725089d4c563cb99d1ebefd54128b4cd60411db05d175b8ee996823d525c5b33

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Silverlight5.exe
Size

6.6MB
MD5

43478a6a7a03f282c4a48222b4d631b4
SHA1

f0c3c1bce3802addca966783a33db1b668261fb5
SHA256

dd45a55419026c592f8b6fc848dceface7e1ce98720bf13848a2e8ae366b29e8
SHA512

1f8b07d3954935d23ec5a9a930badb65782b55ac84847af8573349360d17b4a929dc998188b5650b3cd9955edf75fb2a373b81ebe8bca7e15563013f7a0a3f24
SSDEEP

196608:sV00eQaPgdCYb/Nxj56MQwpx7oljKTQ5JePjx30L54:sW0zaPoCM/j595x06mePd30l4

Score

8^/10

discovery

Malware Config

Signatures

Manipulates Digital Signatures 1 TTPs 24 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "c:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "C:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "C:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPGetSignedDataMsg"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPVerifyIndirectData"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "c:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "C:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPPutSignedDataMsg"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_IsFileSupportedName"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPPutSignedDataMsg"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "c:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPGetSignedDataMsg"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPRemoveSignedDataMsg"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "C:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "c:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "c:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPRemoveSignedDataMsg"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "c:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPCreateIndirectData"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_IsFileSupportedName"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPCreateIndirectData"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "C:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\FuncName = "XAP_CryptSIPVerifyIndirectData"	install.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}\Dll = "C:\\Program Files (x86)\\Microsoft Silverlight\\xapauthenticodesip.dll"	install.exe

Executes dropped EXE 33 IoCs

pid	Process
2160	install.exe
2940	MSIE2A.tmp
1620	coregen.exe
2776	coregen.exe
2628	coregen.exe
1888	silverlight.configuration.exe
2128	coregen.exe
572	coregen.exe
1168	coregen.exe
1332	coregen.exe
2904	coregen.exe
1184	coregen.exe
556	coregen.exe
1784	coregen.exe
1748	coregen.exe
2064	coregen.exe
2180	coregen.exe
408	coregen.exe
1720	coregen.exe
1132	coregen.exe
1112	coregen.exe
1176	coregen.exe
944	coregen.exe
1816	coregen.exe
792	coregen.exe
2996	coregen.exe
2376	coregen.exe
3024	coregen.exe
1984	coregen.exe
1516	coregen.exe
1676	coregen.exe
1640	coregen.exe
1804	coregen.exe

Loads dropped DLL 64 IoCs

pid	Process
2148	Silverlight5.exe
2160	install.exe
2160	install.exe
1996	MsiExec.exe
1996	MsiExec.exe
2160	install.exe
2972	rundll32.exe
2972	rundll32.exe
2972	rundll32.exe
2972	rundll32.exe
2160	install.exe
1620	coregen.exe
1620	coregen.exe
1620	coregen.exe
1620	coregen.exe
1620	coregen.exe
2160	install.exe
2776	coregen.exe
2776	coregen.exe
2776	coregen.exe
2776	coregen.exe
2776	coregen.exe
2776	coregen.exe
2776	coregen.exe
2160	install.exe
2628	coregen.exe
2628	coregen.exe
2628	coregen.exe
2628	coregen.exe
2628	coregen.exe
2628	coregen.exe
2628	coregen.exe
2628	coregen.exe
2628	coregen.exe
2160	install.exe
2160	install.exe
1888	silverlight.configuration.exe
2128	coregen.exe
2128	coregen.exe
2128	coregen.exe
2128	coregen.exe
2160	install.exe
572	coregen.exe
572	coregen.exe
572	coregen.exe
572	coregen.exe
572	coregen.exe
572	coregen.exe
572	coregen.exe
2160	install.exe
1168	coregen.exe
1168	coregen.exe
1168	coregen.exe
1168	coregen.exe
1168	coregen.exe
1168	coregen.exe
1168	coregen.exe
1168	coregen.exe
1168	coregen.exe
2160	install.exe
1332	coregen.exe
1332	coregen.exe
1332	coregen.exe
1332	coregen.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\uk\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\sv\system.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\ko\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\he\mscorrc.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\mscorlib.ni.dll	coregen.exe
File opened for modification	C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.Windows.ni.dll	coregen.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\hr\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\sr-Cyrl-CS\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\lv\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\de\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\th\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.Windows.Browser.ni.dll	coregen.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\fr\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\lt\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\bg\system.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.Windows.ni.dll	coregen.exe
File opened for modification	C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.ni.dll	coregen.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\sl\system.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\zh-Hant\system.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\nl\system.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\uk\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\el\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\he\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\ja\system.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\th\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\no\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\eu\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\fi\system.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\sl\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\ro\system.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\cs\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\sr-Cyrl-CS\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\ar\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\Microsoft.Xna.Framework.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\ms\system.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\lv\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\cs\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\da\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\el\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\pt-BR\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\zh-Hans\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.Net.ni.dll	coregen.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\ja\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\he\system.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\hr\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\it\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\fi\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\vi\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\mscorlib.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.ServiceModel.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\pt-BR\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.ServiceModel.Web.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\es\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\eu\mscorrc.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\ja\mscorlib.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.ni.dll	coregen.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.Windows.RuntimeHost.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\nl\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\tr\mscorlib.resources.dll	msiexec.exe
File created	\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\id\Microsoft.VisualBasic.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.Windows.RuntimeHost.ni.dll	coregen.exe

