Analysis Overview
SHA256
cb54085178b9605c8135604001e19adeae487d6a1a837dc71c39239ed012613f
Threat Level: Shows suspicious behavior
The file VOCALOID6_Editor_6.3.0.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Adds Run key to start application
Blocklisted process makes network request
Indicator Removal: File Deletion
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 21:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 21:32
Reported
2024-11-09 21:37
Platform
win7-20240903-en
Max time kernel
89s
Max time network
106s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{24b99d74-a81e-4765-aefe-be853ac47482} = "\"C:\\ProgramData\\Package Cache\\{24b99d74-a81e-4765-aefe-be853ac47482}\\windowsdesktop-runtime-6.0.12-win-x64.exe\" /burn.runonce" | C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8bdfe669-9705-4184-9368-db9ce581e0e7} = "\"C:\\ProgramData\\Package Cache\\{8bdfe669-9705-4184-9368-db9ce581e0e7}\\VC_redist.x64.exe\" /burn.runonce" | C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.be\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ ISSetupPrerequisistes = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\VOCALOID6_Editor_6.3.0.exe\"" | C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\VOCALOID6_Editor_6.3.0.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\A: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Net.NameResolution.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\api-ms-win-core-processthreads-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\pl\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ja\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.IO.FileSystem.Watcher.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Text.RegularExpressions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\pt-BR\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\es\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\zh-Hant\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\es\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Security.SecureString.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Security.Principal.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\Microsoft.NETCore.App.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\PresentationFramework-SystemCore.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\UIAutomationClientSideProviders.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Threading.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Private.Xml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\cs\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\PresentationFramework.AeroLite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Diagnostics.Tracing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\it\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\zh-Hans\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\de\System.Windows.Forms.Design.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\.version | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ru\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\tr\PresentationFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ja\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ja\UIAutomationClient.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Data.Common.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ru\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\it\WindowsFormsIntegration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\fr\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Formats.Asn1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\zh-Hant\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ja\Microsoft.VisualBasic.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\zh-Hans\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\fr\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Xml.Serialization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Xml.XDocument.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\it\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Reflection.Extensions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Collections.Immutable.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Web.HttpUtility.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\LICENSE.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\es\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Net.Mail.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ru\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\pl\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\Microsoft.VisualBasic.Core.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.IO.Compression.FileSystem.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\System.Diagnostics.EventLog.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ja\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\Microsoft.WindowsDesktop.App.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Globalization.Calendars.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.Runtime.Serialization.Xml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\cs\PresentationFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\vcruntime140_cor3.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ko\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.IO.Compression.Brotli.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\System.Security.Cryptography.Xml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.12\ja\UIAutomationClientSideProviders.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\System.IO.Pipes.AccessControl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.12\api-ms-win-crt-stdio-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\ThirdPartyNotices.txt | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\f77430b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5128.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.be\VC_redist.x64.exe | N/A |
| File created | C:\Windows\Installer\f774314.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9939.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4C40.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f774308.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77433b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI447F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f774308.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5975.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI93F6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7742f9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7742ff.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77430e.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f774311.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f774311.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f774314.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f774328.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7742f9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4CEF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77430b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f774310.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\f774328.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| File created | C:\Windows\Installer\f7742fc.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7742fc.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f77430e.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f774325.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI48A7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f774305.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4EF6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77430a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f774325.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9A63.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| File created | C:\Windows\Installer\f7742fe.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7742ff.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f774302.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4E57.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI95FB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f774324.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f774302.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f774304.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f774305.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{33646182-D2FF-4993-914F-B24565C41CBE}\.cr\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\VOCALOID6_Editor_6.3.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\VOCALOID6_Editor_6.3.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\{0DB97513-E9E4-4FC8-B469-D7D466AADE1D}\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.be\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{E1298FEF-8D99-43D9-A115-F8903D724883}\.cr\VC_redist.x64.