3749b699644e9c42c62cad93c140e82f5a54f5a65beb9 |
| SHA512 | cd32d6d5987e12ab5b2d07f0399361f85d4363120ede5c6705dfd15b3cb67d56de3808f419b08034a5753c927e065f5ddf9385042c36c37fed51d918fbebcbc4 |
C:\Windows\assembly\GAC_MSIL\policy.2.1.Metrino.Kernos.Licensing.Data\2.2.0.0__e1335baed691afe9\policy.2.1.Metrino.Kernos.Licensing.Data.dll
| MD5 | 82381fec17033c406e4e6863ae3eecc4 |
| SHA1 | d8669e7c5d8a8ccad337e19f3f89b5c2930fad35 |
| SHA256 | b8b2de638fe383a3affdf57a3e3f57df430f8e8f9df07ab9fabd7e11d97dedd8 |
| SHA512 | 6cbf696a00cf41ec54bfef0bcae79d656a67448b6b627c30ed82d85b767a27f8a05bff61692450827ef2f522c60bb04c5ca27121d7413ac34b1b173ee40af131 |
C:\Windows\assembly\GAC_MSIL\policy.2.1.Metrino.Kernos.Licensing\2.5.0.0__e1335baed691afe9\policy.2.1.Metrino.Kernos.Licensing.dll
| MD5 | 8ba388c4cd39409b08ab8e5981d18d31 |
| SHA1 | a3b6abd95d604210a5f7b8723d61d3e8ad2ee1f2 |
| SHA256 | 2b09fcdfaa94e77a6ca3bef9420e417c0be0d50b2082ae2d35c40ee92e92ba63 |
| SHA512 | fc880ad804099b0d3d2a9aa2e891f9606ad793cc68d3f367672f4d69535199e42900b066540480d8f617642ddd5211531228c250df2bb98d9dd353ef19aa4576 |
C:\Windows\assembly\GAC_MSIL\policy.2.3.Metrino.Kernos.Licensing\2.5.0.0__e1335baed691afe9\policy.2.3.Metrino.Kernos.Licensing.dll
| MD5 | 9db76e3266a7a6080ddd1d9b96b07faf |
| SHA1 | 83b544f4ab19de64b60ac42e7d5492fa7fc5a7fb |
| SHA256 | 5b30e1992e80e60e28c868d9835f56f07b37a55fb38d4ca27a371db164549598 |
| SHA512 | 94194091544a2cc9ac6524b705c51d31e3afed0067f0ed7e2719e2a297036fd6d74204993ac7a37b18c68e35bdb0def26b361df21148b15856e7d3b7db212bdf |
C:\Windows\assembly\GAC_MSIL\policy.2.4.Metrino.Kernos.Licensing\2.5.0.0__e1335baed691afe9\policy.2.4.Metrino.Kernos.Licensing.dll
| MD5 | a076f405e6b160771801167d08954ea8 |
| SHA1 | 418b7822d1938517d646f8a3606cd2f737017eef |
| SHA256 | c4fc2962faf2804886fb4e6cf1ca7801bae1b454d4bcb26bab1c50732a71d398 |
| SHA512 | b899cf95ed1e068cb243076d3cbce45329b40a89243eed2df9e4a3b7478c921d92d38a4a1ee99cf5ab957a4defe2b294280a9255787dc39e972dc34bfc0b7a63 |
C:\Config.Msi\e58340c.rbs
| MD5 | 157c0a2405b71b6559b5dfadc89b5fbb |
| SHA1 | 77648397c3df75e82b5ecc6c204b435583dec569 |
| SHA256 | 5d3b209891e2f9c9954ba271ce7a3c5ce317e4ea49843d937f8f751f87a4e6db |
| SHA512 | 867901c996d54a72c62e24a5d83d95c88ab267f875b0a688a07f3e14b347790618f1078d621e3529cd3dba85d00435486de3935f37fd5f0811d344edcbddd667 |
memory/536-1724-0x000001A62B570000-0x000001A62BA52000-memory.dmp
memory/536-1725-0x000001A62D700000-0x000001A62D72C000-memory.dmp
memory/536-1727-0x000001A645EE0000-0x000001A645F70000-memory.dmp
memory/536-1726-0x000001A62D730000-0x000001A62D74E000-memory.dmp
memory/536-1728-0x000001A62D5C0000-0x000001A62D5C6000-memory.dmp
memory/536-1729-0x000001A62D5D0000-0x000001A62D5DA000-memory.dmp
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\user.config
| MD5 | 469b4291db4cb4b0b32be85136bc37cd |
| SHA1 | de9ab9d902508af578bcaa40bae83406d4c8d14a |
| SHA256 | 3c4beee5b720c4d48b7e3e2a54add948e7f9834bcf2eceea67fe467ad3abb4e5 |
| SHA512 | d7e41e42929c3a3b85ca15b1b5ce781ebbf6bfbdd324880ceac06715e57931c9d6532d26ae3b4b0f146cb148c80e6b5440fe346d1f0f41c5865e7e3eeb871fcd |
memory/536-1735-0x000001A646DD0000-0x000001A647340000-memory.dmp
memory/536-1736-0x000001A646880000-0x000001A646894000-memory.dmp
memory/536-1738-0x000001A6468F0000-0x000001A64693A000-memory.dmp
memory/536-1737-0x000001A646980000-0x000001A646A5C000-memory.dmp
memory/536-1739-0x000001A646A60000-0x000001A646C1F000-memory.dmp
memory/2868-1743-0x0000020B9BC80000-0x0000020B9BDA0000-memory.dmp
memory/536-1742-0x000001A649570000-0x000001A649948000-memory.dmp
memory/2868-1741-0x0000020B81660000-0x0000020B81666000-memory.dmp
memory/536-1750-0x000001A648740000-0x000001A648772000-memory.dmp
memory/536-1749-0x000001A649190000-0x000001A649232000-memory.dmp
memory/536-1752-0x000001A646970000-0x000001A646980000-memory.dmp
memory/536-1751-0x000001A646DB0000-0x000001A646DCC000-memory.dmp
memory/536-1753-0x000001A64B5B0000-0x000001A64B7AE000-memory.dmp
memory/536-1761-0x000001A64BC10000-0x000001A64BD68000-memory.dmp
memory/536-1762-0x000001A64BAB0000-0x000001A64BB48000-memory.dmp
memory/536-1760-0x000001A64B530000-0x000001A64B57A000-memory.dmp
memory/536-1764-0x000001A64BE40000-0x000001A64BF10000-memory.dmp
memory/536-1763-0x000001A649510000-0x000001A64953C000-memory.dmp
memory/536-1759-0x000001A64B410000-0x000001A64B46A000-memory.dmp
memory/536-1758-0x000001A64B910000-0x000001A64B9C0000-memory.dmp
memory/536-1757-0x000001A64B9E0000-0x000001A64BAA4000-memory.dmp
memory/536-1756-0x000001A64B860000-0x000001A64B904000-memory.dmp