Drops file in Windows directory 23 IoCs

description	ioc	Process
File opened for modification	\??\c:\Windows\Installer\f770918.ipi	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\f77091b.msp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE0A.tmp	msiexec.exe
File created	\??\c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll	msiexec.exe
File created	\??\c:\Windows\Installer\f770915.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA4F.tmp	msiexec.exe
File created	\??\c:\Windows\Installer\f77091a.msi	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0	msiexec.exe
File opened for modification	C:\Windows\WindowsUpdate.log	silverlight.configuration.exe
File created	\??\c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon	msiexec.exe
File created	\??\c:\Windows\Installer\f77091b.msp	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll	msiexec.exe
File created	\??\c:\Windows\Installer\f770921.msp	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\f770915.msi	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\	msiexec.exe
File created	\??\c:\Windows\Installer\f77091e.ipi	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\f77091e.ipi	msiexec.exe
File opened for modification	C:\Windows\WindowsUpdate.log	install.exe
File created	\??\c:\Windows\Installer\f770918.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE2A.tmp	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\f770921.msp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 35 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Silverlight5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	install.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	silverlight.configuration.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coregen.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG\sllauncher.exe = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\sllauncher.exe = "6"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{32C73088-76AE-40F7-AC40-81F62CB2C1DA}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{32C73088-76AE-40F7-AC40-81F62CB2C1DA}\AlternateCLSID = "{DFEAF541-F3E1-4c24-ACAC-99C30715084A}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}\Policy = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}\AppPath = "c:\\Program Files (x86)\\Microsoft Silverlight\\5.0.61118.0\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\sllauncher.exe = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\sllauncher.exe = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\sllauncher.exe = "6"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}\AppName = "Silverlight.Configuration.exe"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ\sllauncher.exe = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\sllauncher.exe = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\sllauncher.exe = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\sllauncher.exe = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE\sllauncher.exe = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}\AppName = "agcp.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}\AppPath = "c:\\Program Files (x86)\\Microsoft Silverlight\\5.0.61118.0\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\sllauncher.exe = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{32C73088-76AE-40F7-AC40-81F62CB2C1DA}\Compatibility Flags = "1024"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}\Policy = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\sllauncher.exe = "8000"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION\sllauncher.exe = "1"	msiexec.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DFEAF541-F3E1-4c24-ACAC-99C30715084A}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{1FB839CC-116C-4C9B-AE8E-3DBB6496E326}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ro\|mscorlib.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|el\|Microsoft.VisualBasic.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|el\|Microsoft.VisualBasic.resources.dll\Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitectur = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e006d003d00430079002800460031002d0072003f006000400063005e00750036002d0066004000490000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|fi\|Microsoft.VisualBasic.resources.dll\Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitectur = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e0072006700280038003f004e002b0063003d003d0078002800600026004d007a00510037005d00540000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DFEAF541-F3E1-4c24-ACAC-99C30715084A}\MiscStatus\1	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|bg\|mscorlib.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|cs\|mscorlib.resources.dll\mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0. = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e002600780033003f00210035006500690021003f007e0029007a00450044007e003d003f007d005e0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|pt-BR\|mscorlib.resources.dll\mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5 = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e00210064005b0038007200470054006000730040003f00570037006e0074003d00210029003200280000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ca\|system.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|sl\|system.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{1FB839CC-116C-4C9B-AE8E-3DBB6496E326}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|zh-Hant\|mscorlib.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|he\|mscorlib.resources.dll\mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0. = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e0053005e0042002a0077007700460050003300410069005f006b0026005200260063002a005800300000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|hr\|mscorlib.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|sv\|mscorlib.resources.dll\mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0. = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e003300430077004c00710027006f00260079003d0040007100280079005f00300036002a006800320000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|sr-Latn-CS\|system.