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31\52C64B7E | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\33 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31\52C64B7E\@%SystemRoot%\system32\qagentrt.dll,-10 = "System Health Authentication" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\30 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042 = "Peer to Peer Trust" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.51.51943_x64\ = "{0712F23C-FBAC-436C-9DDB-125F32D15033}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\57551FB77DE5D216E4457A8034D0EF38\C32F2170CABFC634D9BD21F5231D0533 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C32F2170CABFC634D9BD21F5231D0533\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E9AA512E2FD5CB44D9F61E1A0B3C84BF\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.51.52100_x64\Version = "48.51.52100" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E9AA512E2FD5CB44D9F61E1A0B3C84BF\ProductName = "Microsoft .NET Host - 6.0.12 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\676627E34F5BAD849B9F871AB5F7A807 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\676627E34F5BAD849B9F871AB5F7A807\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\ = "{0025DD72-A959-45B5-A0A3-7EFEB15A8050}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CD76FB15BB85FA4EB02B3359D35D210\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.51.51943_x64 | C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\094F9C7997352096B7082D27C35AD959\E9AA512E2FD5CB44D9F61E1A0B3C84BF | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E9AA512E2FD5CB44D9F61E1A0B3C84BF\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\676627E34F5BAD849B9F871AB5F7A807\PackageCode = "901C43977048E1D48B1CB3E9E488E16D" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{24b99d74-a81e-4765-aefe-be853ac47482}\Dependents | C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CD76FB15BB85FA4EB02B3359D35D210\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C32F2170CABFC634D9BD21F5231D0533\PackageCode = "4636416B02CCB1B408C62C5F856366FD" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E9AA512E2FD5CB44D9F61E1A0B3C84BF | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\27DD5200959A5B540A3AE7EF1BA50805\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{24b99d74-a81e-4765-aefe-be853ac47482}\Dependents\{24b99d74-a81e-4765-aefe-be853ac47482} | C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\676627E34F5BAD849B9F871AB5F7A807\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.36,bundle\ = "{8bdfe669-9705-4184-9368-db9ce581e0e7}" | C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.be\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CD76FB15BB85FA4EB02B3359D35D210\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E9AA512E2FD5CB44D9F61E1A0B3C84BF\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\676627E34F5BAD849B9F871AB5F7A807\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C32F2170CABFC634D9BD21F5231D0533\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\Dependents | C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\676627E34F5BAD849B9F871AB5F7A807 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\676627E34F5BAD849B9F871AB5F7A807\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.36,bundle\Version = "14.36.32532.0" | C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.be\VC_redist.x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{24b99d74-a81e-4765-aefe-be853ac47482}\Version = "6.0.12.31928" | C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E9AA512E2FD5CB44D9F61E1A0B3C84BF\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\676627E34F5BAD849B9F871AB5F7A807\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{3E726676-B5F4-48DA-B9F9-78A15B7F8A70}v48.51.52100\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\\packages\\vcRuntimeMinimum_amd64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2A1D5C7710A520B4CF71F18CEA425338\1CD76FB15BB85FA4EB02B3359D35D210 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CD76FB15BB85FA4EB02B3359D35D210\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F2E91D5D9817EF24183029DCF14A752C\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E9AA512E2FD5CB44D9F61E1A0B3C84BF\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\Version = "237272852" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14 | C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C32F2170CABFC634D9BD21F5231D0533\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E9AA512E2FD5CB44D9F61E1A0B3C84BF\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{E215AA9E-5DF2-44BC-9D6F-E1A1B0C348FB}v48.51.51943\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_48.51.52100_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\676627E34F5BAD849B9F871AB5F7A807\ProductName = "Microsoft Windows Desktop Runtime - 6.0.12 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EA0C5AE0E23539C708618982000C701F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\PackageName = "vc_runtimeAdditional_x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\\packages\\vcRuntimeAdditional_amd64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.51.52100_x64\ = "{3E726676-B5F4-48DA-B9F9-78A15B7F8A70}" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.51.51943_x64\DisplayName = "Microsoft .NET Host FX Resolver - 6.0.12 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CD76FB15BB85FA4EB02B3359D35D210\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe
"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe"
C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\VOCALOID6_Editor_6.3.0.exe
C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\VOCALOID6_Editor_6.3.0.exe /q"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}" /IS_temp
C:\Windows\system32\MSIEXEC.EXE
"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\VOCALOID6 Editor.msi" TRANSFORMS="C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\1033.MST" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="VOCALOID6_Editor_6.3.0.exe" IS_RUNTIME_FILES_LOCATION="C:\Users\Admin\AppData\Local\Temp\{4FE1C2E5-333E-4ADF-8ABE-CCC837BE1F7F}"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5CD0C98CE174D700B624813403FCB686 C
C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe
"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe" /embed"{AC2262B2-A183-4D3A-9348-FBCB66D8277B}" /hide_splash /hide_progress /runprerequisites"Editor" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\1033.MST\""
C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\VOCALOID6_Editor_6.3.0.exe
C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\VOCALOID6_Editor_6.3.0.exe /q"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}" /embed"{AC2262B2-A183-4D3A-9348-FBCB66D8277B}" /hide_splash /hide_progress /runprerequisites"Editor" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\1033.MST\"" /eprq /IS_temp
C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\{0DB97513-E9E4-4FC8-B469-D7D466AADE1D}\windowsdesktop-runtime-6.0.12-win-x64.exe
"C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\{0DB97513-E9E4-4FC8-B469-D7D466AADE1D}\windowsdesktop-runtime-6.0.12-win-x64.exe" /install /quiet /norestart
C:\Windows\Temp\{33646182-D2FF-4993-914F-B24565C41CBE}\.cr\windowsdesktop-runtime-6.0.12-win-x64.exe
"C:\Windows\Temp\{33646182-D2FF-4993-914F-B24565C41CBE}\.cr\windowsdesktop-runtime-6.0.12-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\{0DB97513-E9E4-4FC8-B469-D7D466AADE1D}\windowsdesktop-runtime-6.0.12-win-x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe
"C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.be\windowsdesktop-runtime-6.0.12-win-x64.exe" -q -burn.elevated BurnPipe.{9DE61085-9164-4089-ADA7-2BD9032F2970} {AA920AA7-FBA4-451D-B3DF-4184AC7527BC} 2828
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F85600F44627DB0E3133CFBB87880117
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B1DDD5DCBAA4A03803F5D46F46939FA7
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C15E0F71540CFB2458D0C1DE20FC15DC
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1C710EC45715C5285F974A13A7AB81B2
C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe" /q /norestart
C:\Windows\Temp\{E1298FEF-8D99-43D9-A115-F8903D724883}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{E1298FEF-8D99-43D9-A115-F8903D724883}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /q /norestart
C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{BBC55D80-AA8A-4E96-A956-470955167216} {6197D4DD-D3B3-4315-8255-3A5B32E04AA7} 600
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004BC" "00000000000005E0"
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=500 -burn.embedded BurnPipe.{89B46264-6278-429C-8709-987856F05E48} {85D40D3D-EC48-4152-A2E3-EF16B9F4B4D3} 2972