memory/536-1755-0x000001A64B470000-0x000001A64B52E000-memory.dmp
memory/536-1754-0x000001A64B3B0000-0x000001A64B404000-memory.dmp
memory/536-1765-0x000001A649540000-0x000001A64956A000-memory.dmp
memory/536-1766-0x000001A64B580000-0x000001A64B5AC000-memory.dmp
memory/536-1767-0x000001A64BBE0000-0x000001A64BC02000-memory.dmp
memory/536-1774-0x000001A64B820000-0x000001A64B842000-memory.dmp
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\wcabgfdz.newcfg
| MD5 | cd3af70debb634be6671899ddf52366f |
| SHA1 | e1b15f6123b09443eede934d4e68fb596f5c7536 |
| SHA256 | b1d628650f70159995decc44424e2ddde6bd3aeebb805613485633152a89ef57 |
| SHA512 | e1d0f77c45f0d06719a3802e1859c7260f917e288fc05a27b1162fd480a76eb37c4e7efa611abadeee1bab2695760a6b69ba41b2768e2c5427de908d01e5c91b |
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\dguztrib.newcfg
| MD5 | 0807f972cce2c84a49059cf63acbfb6e |
| SHA1 | 9c84682662d8a79607aaa24caaae477d2108edd7 |
| SHA256 | a2acd50ba0d5bf0bddab624b2ed057b845eb32eef07a8009a1ce0aff1f7cc742 |
| SHA512 | 1e1755cebd36a05df7c460000d4252bfd3f0999e91e91b61894687d2ed506767af266c7524ddd3eb1d60cae82dd7fbf1b37bb7bafc20282c2206f29dbca95134 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\user.config
| MD5 | 3a91466161e87c5e7eba8b4efc48b412 |
| SHA1 | 753bfd2f05dd337b356c2ad187cb7ced36e11b34 |
| SHA256 | 3136a3a2d789aebbc87257d67f85a0299edfddc341c33cbeea4546d0d26deeed |
| SHA512 | b2f197f87a0ea539de4f0008139cd831fd5287a3fa112b06eaca373c9d1d29fdd227a1c6cc680e17efa1e09334edc18b277da8fb4f20caffed63a1cede613e7c |
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\user.config
| MD5 | 8068c15594430e760b751e1ecb4f7809 |
| SHA1 | bab4471b604ab822299da666c4182f89ea23236a |
| SHA256 | 5566efcece4cf581730b5245a36640be3b67257f3ff56a046725d534d16c4c64 |
| SHA512 | f432f0e9b7ff8b8a6fb1f768ad217b46d27c4bbae509d3c502df48269eac77aec6a2a9f4289c09d5bb2f465d59c212fdf8da6122debd6a22ba3658715d0e84d6 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\user.config
| MD5 | c0918adfc228a5bd29b755b9b99c0ad3 |
| SHA1 | aacd05d24622f919ad656a85c0e4169d8272efed |
| SHA256 | 95903ed244b6d7c8fcba1b99ef79d202126c7efa9813a9b3bbaffff69a7feb8d |
| SHA512 | cb9428c9add1a337231ac1b0a4d0eaaeece61e1947602310a94f89e074868e12227f9e46fde33247093d2fd82ca24cc5c41a41504bdcab57101f89ae77e737a5 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\dtbembp0.newcfg
| MD5 | 6a45c3822a988e0b8bfd22ebb2196be6 |
| SHA1 | 64f7434f46681599a8bf0ae50b5d5c4fd8c0e3e9 |
| SHA256 | ad76eb6dcca8b3700a79850909ccdc8b15def76935998808655301608008c9b8 |
| SHA512 | cb5cff42d1f18329c93347bcf1438944b95100f1d9159a3a8e1d171a1175bfae3f8df7ead86e74109d824b3b33f8f05683f0e71cc55b7e70d87ec7788365f354 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\a1pwogmx.newcfg
| MD5 | 16670cf1d656a3fb3eded6a6c4fc4c56 |
| SHA1 | 8741b51d222d66b69396eb7a07baa01de2ccfafd |
| SHA256 | 643104363c8f062c50c237519d4523cf5187068b3f4727785deffeda003eeb9f |
| SHA512 | a3957462fc6215afc7fdb4509b518c8c6b2afa2b1b6eb967541fa8e54b069f7225e50eee1c6f2bd21cbd76ee464e6de15b0073a0418f921fb4cb94a939dc9633 |
memory/536-2154-0x000001A64C7F0000-0x000001A64C812000-memory.dmp
memory/636-2156-0x000001FEF82A0000-0x000001FEF83EE000-memory.dmp
memory/2868-2155-0x0000020B9BB30000-0x0000020B9BC7E000-memory.dmp
memory/536-2157-0x0000000002000000-0x000000000253C000-memory.dmp
C:\ProgramData\SafeNet Sentinel\Sentinel LDK\bb017031-ba38-4e2c-da80-d7d4b4795f32\.434e4631\.gfh6chl6
| MD5 | 92aef7b9389e2f251203bbdfdd16ed61 |
| SHA1 | 268c6d1d61c895c4218e8511256f6bdbf868b1f0 |
| SHA256 | 0a9c2252fc9ebcb0e64c8e5e1ae6e3d100769abcc68358967fcf0f4a0aced809 |
| SHA512 | 96cecc4e17b3a1e20b7b35d7f1da67b9ecdfca4bc32a9f4d204e1f56117b6b3d82852327dbb9e0956305469e877d9159cbc2aa5bbf160121083df21386954a99 |
memory/536-2169-0x000001A64D120000-0x000001A64D1DC000-memory.dmp
memory/536-2173-0x000001A64D060000-0x000001A64D0A8000-memory.dmp
memory/536-2174-0x000001A64D0B0000-0x000001A64D112000-memory.dmp
memory/536-2175-0x000001A64DFB0000-0x000001A64ED76000-memory.dmp
memory/536-2176-0x000001A64DAB0000-0x000001A64DB78000-memory.dmp
memory/536-2180-0x000001A64D9E0000-0x000001A64DA0E000-memory.dmp
memory/536-2182-0x000001A64D9E0000-0x000001A64DA00000-memory.dmp
memory/536-2181-0x000001A64CBE0000-0x000001A64CC0C000-memory.dmp
memory/536-2183-0x000001A64DA40000-0x000001A64DA78000-memory.dmp
memory/536-2184-0x000001A64DA00000-0x000001A64DA22000-memory.dmp
memory/536-2185-0x000001A64F2B0000-0x000001A64F7D8000-memory.dmp
memory/536-2190-0x000001A64DA80000-0x000001A64DA92000-memory.dmp
memory/536-2191-0x000001A64DC40000-0x000001A64DCF2000-memory.dmp