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ar\|Microsoft.VisualBasic.resources.dll\Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitectur = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e006600540073007700750043006600340047003f00520029006a005a004300210030004d0053002b0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MIME\Database\Content Type\application/x-silverlight-2	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AgControl.AgControl.5.0	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|fr\|system.resources.dll\system.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0.6111 = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e0065006e006f0058002e00570063004c0027003f003d00590056004300290063004f0029004700620000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ko\|Microsoft.VisualBasic.resources.dll\Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitectur = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e0035007e002700480056007b0062004b0040003f0057003f003300440075006500550025003400750000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ru\|mscorlib.resources.dll\mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0. = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e006b002a0042007000540073005a0055005a0041005a0059006500210071002b004400660074006f0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|cs\|system.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|hu\|system.resources.dll\system.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0.6111 = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e00620034004e004200290024002c002e0028003f0071006e006e005f0042006f003d0029005f004b0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|vi\|system.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|hr\|Microsoft.VisualBasic.resources.dll\Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitectur = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e00630049006300710069005300620049006b004000490025005a003d006c0037005f005a007500260000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|lt\|Microsoft.VisualBasic.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|lv\|Microsoft.VisualBasic.resources.dll	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\LastUsedSource = "n;1;c:\\70a0d9e2e3eb280b13\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{283C8576-0726-4DBC-9609-3F855162009A}\5.0\FLAGS\ = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1FB839CC-116C-4C9B-AE8E-3DBB6496E326}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DFEAF541-F3E1-4c24-ACAC-99C30715084A}\MiscStatus\ = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|th\|mscorlib.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ms\|system.resources.dll\system.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0.6111 = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e00570032005100700055005b00400032007300380061006b0052003100730045004c0037007900540000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|uk\|system.resources.dll\system.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0.6111 = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e0030002100370037007800370064006000620039002c004a0063007e0046005400790075006000270000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|es\|mscorlib.resources.dll\mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0. = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e005d003d007d0040005b005b0027007d007b0038007500260075006a005b003700540076002600240000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|hu\|mscorlib.resources.dll\mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0. = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e005a006f0048002800430042003700290050003d0044004b00370025006e002800620027005500510000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|et\|system.resources.dll\system.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0.6111 = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e00320075005700520047004c002d004f007700400047005e0040005e0068004800350062006b00620000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ja\|Microsoft.VisualBasic.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Typelib\{283C8576-0726-4DBC-9609-3F855162009A}\5.0	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{EE38D0F1-5AE3-408C-A6BF-8410E645F376}\ProxyStubClsid	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|hr\|mscorlib.resources.dll\mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0. = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e00360024003d002a005000710065007100660038003d00270035003f006d004b004d00740057003d0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|sr-Latn-CS\|mscorlib.resources.dll\mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersi = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e003d00320073006a00580046006a00600051003d005200740046004f00740045004d007b006c005e0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|zh-Hans\|system.resources.dll\system.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0 = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e005f0059006400210076005d006f004b0053003f007600740036006d006500730073005e0033002b0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|nl\|system.resources.dll\system.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.0.6111 = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e007000330063004900380034007d00700027004000550039006800500057003200570062006900630000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|uk\|Microsoft.VisualBasic.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|pl\|system.resources.dll	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4AE2841C3D7016247914C7DE6E8A2CA5\D7314F9862C648A4DB8BE2A5B47BE100	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|zh-Hans\|mscorlib.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|tr\|system.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ca\|Microsoft.VisualBasic.resources.dll\Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitectur = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e0045002e002a0040004f004f00640044006b0040002a006300250041003500280079003d005900600000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|pt\|Microsoft.VisualBasic.resources.dll\Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitectur = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e006400520032002e00610048005300430025003900490064007500690027007d0030005f005100300000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{EE38D0F1-5AE3-408C-A6BF-8410E645F376}\ProxyStubClsid32	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ja\|Microsoft.VisualBasic.resources.dll\Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitectur = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e007a007e005400590041005500740079002c004000520050003500360064006100750053004100210000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|hr\|Microsoft.VisualBasic.