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=500 -burn.embedded BurnPipe.{89B46264-6278-429C-8709-987856F05E48} {85D40D3D-EC48-4152-A2E3-EF16B9F4B4D3} 2972
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{86ED072D-D3A0-4C34-8430-ECB9921F2440} {358C7505-7957-4784-8734-A0F635FFB668} 2628
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.18:80 | crl.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\~D54B.tmp
| MD5 | 6d3271c739103d849fcceb07a86dbff8 |
| SHA1 | 880e9f0b6373582ed50a0ec42ddfde85463832d2 |
| SHA256 | 34b2395b16519a8ed5a2e782c5e9381b50abb7efcaa3eed874fc48a8ac1b2da9 |
| SHA512 | 6e07eee1ed956e5c12c15df7c0c2913a4852aadce0490d6951a8db45a83061126b78fd69954d085f31c69b676fade58b1a7d49e1fba9bb8d4013e03ed3d24472 |
C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\_ISMSIDEL.INI
| MD5 | aee84ed9c421e202c8f630c52aceec2f |
| SHA1 | 84e7c6e8d275f6571bd711fae21394322e34312d |
| SHA256 | 5cafa41ab2ae11dd150cc9d01e8b7170d3af1880653571c6859bd879fe82c373 |
| SHA512 | 2a2c8c1f33fbd47ca381df357a65b85b71eeb896cb6117dd3950076989ca39fbaba17e891fcb25a79f8a3967f4de3c5e6d21b05b6f1107f4a213122684911501 |
C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\0x0409.ini
| MD5 | 1196f20ca8bcaa637625e6a061d74c9e |
| SHA1 | d0946b58676c9c6e57645dbcffc92c61eca3b274 |
| SHA256 | cdb316d7f9aa2d854eb28f7a333426a55cc65fa7d31b0bdf8ae108e611583d29 |
| SHA512 | 75e0b3b98ad8269dc8f7048537ad2b458fa8b1dc54cf39df015306abd6701aa8357e08c7d1416d80150ccfd591376ba803249197abdf726e75d50f79d7370ef3 |
C:\Users\Admin\AppData\Local\Temp\issF115.tmp
| MD5 | fdd10a5a9ac6360ee3caba1a704b2f59 |
| SHA1 | a8169bb8e4c6611eda2c59686a748d403f2104d5 |
| SHA256 | 1fb7b2bb5a334e83437b60420db6e63970ba404aaea291a7af2dcb064061e262 |
| SHA512 | 363b90205ae882845ff4a0d1253f3fcc8eb3bef5cd8151f943f243685c36d54f179fab4d587e3413688b4304b8270dd5fc04f01634fe34fd8a93f08a94e33ab3 |
C:\Users\Admin\AppData\Local\Temp\{79331B91-A65C-46B7-8DD8-31B1437EF319}\1033.MST
| MD5 | be309cfc568c998921ca5a29c8b1d913 |
| SHA1 | 1a146dfeb395ef533e737b123a148d4b1518c2ce |
| SHA256 | e9ff0bf5037af12db72a5c882927b60b99207551378987c4b9a7025867a120ee |
| SHA512 | 44036f0547b71e1ed62b8284f33a38d485188f0076fccff0d4c2a6e06446dacd03bfd8f319c0a2027aafe43b150e2d68c2c9a34c2f79385f69502dd3e805d007 |
C:\Users\Admin\AppData\Local\Temp\CabFFE4.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar16D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\MSI28A.tmp
| MD5 | a74e09608e2cff5885c99735ef8d7ddf |
| SHA1 | 77898bf942b9024727cc4da2e1148a809e967469 |
| SHA256 | 17c6051e3a1a2000019ae0ef0b51d2896250f742eedfa45b98d570b9b42da6ae |
| SHA512 | 6fb770b579b8baba0a4685719ae384d3047ac796d7e03f11cfb77a607738be8fc0471809119b1c786d56a2eda8f47b25865e01dd8ae3235ff757248dbbbd32c5 |
C:\Users\Admin\AppData\Local\Temp\MSI188B.tmp
| MD5 | b1143a2201943febfca2595b00a86407 |
| SHA1 | 094149e6743583008524d7e0ec4ceb0fc7f0746e |
| SHA256 | f67ca8337a1ebed31f5b8008e43997f99e2a434d661d91d997fd95f718a33dc9 |
| SHA512 | 52b8230e2ee323673c37bec00ee2365c779e909bf7114d74c962c52775255e9ddbd8507980acd1c706c1ed302638d90ec12758961725d8463c92249ad99f48d2 |
C:\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\_ISMSIDEL.INI
| MD5 | e6e4a274381c3796b324e2a623e3c05e |
| SHA1 | f4eae4ca1ff8f9fddfc38205911466c868ddc568 |
| SHA256 | 8ef487cef512b05eddfab4ffd314e9392db24a853866b9ca213b9702b9e04ca5 |
| SHA512 | b745bbfa3b64fe8ab275adb80fda0ff1a4b3a8f408f4e668b8240fa56d5764de47f22efe7477a42392f5b10351a3eada8f7b7042578140deff8b920785133671 |
\Windows\Temp\{33646182-D2FF-4993-914F-B24565C41CBE}\.cr\windowsdesktop-runtime-6.0.12-win-x64.exe
| MD5 | 29fbc5cabda5a2afdc4ca20e78e7f61a |
| SHA1 | 535dba4d2ebb82f0dd217f4876d25e6430146645 |
| SHA256 | aff17ea5884da8f7e7d10f9fd6a6e4e8d43b9e34d28df55f08328e0d84a7ecf7 |
| SHA512 | 4ddb847a9747f857ad37216e42224320003e99f73929c617c6946d2352e6fe8528faf225d1be3bd650f7ac533246a8303a48628a0de689f3b273955cf9fcbab2 |
\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.ba\wixstdba.dll
| MD5 | 4356ee50f0b1a878e270614780ddf095 |
| SHA1 | b5c0915f023b2e4ed3e122322abc40c4437909af |
| SHA256 | 41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104 |
| SHA512 | b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691 |
C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\dotnet_runtime_6.0.12_win_x64.msi
| MD5 | ed04f657c593c878184f2cacd259d89d |
| SHA1 | b3b9ef6c6a7d7b26e1db8a25c9cfca801b4510e2 |
| SHA256 | c271c90769d282c35da7496b217d8c1b7e1f110f98c910263fd0a511f06b7b6c |
| SHA512 | e5540046b4fad6b2848a8a5ec895e1482d1b185ff580e086f998217c4f1af8e101c66724c35f1149014e4bd3037814ebc0f9246f943f129df3f65bb401a9c5aa |
C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\dotnet_host_6.0.12_win_x64.msi
| MD5 | 753735368ed5ab04df161907268651c5 |
| SHA1 | e68772a1f4f752a5d11340fb9724643f764ef06c |
| SHA256 | 26a5442a404027b6cacf87381d2f7219f9c8c05f8ea380000d27290bd79c2cfc |
| SHA512 | 3746c4801fb9e6b3fa2e0f3245756bdf7a725bb64c53539b25ab133b959a9318d92151157f2a09bf06b9618ebd66e1bf3b15e53173d9ce10b77c17ca3db012e9 |
C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\dotnet_hostfxr_6.0.12_win_x64.msi
| MD5 | 288f19e824eafccf3654eeebf69c03f1 |
| SHA1 | 14d49baab39001a3459be19f9e760e467b39c90d |
| SHA256 | 264d63dcaa7052dcf9539fedc99f5a56da6234e3a69433a6cdeaa50cfc143e8f |
| SHA512 | 3ca3f18db329164f46aab9b8228dc5e79ded4fce571b848556fccc28970829ffb38070daf593c617ba2acdff859f48fc49ccaf77d052f76004cba200f5b2735c |
C:\Windows\Temp\{267ABBE1-5985-44F3-A0AA-65271550DADE}\windowsdesktop_runtime_6.0.12_win_x64.msi
| MD5 | 224844b83b90ae86a10a48240d7b410a |
| SHA1 | 9c773d4a08542284ea3c1fa923ecb0509dd69279 |
| SHA256 | c610983fcb3e7d6ba33c5882da3e3b95d13a18c0a974421a67cdf54430c4546e |
| SHA512 | ae7c109331b758b48df9b7b3958762da7a6412b6f1483fba18cc01832f053c1a39ccd91fdaa217f0b9e15716d1f2ec5798815ebfdfa00d8d3147a6827d8af603 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.12_(x64)_20241109213527_000_dotnet_runtime_6.0.12_win_x64.msi.log
| MD5 | 35591d186a408c8af0dbe1a83130fc49 |
| SHA1 | 0c8d657c3be2c6a77392ecc5e0e79c058bed9123 |
| SHA256 | 0adfa59ab098a539364bde9eb1f5f37cf31f38217422301fd8098300f21470f0 |
| SHA512 | 750d6af6f7b394f6426fcef9c72c9d27db0e10b6884622e098404a51a5b43182fd37a43d5e3a8a57a3fca874e25d7b29e0fc5598eda9fc6eb92675736238c641 |
C:\Config.Msi\f7742fd.rbs
| MD5 | a89c5b303d8c8b36945783f81f7cce7b |
| SHA1 | 4743ed35c4b53d8a43beef277e3ecf91ec46b88c |
| SHA256 | 16e9a94323e07c2fd7a706fa56e1ac5544cf9c1411edfb330806ab1558ae2bc7 |
| SHA512 | 2cc73014d81430adfaa4056f16c2b6ffbc62b0b5823974760a5fc7d0de477a0cd96af3eabe6e6251a117c2621eeb70a82222d1d1c54019f233ad786f62888280 |
\Windows\Installer\MSI48A7.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.12_(x64)_20241109213527_001_dotnet_hostfxr_6.0.12_win_x64.msi.log
| MD5 | ecf193ee840e6e3ea79ef1b23f8ce596 |
| SHA1 | 61e9935dace4f7fbea72e7a3dd1f99967acc33ef |
| SHA256 | 630694782f49b8e15ee72e150e1d191a11fb059a62cb46bffcc7d6c9c7e05f34 |
| SHA512 | dd326c3583aa49ee29be6843e64ea57d0d24d5f965a3c1eb7434f56e800e2bbef4eb43ec26a1977074e29d2b9aea771e9dd3a31415c9b6be8eb6d14a11663324 |
C:\Config.Msi\f774303.rbs
| MD5 | 5f520a5826b5bc4c08f057a0d2e199a9 |
| SHA1 | 834cc6b8a7ceb33db82cbe1ea88c33214c69e90a |
| SHA256 | 7ed0d7d3b3bc87ecb5b37ce806d23ff52560d9f76d8d4628b4025969e3544d8a |
| SHA512 | d875ea460d40545945b39ff6ef7540d69c3758e1f4adaeda3c3bcd961bbadbf9282367d921eb11ce22c84037a61e70e9b9823deb6f76c5b3cdf63668f765b914 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.12_(x64)_20241109213527_002_dotnet_host_6.0.12_win_x64.msi.log
| MD5 | c70d5f1b73699ff91c66ed182d8e15ee |
| SHA1 | 271f87d3858b9941b6b20e9ed869d2b24a19b7f6 |
| SHA256 | 694ba7370d51014538840723dd76978707caf6ebd26f68adeb3ef84d357da919 |
| SHA512 | 5e504e4a72d969e742feca5c3d7233fb9afebf4c6e9f251f89be8306b827403049239b8cedcfb91c9268491569914e7f92ff27689e778153bee33c3ec401e96e |
\Program Files\dotnet\dotnet.exe
| MD5 | 3aff413d3c0a1615d2c1badb538544f9 |
| SHA1 | 504e19e5e2b6a2d7e8e62b7eb5cd65551c2eb071 |
| SHA256 | 2d38778abe2ada4ff1acc0cc4a93261fd059888b19c49afa53be6a0a2fff2b24 |
| SHA512 | 6567aaa771d322dfba29bb8e472872c0eec210faf846f988003775045b47461222e10401babb0027758ae1ea5459963b7e089196d9781732dac38379936eb953 |
C:\Program Files\dotnet\LICENSE.txt
| MD5 | 31c5a77b3c57c8c2e82b9541b00bcd5a |
| SHA1 | 153d4bc14e3a2c1485006f1752e797ca8684d06d |
| SHA256 | 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d |
| SHA512 | ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6 |
C:\Program Files\dotnet\ThirdPartyNotices.txt
| MD5 | f77a4aecfaf4640d801eb6dcdfddc478 |
| SHA1 | 7424710f255f6205ef559e4d7e281a3b701183bb |
| SHA256 | d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7 |
| SHA512 | 1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b |
C:\Config.Msi\f774309.rbs
| MD5 | b8b16c93685d552facb8a33a7558df89 |
| SHA1 | 61eb66a6eb06b5fcb67a545f8d6478fb4615debe |
| SHA256 | bfea4cef045c2ab81a3cc0cd84cf4fbfc252c06b4fc19fb0d3e3117273687565 |