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\user.config
| MD5 | 4c750e36f2af00963aff0eec6a764a93 |
| SHA1 | 86dd0ff842a00932ed94a1dbd708fed87ce17a10 |
| SHA256 | 095298c13c9759ac590240ffd11a88b640e64fc7960635e0afc507e52296ccc8 |
| SHA512 | 9ac23823b8e65b8e49fd7aca33ba06202dd31e70df176c68fde3e9256dee051d26bfddb105e1cc6d926de58e4e3f8c0198c72d52a28b88d85fded050bf487058 |
memory/536-2205-0x000001A64DD00000-0x000001A64DDC6000-memory.dmp
memory/536-2206-0x000001A64BD70000-0x000001A64BDBC000-memory.dmp
memory/536-2209-0x000001A64BBB0000-0x000001A64BBC4000-memory.dmp
memory/536-2210-0x000001A64BDC0000-0x000001A64BDD2000-memory.dmp
memory/536-2211-0x000001A64BDE0000-0x000001A64BDFA000-memory.dmp
memory/536-2212-0x000001A64C710000-0x000001A64C724000-memory.dmp
memory/536-2213-0x000001A64DEC0000-0x000001A64DFA2000-memory.dmp
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\user.config
| MD5 | 681a81d38ac235bbc5f27233742bb8f7 |
| SHA1 | 0ba5c0acd3cd9160671cf016da3e1b6bd8dadd7b |
| SHA256 | 1cb8add0c45ab25232a702105c7ed45e36a6ccaeb25d13eafba91ade34abaf0b |
| SHA512 | f276a315232e123a4a8b10ce7aa7efbc6781ead887c8653eb51a411c3ca2021ff5dbfe482d1b57f03b0045ff56b3a586ff84ad15863acbaab1b55caf04220716 |
memory/536-2230-0x000001A64C780000-0x000001A64C7D0000-memory.dmp
C:\ProgramData\SafeNet Sentinel\Sentinel LDK\bb017031-ba38-4e2c-da80-d7d4b4795f32\.544f4b4e
| MD5 | f2dd0dedb2c260419ece4a9e03b2e828 |
| SHA1 | 0aaf76f425c6e0f43a36197de768e67d9e035abb |
| SHA256 | 26b25d457597a7b0463f9620f666dd10aa2c4373a505967c7c8d70922a2d6ece |
| SHA512 | fecd7b408089255b3467dc1f7231cc6388c9e1c65dcaa5e50f3b460235d18bc44033b08184018b65ac013fdae68c0088381644a6302b9d89e468f57ff9a005dd |
memory/536-2235-0x000001A64DDD0000-0x000001A64DE58000-memory.dmp
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\user.config
| MD5 | 32bef503f8fc5723ff858ed63716cd88 |
| SHA1 | 461a5db677d3483a22a78e8ed81c8a7abfa3c23f |
| SHA256 | 920f1c76b209c77abcbf3c42705b4af3c4eb3d9bb6a1bc3906fc54068e28eaf5 |
| SHA512 | 424cd9c7ebdf48e04977bd9248a3c7c25fe79fb92a43c852c75951f3161bc5d210dfe8cdbcad43e9f70895b22640d1d6310d58dddd824d7aa07784ad5ffd839d |
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\2ncoy4ml.newcfg
| MD5 | 541c82b8ebcd9ea8c54bb4229e4a716d |
| SHA1 | 1a550f0d68de9d1ebce81aee96d494b6015c11b6 |
| SHA256 | 101017adc9fc647e111f1cc7ef8bae483b5343e3eaee46f81aace9dddc667c21 |
| SHA512 | 6d83f92239254e4ae6a4dd0f245e20bc3965d68e89524c43808e122a3fb25c124c36ab7a27ae10b0dbe5b88d3c1002a39dff19f837109ace5e6cea41d6146d21 |
memory/536-2261-0x000001A6503E0000-0x000001A6504D8000-memory.dmp
memory/536-2262-0x000001A6504E0000-0x000001A650666000-memory.dmp
C:\Users\Admin\AppData\Local\Metrino\FastReporter\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Metrino\FastReporter\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/536-2288-0x000001A64EE80000-0x000001A64EEBC000-memory.dmp
memory/2940-2305-0x0000026798980000-0x0000026798ACE000-memory.dmp
C:\Users\Admin\AppData\Local\Metrino\FastReporter\Cache\Cache_Data\f_00000a
| MD5 | 5ac828ee8e3812a5b225161caf6c61da |
| SHA1 | 86e65f22356c55c21147ce97903f5dbdf363649f |
| SHA256 | b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7 |
| SHA512 | 87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6 |
C:\Users\Admin\AppData\Local\Metrino\FastReporter\LocalPrefs.json~RFe5964fa.TMP
| MD5 | 483272af83ce4bcc02d9b73af1ef762f |
| SHA1 | b7b281bff71bd1b2a55e628cdb372e0bbedab35f |
| SHA256 | 047d9b244049dfede5ae35158ac43cee35017cee12669f7cd7a01790395f27d2 |
| SHA512 | 2dfe06edb7ab468c8743b46fea3982d05745dda294bd61edc9d9b3f07b54e104514a52354fd00962ad115627b6d041d5b1ec8c3422266c4b7cdae14a24bf82dd |
C:\Users\Admin\AppData\Local\Metrino\FastReporter\LocalPrefs.json
| MD5 | 89060e292db78c2dcc5ec8781791b1df |
| SHA1 | eabf8e7f81bcefb1777d37f0bdc3318ad20a9706 |
| SHA256 | 673cf898c06f9760e2a0eddf779a8a650d437f4cefb35481888c73627577f092 |
| SHA512 | ad345297bf7dd00909b6ee0e1479830c3b1044aee48e34c87bcde8afb45477053855c3d6180932df770b002ed3ce5002846b5cf98cde6dfd7d53bf47b9783f83 |
memory/4536-2388-0x000001E8BCF70000-0x000001E8BD0BE000-memory.dmp
memory/3816-2389-0x0000029A730F0000-0x0000029A7323E000-memory.dmp
memory/1012-2392-0x000001E4A0E00000-0x000001E4A0F4E000-memory.dmp
memory/4560-2394-0x00000235E29E0000-0x00000235E2B2E000-memory.dmp
memory/3284-2395-0x000001859B9A0000-0x000001859BAEE000-memory.dmp
memory/3556-2393-0x0000020E76C40000-0x0000020E76D8E000-memory.dmp
memory/536-2396-0x0000000002000000-0x000000000253C000-memory.dmp
