Analysis Overview
SHA256
40cb94e431dac4df195e08238d262a416ec313c1e8acdf4b58231297dc2439c2
Threat Level: Likely malicious
The file SFMC-1.0.15.5-Setup-Full.exe was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
Checks installed software on the system
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Kills process with taskkill
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-13 00:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-13 00:10
Reported
2024-10-13 00:13
Platform
win7-20240903-en
Max time kernel
142s
Max time network
120s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SFMC-1.0.15.5-Setup-Full.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\System Functions Software\Media Center Themer\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\System Functions Software\Media Center Themer\ICSharpCode.SharpZipLib.dll | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| File created | C:\Program Files (x86)\System Functions Software\Media Center Themer\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| File created | C:\Program Files (x86)\System Functions Software\Media Center Themer\is-RTM0R.tmp | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| File created | C:\Program Files (x86)\System Functions Software\Media Center Themer\is-PKQUK.tmp | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| File created | C:\Program Files (x86)\System Functions Software\Media Center Themer\is-MKR5R.tmp | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| File created | C:\Program Files (x86)\System Functions Software\Media Center Themer\is-FCA54.tmp | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ehome\backups\Microsoft.MediaCenter.Shell.dll | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| File created | C:\Windows\ehome\ehres.dll | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| File created | C:\Windows\ehome\backups\ehres.dll | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| File opened for modification | C:\Windows\ehome\backups\ehres.dll | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\SFMC-1.0.15.5-Setup-Full.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mct\DefaultIcon | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC} | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mct_auto_file\shell\open\command\ = "\"C:\\Program Files (x86)\\System Functions Software\\Media Center Themer\\MCThemerUI.exe\" \"%1\"" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mct | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mct_auto_file\ = "Media Center Theme data file" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mct\DefaultIcon\ = "\"C:\\ProgramData\\System Functions Software\\MediaCenterThemer\\MCT-Icon.ico\"" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mct\ = "mct_auto_file" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mct_auto_file | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000 | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mct_auto_file\shell | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mct_auto_file\shell\open | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9} | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mct_auto_file\shell\open\command | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616193" | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_Classes\Local Settings | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\takeown.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SFMC-1.0.15.5-Setup-Full.exe
"C:\Users\Admin\AppData\Local\Temp\SFMC-1.0.15.5-Setup-Full.exe"
C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp
"C:\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp" /SL5="$30148,2514860,230912,C:\Users\Admin\AppData\Local\Temp\SFMC-1.0.15.5-Setup-Full.exe"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /IM MCThemerUI.exe /f
C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe
"C:\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe"
C:\Windows\System32\takeown.exe
"C:\Windows\System32\takeown.exe" /f "C:\Windows\ehome" /r /d y
C:\Windows\System32\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\Windows\ehome" /grant BUILTIN\Administrators:F /t
Network
Files
memory/2332-2-0x0000000000401000-0x000000000040B000-memory.dmp
memory/2332-0-0x0000000000400000-0x000000000043F000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-OQSG7.tmp\SFMC-1.0.15.5-Setup-Full.tmp
| MD5 | 89ae994d144376496da7226c96874451 |
| SHA1 | 8f4cd0fe90b8017e2984d918ceef5fdead9ce308 |
| SHA256 | 770047e65bf5ee822edaff53beb019a2bd521a4cd32aab73264e6b5ca75965bb |
| SHA512 | 013ec11f2f6bdf7db36d1ed1c942a2a8c8c94b8da6547518ca2be594da416cbe9f24ccfd0092551b70b8fac1baf90c04e6d42d921d7c7ff16e7c2b31d5692ede |
memory/2540-14-0x0000000000400000-0x00000000004E7000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-KB874.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/2332-15-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2540-17-0x0000000000400000-0x00000000004E7000-memory.dmp
memory/2540-19-0x0000000000400000-0x00000000004E7000-memory.dmp
\Program Files (x86)\System Functions Software\Media Center Themer\MCThemerUI.exe
| MD5 | a783a35a0314f652592d2eaeaaad96a6 |
| SHA1 | 34a11a795258aa685a5a8ecd1c9ce1c5f05ee68b |
| SHA256 | 6dcf16a0dc6f5540dc71a47df2096750ef998d14be52800f790f8563804e7cad |
| SHA512 | c25368066045466a2952c8d2876eb6e67eb0a9821f9fddd7959a2ff51dc9e0dc02770e28a3afa44493fd56d51d3d9d00a2f1a986911f3a776b232222c12be1c3 |
\Program Files (x86)\System Functions Software\Media Center Themer\unins000.exe
| MD5 | bbd08bc03eaa9e351c4a996296d56cbd |
| SHA1 | ef26352f0982cfe7a1028d298aa7588239b1b879 |
| SHA256 | f595c5736014eef5c5ce6e9eae682a8549c717b2b845404dae8b66ca81973175 |
| SHA512 | c73b0cdbe6a6deae1a35909df76aa68f964a5b8bc5dc812034a14475ca0a3003e30828b1c9de45734e92ee9a5704d8ddde783cf8a1e9e664397e3ebce0cd1f92 |
memory/476-45-0x0000000000BA0000-0x0000000000E0E000-memory.dmp
memory/2540-49-0x0000000000400000-0x00000000004E7000-memory.dmp
memory/2332-50-0x0000000000400000-0x000000000043F000-memory.dmp
memory/476-54-0x000000001F330000-0x000000001F340000-memory.dmp