| SHA512 | a6b6dc8b4a05cefd909ba2eea2a7b439f90172703a6ba6c3197c02988e465927215934e0f806e4695751fb1333eb84eb3d72c2a3f5157f425d388b4afdab7e7e |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.12_(x64)_20241109213527_003_windowsdesktop_runtime_6.0.12_win_x64.msi.log
| MD5 | 9cfe216fcf392bff223f6d044488f945 |
| SHA1 | 2d3e6fb793383d32ceab9aa64af6b172fdab81c3 |
| SHA256 | b6df92ebb1de4724df38b0f28c1625a4a3de1e8aa9a925e6c1da4d2f50c568d9 |
| SHA512 | bd46f4f35a015cdf711a25469ee0efbde5f8c0e3b1d346ce9c1e5aeacae379bcabfafb8f3ce787458531f4a918c5d51571825fbba13c83abeffd15465e2b7567 |
C:\Config.Msi\f77430f.rbs
| MD5 | 65a86dd545146f6b1876efe29305ac00 |
| SHA1 | ed580dd1f5052db9675676afee092c02c820b560 |
| SHA256 | 02347f6a8e381ae3e490802e6bc269b0ca5d2f4ba9762264f158cd14e5e2d6c8 |
| SHA512 | 2cc873f6775bd800fe5e5be8a485456da831bca893d3b73c67f0c031095efd870ffbab383494bf2d507bb88125de2f563a20d41ad8abd3406ef35bdcae8f9ca9 |
\Users\Admin\AppData\Local\Temp\{0BC2449A-5C55-447C-92AF-812B74C5E78C}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe
| MD5 | 077f0abdc2a3881d5c6c774af821f787 |
| SHA1 | c483f66c48ba83e99c764d957729789317b09c6b |
| SHA256 | 917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888 |
| SHA512 | 70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939 |
\Windows\Temp\{E1298FEF-8D99-43D9-A115-F8903D724883}\.cr\VC_redist.x64.exe
| MD5 | 35e545dac78234e4040a99cbb53000ac |
| SHA1 | ae674cc167601bd94e12d7ae190156e2c8913dc5 |
| SHA256 | 9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6 |
| SHA512 | bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3 |
C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\WindowsUpdate.log
| MD5 | f0013f01ea6f7a727597a6e3895ff371 |
| SHA1 | 8db01687cddfd01b25c9fd4c200b8d0dca7413c8 |
| SHA256 | 3e6ad41f21175c11c9375ec3d9a79a12a9eed043673b28aea43cfe41e493db6f |
| SHA512 | 9b6acc6c4e5c679b4ae1ac070f42587f778e5b57f5e70d1020a5effa949a8d88e3ab728bbbf2da0b4ea38380c65ab62148df6641d94e73f10a1cbda5a62356c6 |
C:\ProgramData\Package Cache\{24b99d74-a81e-4765-aefe-be853ac47482}\state.rsm
| MD5 | aa86a7f2d687a5cef2392e2a82d8ae37 |
| SHA1 | 070ce2c91470a098cf1e9e6b4d3940df319cb06c |
| SHA256 | 18ee2952f9f737226315991724b7f3554dd1247794e12e33cef40b504af0c47d |
| SHA512 | e27262bd50a13560a70834471bc7e8f14e07dbcb719ac8aafae1a08f3d8f8789f3fa6d3d6556f958929019d53cbd0b897ea3970af7dfe868e5c18fa71ec43e57 |
C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\vcRuntimeMinimum_x64
| MD5 | a4075b745d8e506c48581c4a99ec78aa |
| SHA1 | 389e8b1dbeebdff749834b63ae06644c30feac84 |
| SHA256 | ee130110a29393dcbc7be1f26106d68b629afd2544b91e6caf3a50069a979b93 |
| SHA512 | 0b980f397972bfc55e30c06e6e98e07b474e963832b76cdb48717e6772d0348f99c79d91ea0b4944fe0181ad5d6701d9527e2ee62c14123f1f232c1da977cada |
C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\cab5046A8AB272BF37297BB7928664C9503
| MD5 | c2df6cb9082ac285f6acfe56e3a4430a |
| SHA1 | 591e03bf436d448296798a4d80f6a39a00502595 |
| SHA256 | b8b4732a600b741e824ab749321e029a07390aa730ec59401964b38105d5fa11 |
| SHA512 | 9f21b621fc871dd72de0c518174d1cbe41c8c93527269c3765b65edee870a8945ecc2700d49f5da8f6fab0aa3e4c2db422b505ffcbcb2c5a1ddf4b9cec0e8e13 |
C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\vcRuntimeAdditional_x64
| MD5 | dd070483eda0af71a2e52b65867d7f5d |
| SHA1 | 2b182fc81d19ae8808e5b37d8e19c4dafeec8106 |
| SHA256 | 1c450cacdbf38527c27eb2107a674cd9da30aaf93a36be3c5729293f6f586e07 |
| SHA512 | 69e16ee172d923173e874b12037629201017698997e8ae7a6696aab1ad3222ae2359f90dea73a7487ca9ff6b7c01dc6c4c98b0153b6f1ada8b59d2cec029ec1a |
C:\Windows\Temp\{2EC1584A-A2FD-4EDC-8DBA-460F12D306C8}\cab2C04DDC374BD96EB5C8EB8208F2C7C92
| MD5 | 46efc5476e6d948067b9ba2e822fd300 |
| SHA1 | d17c2bf232f308e53544b2a773e646d4b35e3171 |
| SHA256 | 2de285c0fc328d30501cad8aa66a0ca9556ad5e30d03b198ebdbc422347db138 |
| SHA512 | 58c9b43b0f93da00166f53fda324fcf78fb1696411e3c453b66e72143e774f68d377a0368b586fb3f3133db7775eb9ab7e109f89bb3c5e21ddd0b13eaa7bd64c |
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20241109213544_000_vcRuntimeMinimum_x64.log
| MD5 | 5d4d1ef8b47229372eb87f1beb3ca47c |
| SHA1 | 8bf961a3db90d3e759bce2dc85d5f260bc3c2926 |
| SHA256 | ee7235f3da884a11729346f89b52892428ec1d28e969f1385e4747a6da97a2a9 |
| SHA512 | c047c0ad734b7a70c4d14284c11087a8bd7930ded6e7094b4c22c7c151e86e9f17a9b6bc695d5ffaec994445c0bf82a1d8bfc540db10ea7d210e038167b28c3b |
C:\Config.Msi\f774317.rbs
| MD5 | 385cb0d0d1fc4319941353ec7b523384 |
| SHA1 | a7715ecdf49e162846f8929c745ac4b01f522c30 |
| SHA256 | 6574403e598944e3f63de6be2a3c90ca6a0155b1edd34392514c77905c11f895 |
| SHA512 | cef0f7027a490736cc6667ea691fe29e19d23db988aff39b396fb4bb3e7c2aebe98b9e7f3aff049049bd5e41aec562705ba5139afde6d4155483ca389108a6b4 |
C:\Config.Msi\f774323.rbs
| MD5 | 3795117174739287be65293da4ae49ba |
| SHA1 | 1c4f572384ad4dcc8c84f697a0c809f232c69f4a |
| SHA256 | 0d558c337b3878c72aa3202638da5b4dd19889ef659f02155bd185f93b88aa9d |
| SHA512 | b952a477d5478c7e14b5413a53cc173910d106196fc447ec6a72c1d2a7ad611102871e4e977fc28e7f4b9b9268c84f44a3b69af1fd13eff0c5dda4c52c51aab2 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20241109213544_001_vcRuntimeAdditional_x64.log
| MD5 | 7005d3dcdb30ca3bf59b9c68dfbbb365 |
| SHA1 | c444e26b635626707a33c88efd4a0490ac65fac6 |
| SHA256 | 73c3c6a4b835b2e905ef49b5c74557cafd61c3145702901f42ac06e22e18caf3 |
| SHA512 | 1837fb262249ec9a7d4688bd0028697968b48ef964e42456bf4532a0b5f7788c57a77e6ad70f4b44260a20e729cdae53b3847c51143cd63dca5856cf127101d4 |
C:\Config.Msi\f77432b.rbs
| MD5 | d318a3b9d85b8c4d424edd653cf81b64 |
| SHA1 | 234c9e7ba8f42dceb938eb0ad9e410d6fa571259 |
| SHA256 | bf933256697469d17d94e53a4191aff49b758bde7d2d43fcb83791574c7c9b98 |
| SHA512 | 7269036d5206d61f79182b2e3a4843eca803e6ae138d855e5eb7a00f00ba74742fede76e9ab97e92832ab214e81f2e0ab94ce4063785c1a9305746f09c826838 |
C:\Config.Msi\f77433a.rbs
| MD5 | ca56cf39d757fa79497b5ba7b09c0e8b |
| SHA1 | da076ca16008725c2190bba984c2fe881f3fe227 |
| SHA256 | 33b15c7be9f305c8c57495c8c9fb24537be70f4d0c073d57a548615fde5b771b |
| SHA512 | 50498d7fd7fae0b69a64e26eaa7ff2ad9db5fad806f182b6a9b99ac197a2f7541c198b61ba13a0cd761ee815f847797fc9cf96c9daae59eaf680133c434e1e81 |
memory/1012-1196-0x0000000001220000-0x0000000001297000-memory.dmp
memory/2628-1233-0x0000000001220000-0x0000000001297000-memory.dmp
memory/616-1234-0x0000000001220000-0x0000000001297000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 21:32
Reported
2024-11-09 21:38
Platform
win10v2004-20241007-en
Max time kernel
113s
Max time network
169s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\VOCALOID6_Editor_6.3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{84537A3F-7280-463C-9633-F03E77B3E005}\.cr\VC_redist.x64.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{84537A3F-7280-463C-9633-F03E77B3E005}\.cr\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ ISSetupPrerequisistes = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\VOCALOID6_Editor_6.3.0.exe\"" | C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\VOCALOID6_Editor_6.3.0.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Z: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\MSIEXEC.EXE | N/A |
Indicator Removal: File Deletion
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\600b0ebf-2ce4-41ac-b89e-5796b2464cc8\600b0ebf-2ce4-41ac-b89e-5796b2464cc8.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\StylePreset\Editor\33f80595-092a-46e0-a34f-4a4f9c3612f7.vsstyle | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\84f46d9d-b4ac-4ddd-8f2b-ac8f06201986\84f46d9d-b4ac-4ddd-8f2b-ac8f06201986.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\C11F80B5-C272-4ACC-9FD6-CEED53C0F21F\audio\Count_up_3.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\C49C0809-0412-46A8-9BE9-250098ADC7BE\C49C0809-0412-46A8-9BE9-250098ADC7BE.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\D8160517-D4C6-426A-A22A-5030432A4091\D8160517-D4C6-426A-A22A-5030432A4091.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\E8A69CE8-F9BA-422B-B83B-8F27CCAEC1F3\E8A69CE8-F9BA-422B-B83B-8F27CCAEC1F3.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\FEBF4502-E135-4A7C-8CF3-61B479D53C04\FEBF4502-E135-4A7C-8CF3-61B479D53C04.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\3f2e695a-45ba-4bc4-8945-8e1394cb8d29\3f2e695a-45ba-4bc4-8945-8e1394cb8d29.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\912D56A7-2276-4B63-9610-852FD2C178EB\audio\1_012_count_down_5.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\BECA8862-7EDA-4270-82FC-49E9C7132F65\BECA8862-7EDA-4270-82FC-49E9C7132F65.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\C659ED64-4104-4D8D-8DD6-8A79A230AB6B\C659ED64-4104-4D8D-8DD6-8A79A230AB6B.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\D5E6C364-7A08-405A-BE48-F90DB2C5C0A2\audio\151_LOOK_OUT.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\63D167C3-F0D6-4A39-80C0-175B6360BED0\audio\b_001_yeah-uh-_a.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\be1f52ec-d703-4bf6-a864-925be2e00178\audio\be1f52ec-d703-4bf6-a864-925be2e00178.