C:\Users\Admin\AppData\Local\Metrino\FastReporter\Code Cache\js\index-dir\the-real-index
| MD5 | 89d708772d3682d4b9082f6b6f6dcc6f |
| SHA1 | 0e56fcb040673bd89e7971dbb05ecea8dacff46e |
| SHA256 | 3f779a55e083057bbda4bd36a54196afaa016d35ae3719cc85d57b8cf63ed729 |
| SHA512 | 6fd4d5da1279e3e92d355c141c3fd0698f5ac8a046708a052415995b95ee6f450ae7cf4344568cc2b3e2d2857c7dcf14d9bbaa85ace70b176170848fb719ec62 |
C:\Users\Admin\AppData\Local\Metrino\FastReporter\Code Cache\js\index-dir\the-real-index
| MD5 | 954e31c0e4e584afeee704cee5592b56 |
| SHA1 | bb22b2ec7ca572cc5d935161f8a084e81527a280 |
| SHA256 | 4c366c57ab52da0d0fb2d12f35e64d763652a3fcfd4cb056f350291ffa1dc24a |
| SHA512 | 0fd65b9815420c7ad0a25268f7a0ea485a8f9e1c05bb02eae81583e6cc9fbf0a11cbdcebcd509f4f58ee6028eee6dce29b62b4ab8a614c772bb0c026b002cb64 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter_3.exe_Url_231df2hvydkweyexmz1nlpserqusgins\3.14.0.24103\u4mcvjnp.newcfg
| MD5 | 0689dea15bf2c238b6151299dbc5bfdd |
| SHA1 | c55f1d29c959c1d841cdfd4bb5c1c2b728cd8a64 |
| SHA256 | d59f71362f18485961d50c7b814c5bc801a257865bb56b0636eb1cf9bea25f84 |
| SHA512 | a8f73abd873b6a4d82bd1d877a248b49344bdf9ad216f5753e5bb75cbc485dc0bd579072c4bc2c25fdc56107ab601a8a5f71372bb98c94e03b1d5b42de3428c5 |
memory/536-2429-0x000001A648FC0000-0x000001A648FD8000-memory.dmp
memory/536-2430-0x000001A649030000-0x000001A64907A000-memory.dmp
memory/536-2431-0x000001A648FB0000-0x000001A648FBE000-memory.dmp
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Crashpad\settings.dat
| MD5 | 9230a4d3bf507e73a98ac730231caf6a |
| SHA1 | cda909be021ab2cfe5ba023e7d7e2d82964c9fb2 |
| SHA256 | f67403b290a2b327ef42063f052c234e0993c47486b9530d6f6588e453e7f1fb |
| SHA512 | 889e9c45bab30befddb32cee95292b1c464d6fd95a63f134940112bed02bff8d544374f78641a398188644d8894b30c19fe712391eb02f90bd50318ebff6e9bf |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\GrShaderCache\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\GrShaderCache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\GrShaderCache\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Crashpad\settings.dat
| MD5 | e075de5e0f95ef98a08f9c033fd8bde2 |
| SHA1 | 1298999a4f6842b555b856be22b20cefc0ad191b |
| SHA256 | cebe30e8d56fcdd6f80f8e4fdc9cbf433b72e94940afa66825222b30ef0ff4cc |
| SHA512 | ba5a79b760a0ce02eddc87a02a55ccd864b550df88d7fb5fd5a3e35219948eee97f5f7dd4ece88d10102a30ce61df1d55327a5f1341d2e7c35d28b952f594922 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Default\Preferences
| MD5 | 9fcccc07a29a9d2f80dab7bd4b607d4c |
| SHA1 | 96a622807b04fe45ee93f7f684c73d4c45b2995b |
| SHA256 | 5fd229200e8cb3896db0849ea7e321128d39bd19f433e43d4b8546902f526263 |
| SHA512 | 833f23bf87e4433a2ae238bd21974b5f284d8743d5b020bb8685e373068f5d1b1de3b5887d10447c0ecbcf075b91c6625facb5d2ca788f9cb45e16bed609d606 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Default\Preferences~RFe59aba7.TMP
| MD5 | 26fc1c95a37a208d88ea7e1246d2c943 |
| SHA1 | 1eb4410d9e8e438500d0ef69e9aecf34b6898636 |
| SHA256 | bad258b1422c7ff7f3e6bc72650547a2b2f2795fa117e99d2eec8a3d1d6613ff |
| SHA512 | 360693add54e99d6795b29ccfe747a29854164d5db5df8236b2d3d3ef608c3bd898d7c40859e9367092b610afe1872d49d113deff97f112c8755d0d8d0f68d6a |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Default\Microsoft Edge.lnk
| MD5 | 23fbbca784ad11d64be2af944f1bfe1a |
| SHA1 | ef334ea99c087761c35025c3ef6623791f03869e |
| SHA256 | 34f34c7d00c638b47e601112e4eba4eaee510fe9ce8179920abe625482f9e773 |
| SHA512 | 8077b533651c8d977f3ba86d62a4c98717eeb8f663b9207f6422cb01c2db687a8832b36d0bc9753feae34bf4b65fae245d95eee838eb6f68054960d6a0db0218 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\ab7b1d8a-239c-4ddf-9dff-0fc70e65eedf.tmp
| MD5 | a1b346f273c3bf059c2d12abd62c7bbb |
| SHA1 | 3390c469dbe6215e52eb7e44a702396913cd2821 |
| SHA256 | 8dc7e53531d8e48c0a08bc8494183d98e74deee7e2b0d2de9f80559925421836 |
| SHA512 | 2639f70758c7477d9a55d27a116ff4a458b773a691d4e0774b7a8848ca523a8dae2dd7a7066d6d4b59100460f2821f3641b0764d345e1ca329f638d358320118 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Default\Preferences
| MD5 | e4f2f263b5909c15681e98308843d5bc |
| SHA1 | 92d479d07135d72d5146874a03d93c353f6b9e4d |
| SHA256 | 57006b51650f863264da8e42d714aef646b50687490ccc72e18207ee129887f1 |
| SHA512 | 75d324d76d05e65068d7a3832bf35d10f98a8e3c15575163364f8129bf249e12e6a2df477734125ccd65bd11b6af87f4c45ed0ce13551d80b9fe36df186c5d18 |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Default\Secure Preferences
| MD5 | b0ce6ee8e8f53b301a0d3796db33a2dc |
| SHA1 | ebe7b8d794876be5f759677bd741abf695d6599b |