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|it\|system.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|eu\|system.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|ro\|system.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:\|Program Files (x86)\|Microsoft Silverlight\|5.0.61118.0\|no\|Microsoft.VisualBasic.resources.dll\Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitectur = 3300500067004400540030002400670079003f007e00440063007d00440049005d003f002600210043006f006d0070006c0065007400650035002e0030002e00360031003100310038002e0030003e006100740061004b004e006000630079002b003d0026005a0067005e006d005500440031007600780000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Patches\7A7FFB02FB4E7E4488243D1990374C9B	msiexec.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2796	msiexec.exe
2796	msiexec.exe
2796	msiexec.exe
2796	msiexec.exe
2160	install.exe
2160	install.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2160	install.exe
Token: SeIncreaseQuotaPrivilege	2160	install.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeSecurityPrivilege	2796	msiexec.exe
Token: SeCreateTokenPrivilege	2160	install.exe
Token: SeAssignPrimaryTokenPrivilege	2160	install.exe
Token: SeLockMemoryPrivilege	2160	install.exe
Token: SeIncreaseQuotaPrivilege	2160	install.exe
Token: SeMachineAccountPrivilege	2160	install.exe
Token: SeTcbPrivilege	2160	install.exe
Token: SeSecurityPrivilege	2160	install.exe
Token: SeTakeOwnershipPrivilege	2160	install.exe
Token: SeLoadDriverPrivilege	2160	install.exe
Token: SeSystemProfilePrivilege	2160	install.exe
Token: SeSystemtimePrivilege	2160	install.exe
Token: SeProfSingleProcessPrivilege	2160	install.exe
Token: SeIncBasePriorityPrivilege	2160	install.exe
Token: SeCreatePagefilePrivilege	2160	install.exe
Token: SeCreatePermanentPrivilege	2160	install.exe
Token: SeBackupPrivilege	2160	install.exe
Token: SeRestorePrivilege	2160	install.exe
Token: SeShutdownPrivilege	2160	install.exe
Token: SeDebugPrivilege	2160	install.exe
Token: SeAuditPrivilege	2160	install.exe
Token: SeSystemEnvironmentPrivilege	2160	install.exe
Token: SeChangeNotifyPrivilege	2160	install.exe
Token: SeRemoteShutdownPrivilege	2160	install.exe
Token: SeUndockPrivilege	2160	install.exe
Token: SeSyncAgentPrivilege	2160	install.exe
Token: SeEnableDelegationPrivilege	2160	install.exe
Token: SeManageVolumePrivilege	2160	install.exe
Token: SeImpersonatePrivilege	2160	install.exe
Token: SeCreateGlobalPrivilege	2160	install.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeRestorePrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2160	2148	Silverlight5.exe	31
PID 2148 wrote to memory of 2160	2148	Silverlight5.exe	31
PID 2148 wrote to memory of 2160	2148	Silverlight5.exe	31
PID 2148 wrote to memory of 2160	2148	Silverlight5.exe	31
PID 2148 wrote to memory of 2160	2148	Silverlight5.exe	31
PID 2148 wrote to memory of 2160	2148	Silverlight5.exe	31
PID 2148 wrote to memory of 2160	2148	Silverlight5.exe	31
PID 2796 wrote to memory of 2940	2796	msiexec.exe	33
PID 2796 wrote to memory of 2940	2796	msiexec.exe	33
PID 2796 wrote to memory of 2940	2796	msiexec.exe	33
PID 2796 wrote to memory of 2940	2796	msiexec.exe	33
PID 2796 wrote to memory of 1996	2796	msiexec.exe	34
PID 2796 wrote to memory of 1996	2796	msiexec.exe	34
PID 2796 wrote to memory of 1996	2796	msiexec.exe	34
PID 2796 wrote to memory of 1996	2796	msiexec.exe	34
PID 2796 wrote to memory of 1996	2796	msiexec.exe	34
PID 2796 wrote to memory of 1996	2796	msiexec.exe	34
PID 2796 wrote to memory of 1996	2796	msiexec.exe	34
PID 2160 wrote to memory of 2972	2160	install.exe	35
PID 2160 wrote to memory of 2972	2160	install.exe	35
PID 2160 wrote to memory of 2972	2160	install.exe	35
PID 2160 wrote to memory of 2972	2160	install.exe	35
PID 2160 wrote to memory of 2972	2160	install.exe	35
PID 2160 wrote to memory of 2972	2160	install.exe	35
PID 2160 wrote to memory of 2972	2160	install.exe	35
PID 2160 wrote to memory of 1620	2160	install.exe	36
PID 2160 wrote to memory of 1620	2160	install.exe	36
PID 2160 wrote to memory of 1620	2160	install.exe	36
PID 2160 wrote to memory of 1620	2160	install.exe	36
PID 2160 wrote to memory of 1620	2160	install.exe	36
PID 2160 wrote to memory of 1620	2160	install.exe	36
PID 2160 wrote to memory of 1620	2160	install.exe	36
PID 2160 wrote to memory of 2776	2160	install.exe	39
PID 2160 wrote to memory of 2776	2160	install.exe	39
PID 2160 wrote to memory of 2776	2160	install.exe	39
PID 2160 wrote to memory of 2776	2160	install.exe	39
PID 2160 wrote to memory of 2776	2160	install.exe	39
PID 2160 wrote to memory of 2776	2160	install.exe	39
PID 2160 wrote to memory of 2776	2160	install.exe	39
PID 2160 wrote to memory of 2628	2160	install.exe	41
PID 2160 wrote to memory of 2628	2160	install.exe	41
PID 2160 wrote to memory of 2628	2160	install.exe	41
PID 2160 wrote to memory of 2628	2160	install.exe	41
PID 2160 wrote to memory of 2628	2160	install.exe	41
PID 2160 wrote to memory of 2628	2160	install.exe	41
PID 2160 wrote to memory of 2628	2160	install.exe	41
PID 2160 wrote to memory of 1888	2160	install.exe	43
PID 2160 wrote to memory of 1888	2160	install.exe	43
PID 2160 wrote to memory of 1888	2160	install.exe	43
PID 2160 wrote to memory of 1888	2160	install.exe	43
PID 2160 wrote to memory of 1888	2160	install.exe	43
PID 2160 wrote to memory of 1888	2160	install.exe	43
PID 2160 wrote to memory of 1888	2160	install.exe	43
PID 2160 wrote to memory of 2128	2160	install.exe	44
PID 2160 wrote to memory of 2128	2160	install.exe	44
PID 2160 wrote to memory of 2128	2160	install.exe	44
PID 2160 wrote to memory of 2128	2160	install.exe	44
PID 2160 wrote to memory of 2128	2160	install.exe	44
PID 2160 wrote to memory of 2128	2160	install.exe	44
PID 2160 wrote to memory of 2128	2160	install.exe	44
PID 2160 wrote to memory of 572	2160	install.exe	46
PID 2160 wrote to memory of 572	2160	install.exe	46
PID 2160 wrote to memory of 572	2160	install.exe	46
PID 2160 wrote to memory of 572	2160	install.exe	46