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\29A7F448-5993-4804-9C37-7D20B5F7CC58\29A7F448-5993-4804-9C37-7D20B5F7CC58.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\ffd28051-0173-49c8-90a5-3286d6a2ff9b\ffd28051-0173-49c8-90a5-3286d6a2ff9b.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\414D6D32-F85D-448E-8BAF-E8876970A937\audio\205_CLAP_CLAP_CLAP.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\538B3AC6-4556-4369-9617-2FE45A4D07EE\audio\b_009_whats_up_a.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\ddb291df-49cc-41a5-a80c-07e2c37078c7\audio\ddb291df-49cc-41a5-a80c-07e2c37078c7.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\edb1fe06-5e90-4920-a3fd-64ce2f889085\audio\edb1fe06-5e90-4920-a3fd-64ce2f889085.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\07d87150-a4c3-45c2-889f-501aef0ecc41\property.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\1689FB34-5DAD-480C-968A-274AE9521108\1689FB34-5DAD-480C-968A-274AE9521108.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\175845a4-33a7-4471-baa8-b3fe71d58dfa\property.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\5370B1C4-E18E-442D-A657-3F84C778CA8D\audio\a_031_what_a.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\74697C19-B5DF-46E7-B014-84C2AF62B8FF\74697C19-B5DF-46E7-B014-84C2AF62B8FF.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\BC8604E3-60CA-41EA-B17A-A82FFE603FF2\audio\129_WORSE.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\c3502770-eda0-4da1-869c-069241509606\c3502770-eda0-4da1-869c-069241509606.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\StylePreset\Editor\6217dd0b-57a0-492a-bacb-8644204b5479.vsstyle | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\13333b0f-3f62-4508-9dca-94644f2f71e1\13333b0f-3f62-4508-9dca-94644f2f71e1.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\1B6580D9-8E5A-4A9F-9D39-CD56F3F1527F\1B6580D9-8E5A-4A9F-9D39-CD56F3F1527F.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\395d5c82-a80f-464d-908e-d217b95ecd03\audio\395d5c82-a80f-464d-908e-d217b95ecd03.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\413c550d-7d1a-4659-9dd1-3548ed4d94ac\413c550d-7d1a-4659-9dd1-3548ed4d94ac.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\490B086B-4497-4D5A-83B0-84AE96B96910\490B086B-4497-4D5A-83B0-84AE96B96910.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\ae190ac7-67c0-4d7a-866a-200215babd3f\property.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\b90024eb-5277-4bfb-99fc-bff2296fc489\property.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\f8bf59ac-6d14-4a3f-945b-74538855a6d6\audio\f8bf59ac-6d14-4a3f-945b-74538855a6d6.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\StylePreset\Editor\4d618bf7-a296-4eea-8f89-8d5045a4778e.vsstyle | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\0EBF566B-8A42-49B2-AF64-FEDCF06494F3\0EBF566B-8A42-49B2-AF64-FEDCF06494F3.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\1AF7C420-92CF-4F4C-9E7F-722BB9C22E24\audio\VocalEffectKit_12_Ph.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\1f41ae35-b5b7-4dbc-9ab3-64c0fd226b93\property.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\6D607BBA-64F5-4BBF-BEB0-03C040C75FFF\6D607BBA-64F5-4BBF-BEB0-03C040C75FFF.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\94cac05b-7799-48ce-ba9c-495bb3c40f38\94cac05b-7799-48ce-ba9c-495bb3c40f38.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\StylePreset\Editor\b2f5145e-884e-4197-b26d-d7231299d227.vsstyle | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\09393557-f216-4a46-a77d-6781729a48a2\audio\09393557-f216-4a46-a77d-6781729a48a2.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\1e503f20-1956-434e-b00d-961cdd6b1a68\audio\1e503f20-1956-434e-b00d-961cdd6b1a68.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Resource\AttackRelease\Icon\YMH_041.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\59BF9B32-6704-4A37-9792-B6E9446A9D08\59BF9B32-6704-4A37-9792-B6E9446A9D08.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\9299eb11-f60c-4a1f-9a7e-89e8a0f0ab79\audio\9299eb11-f60c-4a1f-9a7e-89e8a0f0ab79.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\E2AC6E61-FC74-450E-BCF3-737AD490BE83\E2AC6E61-FC74-450E-BCF3-737AD490BE83.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\F897D086-73B8-44AF-BAF2-B887269E491A\audio\2_054_Who.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BP9GAGA4H6WMXP9D\setup.bmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\006BB12D-24A1-4E59-B8AE-E3F2330CCC68\006BB12D-24A1-4E59-B8AE-E3F2330CCC68.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\18DA24D0-35A7-4291-9CD9-F2AED115968C\audio\a_037_joh_a.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\2DF047FE-DC32-4457-B259-A8D521BA7988\audio\107_AHUG_AHUG_AHUG.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\418AA13A-3D31-4BF8-AED8-96B9A77C242B\418AA13A-3D31-4BF8-AED8-96B9A77C242B.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\4E649CEF-FE76-4E68-86B8-DC568A3F6A30\4E649CEF-FE76-4E68-86B8-DC568A3F6A30.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\8609362d-daf1-42c2-981a-9fc3901ce9c1\audio\8609362d-daf1-42c2-981a-9fc3901ce9c1.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\B66BF901-0572-4AD2-B3AD-A1A31D4EECB8\B66BF901-0572-4AD2-B3AD-A1A31D4EECB8.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\BE27D73E-A0B2-4373-A0B1-EF6B92D39752\audio\2_021_yeaaah.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\ED9B472A-A729-4B0E-BD67-DB892961A338\ED9B472A-A729-4B0E-BD67-DB892961A338.vsclip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\518a4bf0-b5dc-4653-8349-5a2638038632\audio\518a4bf0-b5dc-4653-8349-5a2638038632.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\88D186DD-C05D-4871-B7F8-33AF7148D86D\audio\m2_voice_49.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VOCALOID6\Media\Editor\C91FF134-5CB7-4199-8041-E6476E4FCB0E\C91FF134-5CB7-4199-8041-E6476E4FCB0E.vsclip | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e58c532.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{77F28B29-873E-4CCF-8D6E-0ABD971EC467} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE4ED.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{77F28B29-873E-4CCF-8D6E-0ABD971EC467}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{77F28B29-873E-4CCF-8D6E-0ABD971EC467}\_93931A50_8680_48E0_883A_3562CB1329BE | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5C73.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58c52f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58c530.mst | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58c530.mst | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI48E9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{77F28B29-873E-4CCF-8D6E-0ABD971EC467}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{77F28B29-873E-4CCF-8D6E-0ABD971EC467}\_93931A50_8680_48E0_883A_3562CB1329BE | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI21B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4E97.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58c52f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE01A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{77F28B29-873E-4CCF-8D6E-0ABD971EC467}\1033.MST | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{77F28B29-873E-4CCF-8D6E-0ABD971EC467}\1033.MST | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{8145885A-67C9-41F1-AA92-C459E4DB0472}\.be\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\VOCALOID6_Editor_6.3.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{84537A3F-7280-463C-9633-F03E77B3E005}\.cr\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\VOCALOID6_Editor_6.3.0.