| SHA256 | d567aaeab2e78c49be2c9a8c6f5eccd3e3c7cda494fd25de56e2f4bc382c907c |
| SHA512 | 68abd85fbf108583404fa7cb0717a105a5492ef46c25f6e2c9a26cb1d8430108b17b98b4ea93d73bbc7e9c4312f26be85d0665e97c85532dea6e1a1f1d02bb1d |
C:\Users\Admin\AppData\Local\EXFO\FastReporter 3\3.14.0.24103+58a685f2cd8661b12ac5ce1ea1dbb878e01efb64\fredge\Default\Secure Preferences~RFe59b31a.TMP
| MD5 | c6a16455aa4255e52be886bbaa5452c9 |
| SHA1 | 0a8c2aae578937444cd717ee3dc3c0c1c0156868 |
| SHA256 | e3ded2c80cc87c83018cf1771c4c4f31cd92099ed5fe660b461c8aa8fa67d9d2 |
| SHA512 | 3268c2c957d046fd898d5ad5adef4ada1abe9de4d0a3dc100a935e8a1fe874ab99dc9e5b4f767fd62bbc1b0809f17760ae98d0508e6272adcbb2eeccbaf5a170 |
C:\Users\Admin\AppData\Local\Metrino\FastReporter\Network\TransportSecurity
| MD5 | 890e823c4f0df928c1195a3670454c21 |
| SHA1 | 9f8fecc1c9c5a965b95df281c7f09bafc0bd8fc8 |
| SHA256 | 67f3462ae5c6d99266226ea295bb17962811bad0b74c20802c341ad115af5d9e |
| SHA512 | 4bc6ca4c948f105f9da251e945c96ec1afb34ae3ad183906d3ee0c798d77400db08318c90069a939206a30f19c6c964f42e9118e1655769afd4972aa582a0752 |
C:\Users\Admin\AppData\Local\Metrino\FastReporter\Network\TransportSecurity~RFe59b4c0.TMP
| MD5 | 422d376f1719f120b82c8159b927356e |
| SHA1 | c42dfe063969ef1e3cebac86c4176f1237ae661a |
| SHA256 | a8c62e01f1f71bc911d74a8b842dcd0f3f60df5382fe77d70c72bc655699788b |
| SHA512 | e4a30749bf1eb477b2a724e8cbe0508dda995b7fb7fa6ada168d43589b4b6bd141a0f8659d85c61d06789871d4c88f9099d9cc1a70e3a4146e4e5287a8f6a0d1 |
C:\Users\Admin\AppData\Local\Metrino\FastReporter\LocalPrefs.json
| MD5 | ddedc35ba8473e60be70010c6e77908d |
| SHA1 | de3bcc9c10474eb4093b8ff4327e9c849ba65163 |
| SHA256 | 1591399f1790808bd5ab77cb47237421d43e0c18308c39299bd3f57043139358 |
| SHA512 | 38c0991ddc1a724256148f8f8615b8ff8c5d3eebc49f4b27134dc61f9e02f6fd20e4fe0e01bc6a01e5d2518be40c2f387fc0056b54443947772a77c73b22fece |
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-24 20:14
Reported
2024-07-24 20:24
Platform
win7-20240708-en
Max time kernel
118s
Max time network
137s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\setup.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe
"C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe"
C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\setup.exe
C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\setup.exe /q"C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}" /IS_temp
Network
Files
C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\_ISMSIDEL.INI
| MD5 | e64cadaf2ff4c4335b15adc269127b33 |
| SHA1 | f00d0481fea815a4b1e96b5d1feee53c343ad321 |
| SHA256 | f1b87fe890b69a6a7bcb6aa8e383eadb56fa3e61f3b91bcc0d831cc99769965c |
| SHA512 | d84ed1bcbb05e491628419b794f5297e04c171946e40edc84c99a4561879894515e369b2ac4eb679bddd5f5d9d87d242c26743c1eb57763dd1c73e3fcbb5c155 |
C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\Setup.INI
| MD5 | 8efeb9239e2d0474bbd5b3017a056886 |
| SHA1 | 74e594d14bfde28c9722ac29888f0138682a4a88 |
| SHA256 | e28e1a2ff079398438083f96eaa4bd30f2fe3169d4d19ba578a4c179e800b1d0 |
| SHA512 | 7a965db7d3c250d7b6578230933c60b6034cdf93ed382c780eebee2cf08f08049cdb2ef7a7640da7a0cdfee6f09766de7e46e81ae4756d19efb0648143e04a09 |
C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\0x0409.ini
| MD5 | a108f0030a2cda00405281014f897241 |
| SHA1 | d112325fa45664272b08ef5e8ff8c85382ebb991 |
| SHA256 | 8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948 |
| SHA512 | d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-24 20:14
Reported
2024-07-24 20:24
Platform
win10v2004-20240709-en
Max time kernel
141s
Max time network
155s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\U: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\MSIEXEC.EXE | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{09F31861-225D-482B-AE5D-FC38E42DCF07}\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe
"C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe"
C:\Users\Admin\AppData\Local\Temp\{09F31861-225D-482B-AE5D-FC38E42DCF07}\setup.exe
C:\Users\Admin\AppData\Local\Temp\{09F31861-225D-482B-AE5D-FC38E42DCF07}\setup.exe /q"C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{09F31861-225D-482B-AE5D-FC38E42DCF07}" /IS_temp
C:\Windows\system32\MSIEXEC.EXE
"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\EXFO FastReporter 3 (64 Bit).msi" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit" SETUPEXENAME="setup.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0DCED71F8C9429E74F2587A2C1662350 C