C:\Users\Admin\AppData\Local\Temp\Silverlight5.exe
"C:\Users\Admin\AppData\Local\Temp\Silverlight5.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2148
- \??\c:\70a0d9e2e3eb280b13\install.exe
  c:\70a0d9e2e3eb280b13\install.exe
  2⤵
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\SLMSPRBootstrap.dll",SetupPlayReadyData
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2972
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" mscorlib.dll
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:1620
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.dll
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:2776
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Core.dll
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2628
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\silverlight.configuration.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\silverlight.configuration.exe" -enableMU
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1888
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" mscorlib.dll
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2128
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.dll
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:572
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Core.dll
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1168
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Net.dll
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:1332
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Xml.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2904
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Net.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1184
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Xml.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:556
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Runtime.Serialization.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1784
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Runtime.Serialization.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1748
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.ServiceModel.Web.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2064
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.ServiceModel.Web.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2180
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" Microsoft.Xna.Framework.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1720
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" Microsoft.Xna.Framework.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:408
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" Microsoft.Xna.Framework.Graphics.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1132
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" Microsoft.Xna.Framework.Graphics.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1112
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" Microsoft.Xna.Framework.Graphics.Shaders.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1176
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" Microsoft.Xna.Framework.Graphics.Shaders.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:944
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Windows.dll
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:1816
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Windows.dll
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:792
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Windows.Xna.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2996
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.ServiceModel.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2376
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Windows.Xna.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3024
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.ServiceModel.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1984
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Windows.RuntimeHost.dll
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:1516
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Windows.RuntimeHost.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1676
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Windows.Browser.dll
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:1640
- - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe
    "C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe" System.Windows.Browser.dll
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1804