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000038a6760542cf76680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000038a676050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090038a67605000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d38a67605000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000038a6760500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.vpr\VOCALOID6.vpr\ShellNew | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Yamaha.VOCALOID.VST.VSTPluginController\ = "Yamaha.VOCALOID.VST.VSTPluginController" | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Yamaha.VOCALOID.VST.VSTPluginController\CLSID\ = "{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}" | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3333F4827406A2540A767577CF322B53 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3333F4827406A2540A767577CF322B53\92B82F77E378FCC4D8E6A0DB79E14C76 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\shell | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\shell\Open | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\shell\Open\command\ = "\"C:\\Program Files\\VOCALOID6\\Editor\\VOCALOID6.exe\" \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\SourceList\Media\1 = "DISK1;1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.vpr | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}\ProgID\ = "Yamaha.VOCALOID.VST.VSTPluginController" | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\Version = "100859904" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Yamaha.VOCALOID.VST.VSTPluginController\CLSID | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\92B82F77E378FCC4D8E6A0DB79E14C76 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\92B82F77E378FCC4D8E6A0DB79E14C76\Editor | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\shell\Open\command | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Yamaha.VOCALOID.VST.VSTPluginController | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}\InProcServer32 | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\Transforms = "C:\\Windows\\Installer\\{77F28B29-873E-4CCF-8D6E-0ABD971EC467}\\1033.MST" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}\InProcServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}\ProgID | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\ProductName = "VOCALOID6 Editor" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\shell\ = "Open" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003} | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\ProductIcon = "C:\\Windows\\Installer\\{77F28B29-873E-4CCF-8D6E-0ABD971EC467}\\ARPPRODUCTICON.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.vpr\VOCALOID6.vpr | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}\InProcServer32\ = "C:\\Program Files\\VOCALOID6\\Editor\\VOCALOID6Plugin.comhost.dll" | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\AuthorizedLUAApp = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\shell\Open\command\command = 470061006f0056004e006000510048006300400041006100480069006500600072006a00450049003e002e00640035004a0026006800530068004a003f006200560077005000430049005000470073006e002000220025003100220000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.vpr\ = "VOCALOID6.vpr" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\Language = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\SourceList\PackageName = "VOCALOID6 Editor.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VOCALOID6.vpr\DefaultIcon\ = "C:\\Windows\\Installer\\{77F28B29-873E-4CCF-8D6E-0ABD971EC467}\\_93931A50_8680_48E0_883A_3562CB1329BE,0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C63AA6F-CD14-4C55-B8AD-E5C9AA15E003}\ = "CoreCLR COMHost Server" | C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\92B82F77E378FCC4D8E6A0DB79E14C76\PackageCode = "C089FDFCAEA1D364B9CDF042A688EC5D" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
| N/A | N/A | C:\Windows\system32\MSIEXEC.EXE | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe
"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe"
C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\VOCALOID6_Editor_6.3.0.exe
C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\VOCALOID6_Editor_6.3.0.exe /q"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}" /IS_temp
C:\Windows\system32\MSIEXEC.EXE
"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\VOCALOID6 Editor.msi" TRANSFORMS="C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\1033.MST" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="VOCALOID6_Editor_6.3.0.exe" IS_RUNTIME_FILES_LOCATION="C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 20A4B7D29195959B82E92183A863B446 C
C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe
"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe" /embed"{990E389C-A68B-416E-991F-4E2E96A10070}" /hide_splash /hide_progress /runprerequisites"Editor" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\1033.MST\""
C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\VOCALOID6_Editor_6.3.0.exe
C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\VOCALOID6_Editor_6.3.0.exe /q"C:\Users\Admin\AppData\Local\Temp\VOCALOID6_Editor_6.3.0.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}" /embed"{990E389C-A68B-416E-991F-4E2E96A10070}" /hide_splash /hide_progress /runprerequisites"Editor" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\1033.MST\"" /eprq /IS_temp
C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe" /q /norestart
C:\Windows\Temp\{84537A3F-7280-463C-9633-F03E77B3E005}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{84537A3F-7280-463C-9633-F03E77B3E005}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576 /q /norestart
C:\Windows\Temp\{8145885A-67C9-41F1-AA92-C459E4DB0472}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{8145885A-67C9-41F1-AA92-C459E4DB0472}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{50405421-A765-469A-BC89-B4CB1D051FE4} {EBE789B4-5B75-4E3D-8106-A271E842DCF6} 3924
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 78A043472644D950665F9918619C3D36
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B7B0EB179A8806CCFB04335B935812AE E Global\MSI0000
C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp
C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E7D8A5B0-4C37-498B-A6EE-A0838F17BDBD}
C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp
C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B599EA7B-48AA-4282-A674-56EEA46A6460}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8320CA09-BF58-4E11-836E-27A95AE01AD4}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{140BAA28-B27F-4871-8753-6673FB296997}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1699DD88-6BEA-4E4E-9CF8-7CC7602DCB68}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AF236989-E706-47C1-803A-971BFBBD697C}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A7738412-2D5C-4136-850A-3F8353113273}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{86FB7D49-FEF4-4544-8A6D-E72319806F3A}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C2581955-6E2F-41EF-9919-B8FFF9FB64EC}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3FD6C05E-CE79-402B-8598-E3CFA0446001}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C125D510-2701-4054-8FD8-B9311D293A35}
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_is4FDD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C80667CD-F64E-4B0D-9AEA-43555A5FFCD0}
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.197.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\~D841.tmp
| MD5 | 6d3271c739103d849fcceb07a86dbff8 |
| SHA1 | 880e9f0b6373582ed50a0ec42ddfde85463832d2 |
| SHA256 | 34b2395b16519a8ed5a2e782c5e9381b50abb7efcaa3eed874fc48a8ac1b2da9 |
| SHA512 | 6e07eee1ed956e5c12c15df7c0c2913a4852aadce0490d6951a8db45a83061126b78fd69954d085f31c69b676fade58b1a7d49e1fba9bb8d4013e03ed3d24472 |
C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\_ISMSIDEL.INI
| MD5 | 85f7b282c2c872960b141f43c1cbef44 |
| SHA1 | 70d46f79486ebf5eef6d1411f758e35a4aa86f21 |
| SHA256 | 42b9fcc39108fbc4217edd0779a3e0fcdfe9f82bfddd15daad9a499519bd6f72 |
| SHA512 | 31f60e96d2921b049c9b540daf10439746f639528acc7e560efa8d567b0b1b850abec39926d2101798e8b7fcc41eed03cd24c8e3ff339b83e45389769ec756b9 |
C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\0x0409.ini
| MD5 | 1196f20ca8bcaa637625e6a061d74c9e |
| SHA1 | d0946b58676c9c6e57645dbcffc92c61eca3b274 |
| SHA256 | cdb316d7f9aa2d854eb28f7a333426a55cc65fa7d31b0bdf8ae108e611583d29 |
| SHA512 | 75e0b3b98ad8269dc8f7048537ad2b458fa8b1dc54cf39df015306abd6701aa8357e08c7d1416d80150ccfd591376ba803249197abdf726e75d50f79d7370ef3 |
C:\Users\Admin\AppData\Local\Temp\iss6C3.tmp
| MD5 | fdd10a5a9ac6360ee3caba1a704b2f59 |
| SHA1 | a8169bb8e4c6611eda2c59686a748d403f2104d5 |
| SHA256 | 1fb7b2bb5a334e83437b60420db6e63970ba404aaea291a7af2dcb064061e262 |
| SHA512 | 363b90205ae882845ff4a0d1253f3fcc8eb3bef5cd8151f943f243685c36d54f179fab4d587e3413688b4304b8270dd5fc04f01634fe34fd8a93f08a94e33ab3 |
C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\1033.MST
| MD5 | be309cfc568c998921ca5a29c8b1d913 |
| SHA1 | 1a146dfeb395ef533e737b123a148d4b1518c2ce |
| SHA256 | e9ff0bf5037af12db72a5c882927b60b99207551378987c4b9a7025867a120ee |
| SHA512 | 44036f0547b71e1ed62b8284f33a38d485188f0076fccff0d4c2a6e06446dacd03bfd8f319c0a2027aafe43b150e2d68c2c9a34c2f79385f69502dd3e805d007 |
C:\Users\Admin\AppData\Local\Temp\MSI17AA.tmp
| MD5 | a74e09608e2cff5885c99735ef8d7ddf |
| SHA1 | 77898bf942b9024727cc4da2e1148a809e967469 |
| SHA256 | 17c6051e3a1a2000019ae0ef0b51d2896250f742eedfa45b98d570b9b42da6ae |
| SHA512 | 6fb770b579b8baba0a4685719ae384d3047ac796d7e03f11cfb77a607738be8fc0471809119b1c786d56a2eda8f47b25865e01dd8ae3235ff757248dbbbd32c5 |
C:\Users\Admin\AppData\Local\Temp\MSI5698.tmp
| MD5 | b1143a2201943febfca2595b00a86407 |
| SHA1 | 094149e6743583008524d7e0ec4ceb0fc7f0746e |
| SHA256 | f67ca8337a1ebed31f5b8008e43997f99e2a434d661d91d997fd95f718a33dc9 |
| SHA512 | 52b8230e2ee323673c37bec00ee2365c779e909bf7114d74c962c52775255e9ddbd8507980acd1c706c1ed302638d90ec12758961725d8463c92249ad99f48d2 |