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E1AED955-9640-4244-BA69-29D9780E309C}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9FDAFB57-8B15-47BD-9AD3-0BBEDFA1DC77}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B25253E8-14DC-46F0-B512-058D6A965C32}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C116791F-ED47-46FD-B547-D40C660C9077}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{17E3B5E7-DD07-40E0-A356-21114BC74C34}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CADC09A1-517C-44B6-92AB-D42D4F276985}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E92449DE-B78B-4233-B846-A2D6EE557152}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EDA9C45B-F7B9-4A3D-8CF1-516F29CBD2DC}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1493968F-79D9-4580-8A4D-C1FCBE104035}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B34BD31-2E0A-482F-BDEC-9A1CC5576D2F}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EA611C44-A01A-47A8-917A-C625F2588411}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7BC14FC4-34E7-4B2D-AC45-52FC04F5FC64}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7D04F02A-B601-448F-BEE8-D82521ECBCAC}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DA968AAE-675E-4E44-A4CD-17AC0D4ACD94}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C8B27B08-FAF0-4EF5-91F4-BA137106FAC9}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2219B7F2-455F-4FB5-86E9-63F486FB2A3F}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EC0B28DB-D93A-4B22-ACD5-30B734B8806A}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5BBB68E9-4F5D-41AD-B201-AA9238CC99C3}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A8702874-7599-4279-949E-43D1A75D5F9E}
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C5061124-C5F6-4321-86A5-A04914472A03}
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\{09F31861-225D-482B-AE5D-FC38E42DCF07}\Setup.INI
| MD5 | 8efeb9239e2d0474bbd5b3017a056886 |
| SHA1 | 74e594d14bfde28c9722ac29888f0138682a4a88 |
| SHA256 | e28e1a2ff079398438083f96eaa4bd30f2fe3169d4d19ba578a4c179e800b1d0 |
| SHA512 | 7a965db7d3c250d7b6578230933c60b6034cdf93ed382c780eebee2cf08f08049cdb2ef7a7640da7a0cdfee6f09766de7e46e81ae4756d19efb0648143e04a09 |
C:\Users\Admin\AppData\Local\Temp\{09F31861-225D-482B-AE5D-FC38E42DCF07}\_ISMSIDEL.INI
| MD5 | bbe12d7397a6d9323a4418f142f540dc |
| SHA1 | 77145160c520f15c1c6908bbebf37517bcd42b05 |
| SHA256 | c8c93cbc6fbb35279c8f60798978ab49d3d9b7764cef8773639db97c1b237583 |
| SHA512 | b105929d1179f49dec7def5f4bb2ad7976af27f9669bc99e466fbdee8450a4deb80de5f6a408db78763d61633d9b9056d502ca119af4da44869e5dc9d1227b37 |
C:\Users\Admin\AppData\Local\Temp\{09F31861-225D-482B-AE5D-FC38E42DCF07}\0x0409.ini
| MD5 | a108f0030a2cda00405281014f897241 |
| SHA1 | d112325fa45664272b08ef5e8ff8c85382ebb991 |
| SHA256 | 8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948 |
| SHA512 | d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298 |
C:\Users\Admin\AppData\Local\Temp\issB78A.tmp
| MD5 | 18e5c693323bc7b09eba8e0fd01c053e |
| SHA1 | fec0fdad9d8759370be13910a370c6ab0a82b669 |
| SHA256 | 3c811c955a228434ca50e404a4204f89e44712738b6f562a983dfb4f35e04582 |
| SHA512 | 9fd38885f0a7fe652aab88b0a3e4eee872e000bd8378c7d9ab6876eb6c0b45572ce51daec15442e36496c2a6e8751ed3273a4a8895042c49ebf2d9e975a65aec |
C:\Users\Admin\AppData\Local\Temp\MSID060.tmp
| MD5 | 1a42ff9ff5945cb3a3589a74eb683de1 |
| SHA1 | a463b74e1919c3c60a9daf5462de9338b426de9e |
| SHA256 | cde61e213903f7bfb46efe6db64e5946d01cfb169a6859358df20c3302dcd2ed |
| SHA512 | b485a878e43a39934c9715a271f7d5d1612257ef508817feffdf759dfc890bd31ed3c6051a84982f73d3d5915b4739fd3557635b7ce30afdc7b9d29aeb9020bf |
C:\Users\Admin\AppData\Local\Temp\MSID0FE.tmp
| MD5 | 7bd433f5a3c6d2d13ca44c317a1556ee |
| SHA1 | 991ba8ed59e0ae44e45251fb583e078ab969c5e4 |
| SHA256 | 765ccdbff230e75109898ab3a44cf0ffb17feca6f6ea8f137251590f64cf222f |
| SHA512 | 75ae703052916ea59e8ef1215d7316392033bc7fb629138b5289e2ac6eaa9b26effc868e1cc18d4962680e5e0d78556660ed72524be4eb12bec375a1f23d9fb2 |
C:\Users\Admin\AppData\Local\Temp\MSID0ED.tmp
| MD5 | 2640e1c49399712536e995c4d3144dce |
| SHA1 | 1bc508458539f4b1947c1cdf6f17e1f7c20aebd7 |
| SHA256 | 14f978cc08214b85557af426efc2ece84b0b77ea502990616f043effbf7342ed |
| SHA512 | 335af96bd9d85b5224709e65789cd9c9a824e53a5094e54f173e13ad8ef9ec84191623558a93a6f83bff9bc20430ac0e26e2f20593f7838b918a78124bad8451 |
C:\Users\Admin\AppData\Local\Temp\{40C96115-98A2-410D-B1F9-7E4FB762B61C}\IsConfig.ini
| MD5 | 267b5fcb549f829cbef8cab902d3bfc5 |
| SHA1 | 11df4d5089d6cf459d9bdb2031bc7d9fd283670f |
| SHA256 | 6410a2fcabc5e14c4e567b629ae6b8446405b1f47a3dc7930ed241db4269fccb |