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\Installer\MSIE2A.tmp
  "C:\Windows\Installer\MSIE2A.tmp" flat
  2⤵
  - Executes dropped EXE
  PID:2940
- \??\c:\Windows\syswow64\MsiExec.exe
  c:\Windows\syswow64\MsiExec.exe -Embedding 89A57D7417FCAD038886DCD953815285
  2⤵
  - Manipulates Digital Signatures
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\70a0d9e2e3eb280b13\Silverlight.7z

Filesize
6.4MB

MD5
6d5016bd44884d74ed5b3187b1905dd6

SHA1
a9d1ff683713cca7b60a723146abc47ae913b746

SHA256
e1b87b9959826c12ecb1e6dcbd38a0fc86c4401aa5236d74ab4bf254485d1962

SHA512
b8f30773b4b715e717629af7cdaeef72679473f84fbea3417e5fcd6ee239fded694eddaf23a7a3f2ea439e5c9240048166ba48eb96f58b532c05c466d047753b

Download Submit
C:\Config.Msi\f770919.rbs

Filesize
7KB

MD5
b4c8847bbaf212dca95a46eb8d225268

SHA1
9a315439a0f54eb021d868029bd689d1b1e65ad9

SHA256
3665a24520ba5c748a64ef2199c12dfd7010c60d4a7dc75959b33627c7218fe3

SHA512
3ca7953143f9c288ec19637bcfd36e20da81a9970aa02fcb0b7d528037016b265f434bb31034d18bf5d0c47598be0137b8414b1d995772763b64322035abd6b8

Download Submit
C:\Config.Msi\f77091f.rbs

Filesize
127KB

MD5
51328000bc7a8d78bf788752bb0a4611

SHA1
f52462a06ad118794ce508eaf35a16188234841e

SHA256
91a7f7cf2ba2b06d8d5815e22e2d0d65f48a2b473b66c790f89bbc8c02261432

SHA512
ee4cbe88f3f7b895b41ce710ce946d17c3453f3292c0fbae5c2514bc144702306e0ad5adbeea4739e00f2ebcc7c7a6126f73f8e1e1df2534554cea3ce720b1cb

Download Submit
C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\Silverlight.Configuration.exe

Filesize
230KB

MD5
7275f709bfd357b9c4c761e8d45808fa

SHA1
49702f760df93d64a452c233bcb63dbff38652a7

SHA256
e9756dc1f0711094203a112a3e9b7ce7deff5de294743e6e1f75b70aa6474238

SHA512
5f78564e7cdf1eb44f4806b9d6f4404e99dc5c85d253b0deff48797d24c225cc9ab40a863362a721fbba393037e24a91a972e7136a170a2f485b3592d3d77795

Download Submit
C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.ni.dll

Filesize
649KB

MD5
bcc9019fb53dde0f0178d9eb2ca774bd

SHA1
935cee6ce774c045a3e122ec00f55b415dfd61e6

SHA256
35ddba8d831eadde64851e21755dc00946bb991c7486c04d796bed4ca7ed0b73

SHA512
39b4b4677b74b3ba3d93b63ae10ecfee1e53b4b4330d44c2d01d86a4a37e1b604f94a8b22a29612891d295769be4e7b8c4ed850096b59d68f672813f566bf436

Download Submit
C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coreclr.dll

Filesize
3.4MB

MD5
584d7fcc57035426f6891de8e37d3dae

SHA1
48a082b771104768ab07c639a92b278b949209e2

SHA256
8c7d24a1a52d19ca0a5c31e7c85b4a62711234f6c1e03aaf0aa14f06787f9583

SHA512
ef6ff0ffe8f667ee5a5c0cbf123ece01413871ce48de501961ec7275922768eafb1a0b29e9e18387331fea40c56d1bc1067de62b5a9eafc5fb3b151c1bcbf7c5

Download Submit
C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\coregen.exe

Filesize
66KB

MD5
3375a13b18ea9c8022d0ccf6da79ce3e

SHA1
595489c321fcad4996ae8f13f6bda9667b14c23f

SHA256
b7b35aadc5345516466b24731972583514e415204dc4c1d324dea8fe62d9a252

SHA512
807ab96bf17c235ffcfc228105601b2a122305baa7bb89fdf60712ca117a4ae2d6a5442f69cbd7498712e75fef42635f16b09b3dff32d5ddc87046af679ba16c

Download Submit
C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\mscorlib.dll