C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\_ISMSIDEL.INI
| MD5 | 1b90da2f95d5a5983324c641f98cbd78 |
| SHA1 | 50b26e0c99fc7045e5002384bc5609cec22dc5d8 |
| SHA256 | cfc48ef170c0cb1c75c7ab114399611100bc07ecd67d43f56c49b900ba2d2e2d |
| SHA512 | 8b3e3d0ea5dbbc8d0a32468e9a0fdf7264089970b1077cbf775a4aaf2f531678d51abb3f09ec58cdeb8018468f6b55b1307472b1ba7455b04b3dcfddf126d1cd |
C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\{B3DA4C36-3522-40F9-A5FC-448C6F9CB6D3}\VC_redist.x64.exe
| MD5 | 077f0abdc2a3881d5c6c774af821f787 |
| SHA1 | c483f66c48ba83e99c764d957729789317b09c6b |
| SHA256 | 917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888 |
| SHA512 | 70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939 |
C:\Windows\Temp\{84537A3F-7280-463C-9633-F03E77B3E005}\.cr\VC_redist.x64.exe
| MD5 | 35e545dac78234e4040a99cbb53000ac |
| SHA1 | ae674cc167601bd94e12d7ae190156e2c8913dc5 |
| SHA256 | 9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6 |
| SHA512 | bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3 |
C:\Windows\Temp\{8145885A-67C9-41F1-AA92-C459E4DB0472}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{8145885A-67C9-41F1-AA92-C459E4DB0472}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\_ISMSIDEL.INI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\Microsoft Visual C++ 2015-2022 Runtime Libraries (x64).prq
| MD5 | 15bbd6d4f89b49685a02e8b3a7f0776b |
| SHA1 | 460db26b972bb8eeeb75147b82c92c1056e0cf79 |
| SHA256 | 97076594c13a9afe98f8f8d820ee05a3c922fd11c449e1255633519b3d4778c0 |
| SHA512 | ed0e1d51b211334c1db7e102b39451611eb2fdd402e61348c0dfb192cb29de6c5bb7943046d5ad3b44ecbfcbfc19e57dc21acccbf4de139c261c3158f8075a23 |
C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\_ISMSIDEL.INI
| MD5 | 509d79ddd873feff49a6e6c3e55be927 |
| SHA1 | 761cedcde5966c0dfb9009e29dae81985dc865fc |
| SHA256 | cb2b17da6d38245317b3edbdeec837fddd44dc00a1637ed5e28458c9e4e16cea |
| SHA512 | b2ea337f0d45645bf8f69294a3e7f1edb80ab0379ea785c3ae48ccf51e74fa84e8c9c4084e0b99f2e6891072d2c68ce43ec99f574ca9aaac2d3aa9ba562a18a5 |
C:\Users\Admin\AppData\Local\Temp\{C78220AE-52A6-442B-803F-BFB38CBEDD94}\_ISMSIDEL.INI
| MD5 | c10f0c1c213324eb2d479d8617a58197 |
| SHA1 | 5d830ffc7950e47de2a7f9efafca8425c37a382c |
| SHA256 | 06d38311dc59cf5a078491d01fe65e579b3c5d72764bf93e35ae24cd74a805be |
| SHA512 | 6b73dd20de1f288999bf2590f8cf095f5804ae2648ab85d136a919ffe0e0430180c91a46b2ad6192104ee8802d982f70bc0fcca87cd8189a5be3e04312d1a702 |
C:\Users\Admin\AppData\Local\Temp\MSI81951.LOG
| MD5 | f2823cb97683f6010ed2724fd5ce25f8 |
| SHA1 | 569cef87990811d4b75744066b827de036d6ad40 |
| SHA256 | 1ee4906ef9ddac7b48a11379a3ea7f881bc4f486c53a3925b0a21ebddb3a6781 |
| SHA512 | b93ee480b0d781692bcf2fa11bd755da6822db50540a76b6772fccd2ac5974a6bf7a0d40583dfdc41f43fa4fbc79d3075d9287833d3985c9ca95d7857ca8704e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_B0DC81B52DC0E20DB5F04AB84DEAAA9B
| MD5 | 6d78c5cdd8e63ad8010797aa2017b238 |
| SHA1 | f2bd9c37dad68a8d47075d53cc8cbed4e3befbd1 |
| SHA256 | 06956b410c188891a2312ad83f16eb816dbf4d0e9dc7c377f0b976dfb9ba8461 |
| SHA512 | 53019709e0d90d7891bec5189dc0de539a3abee5cfb322d44b5034031da5a9749ad20ccb6ba4d08265190e86c1890d2752b4e0f655e05904792722928dbaf977 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_B0DC81B52DC0E20DB5F04AB84DEAAA9B
| MD5 | 161f26b50fc6970fa2f4ff07b6afa4f4 |
| SHA1 | d4fc7337c4c8e14da61832c5c3ac72e4da1f8c28 |
| SHA256 | 930949a7158eeb3b6efb6745ace73e71464d3f3bf514ba63e4ad39b775286827 |
| SHA512 | b4e8fefd68bed9effb3e67a3fd3cc8823379a2941c863bb175eba113187efb5daab82fd6d24aa06800c8809f7af3dd4b3424e403fcecc5e53a3e93e06031cb11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
| MD5 | d311d0bc764f0f8102d7135bc83b4593 |
| SHA1 | bc710f58804d00a7ebaa4d2ddd882279ed05e5d2 |
| SHA256 | b94a81fa3cb01a903368b02ff1fbecc6f019d732f693776d62788b38fbbaa490 |
| SHA512 | 3a8462b95924ee562b5e074420bdeb658875c4540411952c556c1e7c80e26216074a642402307254b4683c7d61fe4ccac6c56a46719de90df6b64e1cf69dae11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
| MD5 | c519484a3c1564a39846c67aadcfb893 |
| SHA1 | b7dd9232c93a50ef6c2466cb0071d5ebf28477b8 |
| SHA256 | 23e257343e432e941167c6262065f47a12a1f74969bf5a5357cba206a72c2a54 |
| SHA512 | 968b3d3219a45829b6022ea72912c3402861d92bfcb4c8f691192544b518127289923ee72ab660c0e855f201453adb833cdda0ccb5fa919bbd8010e6742b6784 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
| MD5 | a49813a199dca7806e0d9e75afccf1ed |
| SHA1 | 509ff362730afd40ea482c760fb6a561af75e3f4 |
| SHA256 | fb0dc1baaa57ec867bd9332adec22afcf205192d60e923d63a152b9ee5379bd1 |
| SHA512 | 686b7df717e7f247c682a072fd047d8acca25609d119a75e6ebdf750d66622e848aeee4605c7523c62611ca3184870bd5b6a3bb26d05ba259d6d89cd774e5706 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
| MD5 | bf4444ab7e8d10928e1b0c004bd1f974 |
| SHA1 | e99c816a58d9557e679a0ab62c0c539ccc3b9997 |
| SHA256 | 99de2c507ec253417e14b2d329d370e7e3e0ae12e5348c2e6f03d00aca8d1d56 |
| SHA512 | b5491eaf86cfb19e2a103b0cb3b41de519a98164565aca14b612bd97685876d327f43d8ce8b10420545b44db86bbf24b665cc92a91ea1b27c291ecf18c6036e7 |
C:\Windows\Installer\MSIE4ED.tmp
| MD5 | 7e5810ea73e00f712c33471f9148f10b |
| SHA1 | 3e22e869b8f0f5acb87fbca3dd40d2fc4b72e78a |
| SHA256 | cce0370bfdb053b3b2e6b90e87a903f3de525f3c84adb0fe67d6f3e6a26e4fe6 |
| SHA512 | d7dc5e9bd7f9b68ad7824ff44cc0fdb62c69456658c55a439247874b32daac35a1895e2a97018e82d4b5c65fef97d99312bf528a8fa3449b8f5604b4d7717630 |
C:\Users\Admin\AppData\Local\Temp\~E569.tmp
| MD5 | 303fa7609937b50627b2427b65cdbe55 |
| SHA1 | 9c501629bf3e051df1e0b5886245f7191fe04d85 |
| SHA256 | 2c1fa1da136f55332d41f9751fad5fbfa6b4e8254d87f00bb8bbe58831ceaf51 |
| SHA512 | 2d0c43f5e2c6a0b241717417dc631e897f15bae74080bd22cec7d78a9519a6ab221335f7de22a365cca42e063bf8b2f612260827bcb571c5b022fbf9e7b3bd9c |
C:\Users\Admin\AppData\Local\Temp\wacE58A.tmp
| MD5 | a73f181849d157bfa4c802a54be7bf06 |
| SHA1 | d87302abad182b74864b0a0bd886a311acbfc024 |
| SHA256 | 037f8de004e6e6bfcbc9b719a6a9198c4397e4561cc0107108e00233f94886d0 |
| SHA512 | 43b03dd2dc743324461dc16a12199eabaa19099626e5a54294ec76549084c05f8ce24f6e22b6e8c7871c5eb4ecf4449e8a4e36f0371f3c4772bc6a7d8fd30975 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\18909f6c-ec11-4ee4-b879-2a7e81e6adb2\18909f6c-ec11-4ee4-b879-2a7e81e6adb2.vsclip
| MD5 | 3127bf31e4188cf1caa4840c416c660d |
| SHA1 | 52621bfea13d865a1be95666c66ffa8ad01cab7f |
| SHA256 | e867af097da6986e5c1e09274ea145230cc51e06569f3f4ffe992d2c5b19dd46 |
| SHA512 | 0b7869dd147eb40ed1bc4d9f4ae4bf96d3bbbea76990d1f499830aaf7530ac19198dea3ccd1653d15a7af4a1ca72a6a5a912723e4d8057d5ca458c9213723cc6 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\1e9f9466-8e9b-451e-99f2-7be6166c6905\1e9f9466-8e9b-451e-99f2-7be6166c6905.vsclip
| MD5 | bc1755db28846936428133f2a1dfac51 |
| SHA1 | 0aa3ee6e354441318689a835cc6dd1a409841b91 |
| SHA256 | ef1f7163da8e4f2d08d022f4d1b84a487eeff01b3f9c402aced70b7bfc48ef0a |
| SHA512 | 1bfde0be277202c705e9ce4f4c60c816fe7f641f58e53a3b561c3aa39cdbbf5f8c37b6ac0eb76776dcf2cd874aa45181a085aac65724628adf8bb998cc69e1b4 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\481df1b5-9569-4d06-8355-3b0976f6d4f8\481df1b5-9569-4d06-8355-3b0976f6d4f8.vsclip
| MD5 | beca7f74e8c9d7e43ba936d9327654d9 |
| SHA1 | 2c5c32b8e3612d0090a47270461ae53798d50dec |
| SHA256 | a27f1525fd3886248de2d2c211982437f2ddf6726f45c17191f06c2911b23690 |
| SHA512 | 656fb8aad68dc4efec9e5116044dce0edb535ce2286247ef9abd801a8c91b23b97442289f79b601b1b4922da8c1790695463aba7e06eb0ddb59572f4a9a83c1c |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\4e9e8d7a-38ee-4af8-b9c0-8b3ebc7e91e4\4e9e8d7a-38ee-4af8-b9c0-8b3ebc7e91e4.vsclip
| MD5 | ed69ed3a5c5a8ccc3e1000a5aa2fa7e4 |
| SHA1 | 8d9f0c8135af96d6483ded36d72732b168288cb9 |
| SHA256 | 6360210e2a8bbbe504444379e3f5f09fc9cade69e099e42219aa52a8130724d5 |
| SHA512 | 460c3cfb1051d88a60e16db92530fb191f99ac34f2bb4781d698783314f657bb58489a34265ce01ac3a729ed591f64b2cf5ea8beda34d9bafc07273eb7fb24a0 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\52aea056-bd3e-4720-b250-7928595a6300\52aea056-bd3e-4720-b250-7928595a6300.vsclip
| MD5 | 59c43d9bff06c935ffed11381e7490d2 |
| SHA1 | 461bc0732b091bb253d0b2bd4b63121a13935b62 |
| SHA256 | 266dac91dd012c4f89b15ffa2f89c1717f6128f46a4eca3ad6e5a93ce2486353 |
| SHA512 | f85ce60adca328a9d424e2934fe10a4c3ffcf8ff1343ff8e521e90406cc2dd1c95e813c872eb906dc8c43a0fc8e8eb80050b791900c3e25f6afd33c4eefe8e38 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\588a3384-0982-4002-992c-4eb425f48992\588a3384-0982-4002-992c-4eb425f48992.vsclip
| MD5 | 3c9d0a8fce0a304bced39eab2a5a28ee |
| SHA1 | 3c50f28d90ee461912486077e6b742381ee9efac |
| SHA256 | a2826a7fa411f4a0d7a331fb11efca601d619c57ae769e5388a3ffde5e442728 |
| SHA512 | d9ff8aa3d671da148805b72821686e40eeb2c65b4fdc2f9a9b86519c86a8c4189ade6a09e0ad841c4bbe14d17b3c046075633c2eb75073ce0ef2219f62a5bd64 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\8694f31a-b087-483e-adfe-29e28aee6ac0\8694f31a-b087-483e-adfe-29e28aee6ac0.vsclip