| SHA512 | 716b7185691d943edf514535d52345b06304bc7d2b36ed516d623a0ee28f396e8f7bb6bfb298d348e0a22b533a9f41d8146c58e60c050ed5809052d8f2880619 |
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\setup.inx
| MD5 | a8227d4f9c54a395f337bd777e066921 |
| SHA1 | e54ecad390a87d63a1330c4e28e1978eb24aae37 |
| SHA256 | bfa73c92a8fed819242abcc088aac5f326d95224645bdde963ef41af2bd6d761 |
| SHA512 | 8841f440399dfd31a97d211a16f9f68d11fe882e236c427b88022820f693cf08d11a3a8d1f3c11e6639b4716ee68e754032d4b52af8e8870c42e7797d0f81fb3 |
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISBEW64.exe
| MD5 | 82e1a9d1e3d0107f7e1253fa92f86b10 |
| SHA1 | f8cae61e8d474ba1279baba932b76dc3003ccab6 |
| SHA256 | 7d6a80ad2527b9769742749d091f17865c700452a2cd192b7c6ccac6580a9235 |
| SHA512 | dc569b11c4e22a075a22c6ef0d2f86b8989e76d30dbcb63fc46bfa77f50861b8f8b80e40d49a02f608ffe16fb94681fb0667fdf4bdd3ecfe0e11b40b81bac400 |
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\ISRT.dll
| MD5 | 25ddb7e609d08fe8bc83d452e38bfee1 |
| SHA1 | e7f34c41b9ba7ddd18f7821aa93c305075c53bdf |
| SHA256 | e6daf03f2814583e163372b873a938829f57782d581ee931214c92350d18e903 |
| SHA512 | 99eabdcb2bd1ec77ee5a0a30194b25ca2889bb810572b26b89460caab4dfad7cf65189d2d08054d00723e286188a1004620cf31aa94d8b632dc3d8b65d292c60 |
memory/3352-135-0x0000000010000000-0x0000000010112000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\_isres_0x0409.dll
| MD5 | 4f18ab4c0bcc2eda6c5d97bc801402d7 |
| SHA1 | b5786cdc91e50a7f75ccd2a63f59ed565a86694f |
| SHA256 | 919937f108f49eb6d7860717a7abc576c68017e394b8373f01defb2a000cc602 |
| SHA512 | ed5ae3b58b46f9261f264a62b37029ad0362fdaabc6ced9450048e1f748fdff09836c266e706b79c3b2be63d190dfc8d0e94724151471d082df02d7b8a95fcd2 |
memory/3352-139-0x0000000003720000-0x00000000038E7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{34E9AE17-7B2D-4AE6-840C-19AD0318B093}\String1033.txt
| MD5 | 04a892d731647d00d7e1af40e7ef0524 |
| SHA1 | 7437487968dea86c9d9f5a8d2fc5e4ca7d524a87 |
| SHA256 | eb087aaeb0737182861c12af07b59e907f398b4371d2690c6976001e456f4528 |
| SHA512 | eeee0fb3a902ef36cb4c19d0304ea44449ac4bc8a2291e5d308592490bb4498f6301b6fe6f900d39a4e47127d8562b1a3483e66796373152c0c519013ed09b05 |
memory/3352-169-0x0000000010000000-0x0000000010112000-memory.dmp
memory/3352-172-0x0000000003760000-0x0000000003927000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-24 20:14
Reported
2024-07-24 20:24
Platform
win7-20240704-en
Max time kernel
7s
Max time network
45s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\Data1.cab
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-24 20:14
Reported
2024-07-24 20:24
Platform
win10v2004-20240709-en
Max time kernel
134s
Max time network
166s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\Data1.cab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-24 20:14
Reported
2024-07-24 20:24
Platform
win7-20240705-en
Max time kernel
122s
Max time network
135s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\EXFO FastReporter 3 (64 Bit).msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 57B2CE29D7C1F524277142D986D015AD C
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4A91A35E-2BEA-4A4D-9031-9B62BB0F8F2B}
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{54B8F966-C75D-4715-B76F-62C44F7C932A}
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9FAB8910-6959-4E1E-A260-BDD178CF77E1}
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{178DABD7-5641-4F4E-8EDF-54D00B9477A0}
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0DA7E6A8-6528-4506-9B57-0E790338B687}
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F6C638D5-6483-4A35-9CA9-9E6A8892F9B6}
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F28C2F28-7858-4BF0-9AFD-E7F9B27F1EA0}
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{17BC4E5A-A599-4127-9BA9-1624EB31A1A2}
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EC5DBB97-F228-48A4-AB34-E8CAD8877D48}
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7E723CBE-35CB-4C53-BF26-C706C86EEB3D}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5E26FB14-D2DD-4A68-8691-B97FCBF8FA57}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2A233AE9-651E-4957-AA2D-6DFEDD023948}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0EFE0BFC-0772-4252-9429-C2A768EBF2FE}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E8A3C232-DB71-4EA3-93F3-6AED83916C94}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2B5D66D7-E620-4461-85EA-CCF9622DF37D}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D562F546-D0BF-4E30-A6FA-1CCF9EA5FF73}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E44EE5A2-D199-49EB-8F2C-8C01C4847293}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{28168447-4243-4ECA-872B-E2DE42B833CC}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{378B5550-BA53-4D5A-B4F0-C0B43924948F}