Filesize
1.6MB

MD5
3f2f6e5299cd49232d672da62f90725d

SHA1
0f173062f91828414eb8ccca00ad540ef024d594

SHA256
0c3d7f29378d3ad53343427f592d8b76c4c2ce59e40cb550add037c6908ffb36

SHA512
ba3c5c6997ff050a4b81b022a4d14794d7f92e6b645cc8a91781c3995e078ff52f4bbf8706952eae91f79234ee0cafd005617e997534021f04ccdabd66e1338e

Download Submit
C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\mscorrc.dll

Filesize
8KB

MD5
b816d2e6a1b202f0c15771b78b351d77

SHA1
dea8f35fcc0c3f1d124353e6a8f9984af624fa6c

SHA256
3e5011752c3ab42458af3591992950cbb359660d48836a516e017386dc2c02b0

SHA512
a1927c6a827e940a1cdad1a00603984d1411848cddc9d7cc62dc1ad1951877210a85f60853cd85c64606f81f4e746803adcd19e0b8b03a9a5dce9a6b259ca23a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SilverlightMSI.log

Filesize
1KB

MD5
2aec51d4e160a52f2a6053f6d0d4317f

SHA1
56acd6114b4e5b0691bf59d246b10ef1b55b505c

SHA256
ae2a3c56f1eb602e4e741ca72d8a92e7d54723441523bc469f86267fb2111eed

SHA512
d200726fac65619842b7b9346423f7d3f55588893f6a92f5644fc132477b8b94d518841feade3698a74c1a68418656ff8b2165c76cfaa461e76f854d88b95d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SilverlightMSI.log

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\SilverlightMSI.log

Filesize
1KB

MD5
ad1c9ba501cd071e2e951dec8c200f18

SHA1
095f2a8ca32182966ecfbe2769d5176f6f83eab2

SHA256
ec58325a07ca85797fe3e30efffb379e92dfa46b150bb3dda36691d3f0cf515e

SHA512
65f558618558ba84bfdf7298bb6eff0fa8a02b0ee5f62f24910045ec1f098a87938097f34f638ba06bf13d6e780576fd5d16af8c6a5e7e0a058f86af236e817f

Download Submit
C:\Windows\Installer\MSIE2A.tmp

Filesize
66KB

MD5
835cb5c0b47b37cf000ea985ba51575b

SHA1
9d3a1b24bcae63da5d4373e6f4af5a87ec79d094

SHA256
4d7ce66be93a5bbc3fe36bb7963cedaac08896d4848470d3dd617356971c57fd

SHA512
46df9f48ec817325b5e8f9a4c67807c8bcb558dab1bb56f13f5212ba0135014d3755dbf694d9aa0da08d719e28d49c189f8f1e0efb8003b36ea2126b02ac5502

Download Submit
C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon

Filesize
10KB

MD5
cdd148269b61a4a225e9c6cdda3d3283

SHA1
aee2ad1205ef563e387f64905b5e13a46bc69e1f

SHA256
95b4caf370f18e73fb13e5b155a6a70a7e2cb72e9681b7dd8963c613d5bf6b3f

SHA512
b2574d5e54d5f2428450d095f4bf61d212e9274e5167f2d183bef53dd9c71e5aab91b3857074647e0cb1ad7519f4164226c9c6e966a489bdfe47fd89d1a30dfe

Download Submit
C:\Windows\WindowsUpdate.log

Filesize
16KB

MD5
3d1acfec39b854d6788a09078ea43d0a

SHA1
416c233f316d94b0bd22781fff18dbd60114acf0

SHA256
7743587bfc52586c0982d7114b1d2d67387cf3d8810b022ec326dbea9e1ff715

SHA512
c1f20496133297aee123e2a950052df585310850479b095468a223d5099966a08dcf4e4d41b67e7204e15ae7f51961ba6dbf4ccde603ae44cb32ebfd53a185cf

Download Submit
\70a0d9e2e3eb280b13\install.exe

Filesize
217KB

MD5
b03e5e8e4cd86cc081b1da239a7977ad

SHA1
f11d3e6195224f88b8c7d80810c4bdecf5614346

SHA256
db34c795d8bd8874d33d40bdfe8753388f423ae84baffb2b1300b92bf6ccf6bd

SHA512
32bf7e84362b74186665faca7f34463b0e260f885fb40e58fb7f026ec8341007a4b82eecf46e517cc8915bcb7527549ac0f26eabab56571ef9f531c7f42d5256