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A940508D-B93F-4889-A763-2F04B87AE5EC}
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCF71.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCF74.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\MSID27E.tmp
| MD5 | 1a42ff9ff5945cb3a3589a74eb683de1 |
| SHA1 | a463b74e1919c3c60a9daf5462de9338b426de9e |
| SHA256 | cde61e213903f7bfb46efe6db64e5946d01cfb169a6859358df20c3302dcd2ed |
| SHA512 | b485a878e43a39934c9715a271f7d5d1612257ef508817feffdf759dfc890bd31ed3c6051a84982f73d3d5915b4739fd3557635b7ce30afdc7b9d29aeb9020bf |
C:\Users\Admin\AppData\Local\Temp\MSID2EC.tmp
| MD5 | 2640e1c49399712536e995c4d3144dce |
| SHA1 | 1bc508458539f4b1947c1cdf6f17e1f7c20aebd7 |
| SHA256 | 14f978cc08214b85557af426efc2ece84b0b77ea502990616f043effbf7342ed |
| SHA512 | 335af96bd9d85b5224709e65789cd9c9a824e53a5094e54f173e13ad8ef9ec84191623558a93a6f83bff9bc20430ac0e26e2f20593f7838b918a78124bad8451 |
C:\Users\Admin\AppData\Local\Temp\MSID30C.tmp
| MD5 | 7bd433f5a3c6d2d13ca44c317a1556ee |
| SHA1 | 991ba8ed59e0ae44e45251fb583e078ab969c5e4 |
| SHA256 | 765ccdbff230e75109898ab3a44cf0ffb17feca6f6ea8f137251590f64cf222f |
| SHA512 | 75ae703052916ea59e8ef1215d7316392033bc7fb629138b5289e2ac6eaa9b26effc868e1cc18d4962680e5e0d78556660ed72524be4eb12bec375a1f23d9fb2 |
C:\Users\Admin\AppData\Local\Temp\MSID3B9.tmp
| MD5 | 18e5c693323bc7b09eba8e0fd01c053e |
| SHA1 | fec0fdad9d8759370be13910a370c6ab0a82b669 |
| SHA256 | 3c811c955a228434ca50e404a4204f89e44712738b6f562a983dfb4f35e04582 |
| SHA512 | 9fd38885f0a7fe652aab88b0a3e4eee872e000bd8378c7d9ab6876eb6c0b45572ce51daec15442e36496c2a6e8751ed3273a4a8895042c49ebf2d9e975a65aec |
\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISBEW64.exe
| MD5 | 82e1a9d1e3d0107f7e1253fa92f86b10 |
| SHA1 | f8cae61e8d474ba1279baba932b76dc3003ccab6 |
| SHA256 | 7d6a80ad2527b9769742749d091f17865c700452a2cd192b7c6ccac6580a9235 |
| SHA512 | dc569b11c4e22a075a22c6ef0d2f86b8989e76d30dbcb63fc46bfa77f50861b8f8b80e40d49a02f608ffe16fb94681fb0667fdf4bdd3ecfe0e11b40b81bac400 |
\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\ISRT.dll
| MD5 | 25ddb7e609d08fe8bc83d452e38bfee1 |
| SHA1 | e7f34c41b9ba7ddd18f7821aa93c305075c53bdf |
| SHA256 | e6daf03f2814583e163372b873a938829f57782d581ee931214c92350d18e903 |
| SHA512 | 99eabdcb2bd1ec77ee5a0a30194b25ca2889bb810572b26b89460caab4dfad7cf65189d2d08054d00723e286188a1004620cf31aa94d8b632dc3d8b65d292c60 |
memory/2424-121-0x0000000010000000-0x0000000010112000-memory.dmp
\Users\Admin\AppData\Local\Temp\{9CE69754-B96B-4175-826A-B68C1F101ABA}\_isres_0x0409.dll
| MD5 | 4f18ab4c0bcc2eda6c5d97bc801402d7 |
| SHA1 | b5786cdc91e50a7f75ccd2a63f59ed565a86694f |
| SHA256 | 919937f108f49eb6d7860717a7abc576c68017e394b8373f01defb2a000cc602 |
| SHA512 | ed5ae3b58b46f9261f264a62b37029ad0362fdaabc6ced9450048e1f748fdff09836c266e706b79c3b2be63d190dfc8d0e94724151471d082df02d7b8a95fcd2 |
memory/2424-124-0x00000000031C0000-0x0000000003387000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\IsConfig.ini
| MD5 | 267b5fcb549f829cbef8cab902d3bfc5 |
| SHA1 | 11df4d5089d6cf459d9bdb2031bc7d9fd283670f |
| SHA256 | 6410a2fcabc5e14c4e567b629ae6b8446405b1f47a3dc7930ed241db4269fccb |
| SHA512 | 716b7185691d943edf514535d52345b06304bc7d2b36ed516d623a0ee28f396e8f7bb6bfb298d348e0a22b533a9f41d8146c58e60c050ed5809052d8f2880619 |
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\setup.inx
| MD5 | a8227d4f9c54a395f337bd777e066921 |
| SHA1 | e54ecad390a87d63a1330c4e28e1978eb24aae37 |
| SHA256 | bfa73c92a8fed819242abcc088aac5f326d95224645bdde963ef41af2bd6d761 |
| SHA512 | 8841f440399dfd31a97d211a16f9f68d11fe882e236c427b88022820f693cf08d11a3a8d1f3c11e6639b4716ee68e754032d4b52af8e8870c42e7797d0f81fb3 |
memory/2424-184-0x0000000010000000-0x0000000010112000-memory.dmp
memory/2424-187-0x0000000003150000-0x0000000003317000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{F580A081-BE13-446C-87EC-C980A81F1E55}\String1033.txt
| MD5 | 04a892d731647d00d7e1af40e7ef0524 |
| SHA1 | 7437487968dea86c9d9f5a8d2fc5e4ca7d524a87 |
| SHA256 | eb087aaeb0737182861c12af07b59e907f398b4371d2690c6976001e456f4528 |
| SHA512 | eeee0fb3a902ef36cb4c19d0304ea44449ac4bc8a2291e5d308592490bb4498f6301b6fe6f900d39a4e47127d8562b1a3483e66796373152c0c519013ed09b05 |