Download Submit
\??\c:\70a0d9e2e3eb280b13\Silverlight.msi

Filesize
39KB

MD5
c564b404d7cf61862a7d62d0b700797a

SHA1
2fd8d53b6af923d91569ef32350e10cdb2eacb73

SHA256
e2c2bef0af41102ad11a6f284fb0e48e1b53486f4bdaa346679f92df9809b7c1

SHA512
c62a0ab9ff6e1ccd93a52b1b4641d472f59110c51ff6042a20ce43970d6d416abec44676716bee0ec4037633038f490284c0e39ddb57a82c9bf71873b8529f32

Download Submit
\??\c:\70a0d9e2e3eb280b13\Silverlight.msp

Filesize
22.5MB

MD5
2f4057a3f8742c441f6f4eb5eeca8d68

SHA1
74439cdc80e608eada8ef66ff055bac94b0576de

SHA256
7757ff7c6a7be239d70f41a1228be289d1038ceb4f3410e28242112ff2dc1456

SHA512
dc1abd6c7480752433eccde92febb77a11036bbe65f2a94fa000eb662c9d18065af6da3a33a7fd2f75ebbe757a8b34a6e8477d8f2fa9d6edb10c607b2e54400f

Download Submit
\??\c:\70a0d9e2e3eb280b13\install.res.dll

Filesize
386KB

MD5
b045c92e94d4b4ca329a344ea97b9308

SHA1
e8c57813f2e0f6c2e2713daaddfe0d1117b454a1

SHA256
11f56cd34bae96fca76e1fc4e40153bc6599d7835a91e9ff6358bb36d69be8ab

SHA512
6093ddd0d67842798ddfedb4afa4d3eed1c1fcecbefda43d990a402b276d759ffc7ddc8f0fff2e6da05f33afc8f42e433538c320e532472664541594c0335af0

Download Submit
\??\c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\SLMSPRBootstrap.dll

Filesize
603KB

MD5
0d6385488fb7aa33d0ad33fdb6a0b0cf

SHA1
d639578701425ece6dc5867d07a7520dd1a84f06

SHA256
d5f783b0c1916967ca553721637f230d0e97b0f14f321713899fd403dbdb4e78

SHA512
97f91794c8b8c079b4aad3055b57d740574e820849f2fff649b99a8d810bc61c0d1bfd89ddb034054a884b04cf348335ef99cdaa2663642d95ca91ca8d24989e

Download Submit
\??\c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll

Filesize
59KB

MD5
562bbb84a84ff2065924163bc1a24bda

SHA1
4dd273db2c50d656e4ee33c49ddd96691ee1c1b1

SHA256
4685d64464a9928bdec81a793b27e218d054fee44d57b068ba6f4924106dc1e2

SHA512
58cb35aced3b29e6e227d81bd6d279dbc92384c24a9e20a41b0a9ee8e5b5f8b82f9f0b48454ebe68521f28dd8568df90ac826f9d70377b554c2b03a5135ebfd9

Download Submit
\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\System.Core.dll

Filesize
543KB

MD5
f6671a6406b0e28518b33730fc1af2c8

SHA1
fb478286cee95ee92b121728ca6254643e7e1872

SHA256
514117d4a14861965042b15dcd6fd171913d9353e2a06b55bf106266b0cae02e

SHA512
6146a198246efe2d0cca19470f88fad5992ea5915f84dcd31e436fc8de79856f7caad91991c712e1223717e11923252c09263ef2ba85e182e8879a8f7843c6e6

Download Submit
\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\mscorlib.ni.dll

Filesize
6.1MB

MD5
de756c9c59b8c8e872de564902138275

SHA1
21983a69c2da98b0f8b2ecc0a12d1758d5d3bbe8

SHA256
a0790d255f3adae92efc0d34e6974bec0fb9b9a04d64e327745c14e611fb1626

SHA512
4aab8063ae4ef305e2f85d04ecea24ac5d92743a99e8968adc662ae13975136d3a1a9869299b838700d5e6f6b29c52366a2766cb4e868227ce6010840bcc1991

Download Submit
\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\system.dll

Filesize
232KB

MD5
cd02197fc997310ac05163e859a5df1c

SHA1
059b9b283060fa6f47ed8714e027f020b79e937c

SHA256
2ceb0c4931d8bf5d567e8a79b8f95ee14571cfd3350a654b91e850c8df45fe42

SHA512
11cf121f365c6ef1529c87ceafb52e73d4619823cfd79e0f55b478453a561951f2ce44255e1d67905da49c416b3902b3c8c8a1e5115a80320aeb30771f5d6596

Download Submit