| MD5 | 57cffcba5df553665d6e900ce85302b6 |
| SHA1 | cb002080c3ee879c8724c34aa4f44baf32ff5678 |
| SHA256 | 3ad6dede1e4deb4a478c3983890f29739bea1e9cc2fc0309598a28f8e3851cdf |
| SHA512 | 44799c64dbe15b5f99098188e66e56f8188424948431e642aea8a6ae4a7c24d1605ce49b9a711145eb1f13cf84ca94084dfb8b4a1d810735d8650116aaa20c53 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\8822c71b-47a6-4318-a032-e57a1b740cb2\8822c71b-47a6-4318-a032-e57a1b740cb2.vsclip
| MD5 | 1e2fe51f28326c28b9582f476b41643d |
| SHA1 | cc2760abb825744f0da7e6dc3d2a6ce7b0ab921f |
| SHA256 | cf75ce306ccec78630596503204ad6a8513a07bb40344d4e12941a944eacc463 |
| SHA512 | 4041f11af4ee284bde436a9de8272523d411f735a47298a5c6d8f1ad27c8bedea0b496b1a00815df606048894e71498429113735341202c4abdf48c0575fbf12 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\9ef77e48-7b5b-4e09-b4ff-dde83ca44729\9ef77e48-7b5b-4e09-b4ff-dde83ca44729.vsclip
| MD5 | 65a2b413c89b52b9be68910bb393b7d1 |
| SHA1 | 7f6d44c5ace284e205d149465d262527507e0b0f |
| SHA256 | 1f1e29a3006cdb03a1285861f2facd3dcf798f929ec7b2adf5088e0d510773df |
| SHA512 | 57bd0d19c89430336639d2bf759693f217ff8f9f2789f0bdf3d5201b521c6161c927100c57dd5378d97c9622f2c2233f124c4f00b8b8a1c49b63a92d82dc3f11 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\a5a70597-5a98-4cfa-b35d-6fc794b33bf9\a5a70597-5a98-4cfa-b35d-6fc794b33bf9.vsclip
| MD5 | 4778a49dc00b734af56e8cb20fb9ac64 |
| SHA1 | 2badf94e0d5166f2d35bb03c6a7f82b24d300f37 |
| SHA256 | ee6b448d7c6642840f9f017783d0b442faed6f56eebbd8a3e79e71f2c74a0d85 |
| SHA512 | 693141d97cb6ad88923d2bfb5acc3907e78ed2c304416d28cce562f5e8b9737b78856b1add12d7f737c3a82f9c80a99696213f4ac6eede79061c8ff8607445d2 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\a9427b36-005d-414a-8748-a131db2c3abb\a9427b36-005d-414a-8748-a131db2c3abb.vsclip
| MD5 | af99e9b05767ee8dfaf4afe4ef670b19 |
| SHA1 | 3cc95490df3351982a37e27111c77685413025fd |
| SHA256 | f76a83882ebfa4dca2e2f2c760fcea092acd65be378053833759b323a63dd375 |
| SHA512 | bb78e98e50d331d10a0fcec9926a7ce7c094a2b2da1f427e42bf2fc71cbbf395d2c31630a49b9cccbe2e253723986fa20e1229ad404f4762126a3c8aa3e6208e |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\b48609c6-784e-4e04-8132-cdc17687b765\b48609c6-784e-4e04-8132-cdc17687b765.vsclip
| MD5 | 1bef83375ff519096f4db83954a14b64 |
| SHA1 | ac29603230e294a87ed1daa63967def206bd3b16 |
| SHA256 | 57443c51d0f4083bce712ff10b7db3fa50624c6dbf2508bba8f47deaaa75cdf0 |
| SHA512 | 49a07ee3def07f7c873dbede8a0ec88d9bad69fd318dde88bcb234c12d54829afd7e2d29212d59e7d9070cb57faab5862eb37e180b9d9cfbe394011b14e6d7df |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\bccfaace-0c86-4628-be69-37a66d78e296\bccfaace-0c86-4628-be69-37a66d78e296.vsclip
| MD5 | c61fc0759796506c29fd04c9f4c93fd2 |
| SHA1 | c6c7b4b8cd928a28255135f2c5ebe704b3ba7f24 |
| SHA256 | e1737a734302e23111d73b1e6c27ff175cdd845ca6de501b3b602be019896e97 |
| SHA512 | 7df5fef783da19c2adacdf33d55fa1fb84f716f1c28210ff68d16601e2dbfd2cf34035fa22c6cbbc3eefa8ec8228ab8286165d5ed15e56de42719d46e651eebb |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\ce5c1fba-e3e9-4865-b860-a65cf54dc1bd\ce5c1fba-e3e9-4865-b860-a65cf54dc1bd.vsclip
| MD5 | 0fe0fb34ffeef16450ce540eefd7dcc1 |
| SHA1 | c47e2ed92ee3d17a06af9cc12b271166942f0687 |
| SHA256 | 32f17b4f1edbf1e23e5f8ceced915218ad47c451b4aac453584049714dd8b2f5 |
| SHA512 | 0e220d02d61b3222141b2f191c952eec20ead90fe9695e66091e698b4c9c6aa1420d24f41fa76323d4a467932b051843acb0fec44f1c0edd3baa17041e41ef18 |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\e2849f6f-8de0-4762-8c59-dbd78c61022d\e2849f6f-8de0-4762-8c59-dbd78c61022d.vsclip
| MD5 | 9e651c10042948e5f287f145570c9ed8 |
| SHA1 | 860fff704e5f2bfa4a6a91c2e619634a5ac7906a |
| SHA256 | b9857e23821dd017275ad0d803be8c7954bf23fa2c283f8995fbeb4fda667b19 |
| SHA512 | 3671ea1aaae467c2bb7137319be89e69254b24db156fe42b57416252c8bb54411f23385a50e617ed2aa588b258c5cf6c09975beea3ae3c378a64cec979de709c |
C:\Program Files\Common Files\VOCALOID6\Media\Editor\fe81ea40-d60e-4e6c-804a-52a719725b0f\fe81ea40-d60e-4e6c-804a-52a719725b0f.vsclip
| MD5 | 0ddcb20699241cadd7cde0e8f2c5957a |
| SHA1 | 0659636f0caa48000c9313c17adf38420f6f181b |
| SHA256 | 8cc71bda44b635bf97d68a6ff6f4bbf638aafdc5fdfc59c57cbfa61aeef4d525 |
| SHA512 | a752cb1e13acd8298f7f413b9fe715cf9a691023e47030ab4c264b695328ecb66f1c6b64aa4f9fccbc081f6cfa53cd6fb9c14c6567c5a50202104146f0ac64ff |
C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BKGHF6Y5PHTN4KD6\setup.bmp
| MD5 | 8329424b323f4501efe48ead6208cdf4 |
| SHA1 | ccabb9aa3ffaa24497d7026d452da4e7e5630015 |
| SHA256 | 1b9b732dfc9f9bdd85477626871f87498e18a8069347130b73a239f7c5ab7a33 |
| SHA512 | c6860e2780f4d40271e6bc7ceba97b59d8b6edf249d0350605521b212f5b0882d74a5ef933e8f867969adbb877674ff245121aa2f920b24902dc53b6f4fa9334 |
C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BLECA76YHKRGXLB7\setup.bmp
| MD5 | d58164d41e9c65beab935509be355c64 |
| SHA1 | 04e01693ad939e2cfb287eb1d1f074c7e5ed7cfa |
| SHA256 | 7e3161aaa6fafb13cc4965ba75c9eb93c6eaf39fc18c7d351a9d5b386144d88e |
| SHA512 | 0ec7e24e0e557b521f8acf8ca825e2284e5520765be47ae6ff32a27ed7b134479abe1ecdac626a76aaa31916aef3f9b48987d890769a852c0a160320a66d4cfb |
C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BLGHFDK5P3TN4LBC\setup.bmp
| MD5 | 275a1391944531c65ed1092a31e6d7e4 |
| SHA1 | 32cb644690b2ad8dec076a3d630e1d50b1ba42c7 |
| SHA256 | cd4d159b44b47d3d5d41543d1ff2ace84941cd7c61c8ddfffad2e939dffb5101 |
| SHA512 | 7c4bc8c85255aff74629937e52349dcefbcb4ab6cbaed9d4270199136038a989eaafe4f18e1c3dd176409ceafa4a553387bb1f6f532364f5b5948d6391f7dee7 |
C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BLLN57S9CKYTPLCB\setup.bmp
| MD5 | 004701e6ddadbf073080e275187db638 |
| SHA1 | b3dc7a665ef868b779359fb17101e448005d2a60 |
| SHA256 | 480565bb3f64b242e1c7ad4c67e2bb5c099ba92f268ba3708eccb55026ca1a24 |
| SHA512 | 4bde31a198055466fa1bdf24aa10b3dd2776cee973e3a57ff2545b592f8aa6b13cd0cb76a28761f1d6b4057f8121e9c5d35ffff1ac9d9a5c8931b2080eaedcb5 |
C:\Program Files\Common Files\VOCALOID6\Resource\Voice\BMLBDERXM4YF2MBE\setup.bmp
| MD5 | a49a37068286ea3d949a00d8454686a5 |
| SHA1 | f912cb2ab0150bc8f0bff9f8c045f6c6d66200be |
| SHA256 | 2f14ac01fdf2b234f371e63c1660870ea6f03afe6efbb96b4887951c6745a7b0 |
| SHA512 | 1d09056f08c9cf3603392171e15fc2f7b0219daf0986a0f7ddac9e15a11440837276c4861e9ab9b01ac472a9b478b94ffe096874c0964e55b320f3431f0ca1a6 |
C:\Program Files\VOCALOID6\Editor\VOCALOID6Plugin.comhost.dll
| MD5 | 2ee29628c601b21205b628920b881c9b |
| SHA1 | a41de07cb67ce5d90d2e1953acf6ad07bb5ba763 |
| SHA256 | 975f110fa114108f73d7db2fb6b889387b379a9df226621c4f82429f7a435cdf |
| SHA512 | bfdf0e779fb9c1f8080528631b28b01097d39cda9037f6a15bcc4aea8134f3254f6c63d93243104144b1c999c495ea6e54086808ddd68389daf569dd3e988b06 |
C:\Program Files\VOCALOID6\Editor\VOCALOID6Plugin.runtimeconfig.json
| MD5 | 5d6ab666fb94e136578929a9e2469705 |
| SHA1 | 59117c4e2c67fbcad255633f37a720a9ddb68351 |
| SHA256 | 9e72299350f7636bc7be5437b9ab52c244105a019f1be081562289d98bb83c9a |
| SHA512 | c5da9d0c31ae491ac908e1d69f0afc3496219637e290ffabf568e2505f3211d7c195293e8e27a7396d3f152a71e3b0047b8f8867cd90912c4d9935536577a613 |
C:\Program Files\VOCALOID6\Editor\VOCALOID6Plugin.deps.json
| MD5 | 8d66629aa455ec0ef90d750dd51f438a |
| SHA1 | 36b934a298be4803eee637063b3876551e725339 |
| SHA256 | 344c4729becdd414b8e446794cae2415451d270ff6de1f645b163c092d108eff |
| SHA512 | daaeb0a09870984f68d7deac6dc7d8b9c604a4a7daf5cb09571457fb62c3dbb95149e47768430a9c279451e04c3e69cc9c4ea6c5cc3f6c4372b6f13296004ed9 |
C:\Program Files\VOCALOID6\Editor\VOCALOID6Plugin.dll
| MD5 | b1c20d2f1a70a96946af73495ab70f55 |
| SHA1 | 0385c8c2fe0c4fc6396b974638e25ebc0332e775 |
| SHA256 | 9bbf4cde5e61d5a628423c0a3e478d645b4dde687ac56721655ede03ed99da2f |
| SHA512 | 49283eb9e7220e09c8fca51879a7da713ab9151d05631cd14295781213e36be43415349c02f0039013eb517188cca768bfc22a5c789896e72bc7bbb244c2b1ad |
C:\Config.Msi\e58c531.rbs
| MD5 | 9810d857aae84985aea41a5ab76558f1 |
| SHA1 | bc78cad99207a260b2ad08bf7a659371d278cc92 |
| SHA256 | a3ad30b695dbe4d46ce37742d654f987612c70340dfbd57115d2844a380ef5a1 |
| SHA512 | 04e087cf9e4f7dd902e545d8b3d5a9cbd159ee7555c43757e7683a00fc300ddbefb12abd1c1fa43b1747cfee6c58ed605e1d82a905522dc4cefc4873f7915c36 |
C:\Users\Admin\AppData\Local\Temp\{34B0A9C4-ABFD-4A62-8826-0E43FCFB4067}\IsConfig.ini
| MD5 | 409d16bccfdec3afb8aa4f9ad8f8a191 |
| SHA1 | cb5e5c3a91dc0133b5c0ec13fd3ac433fa0fdf1c |
| SHA256 | 4167eb7dec8086085b99f10cd9f9479c71c23b09450264bd14fd2c3fd14e98da |
| SHA512 | d99f0642b684ba1b2081cbe6ce3ae58bfd3d92935821a5f534243bbeecd5b8da57d9226db52c3ee0ff8578332a36f95383f8f6e293cffff68c4bb02c989b6857 |
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\setup.inx
| MD5 | c43b124fc99e2f8dd1dfc031b880ea03 |
| SHA1 | d2eefeff1a824e179f118d45af9d9ad97122eb22 |
| SHA256 | 0b7a91562eb9b55b5ef0b9e9b21dc9cded1b803260faf9ce7dc843601d69a111 |
| SHA512 | 79ad66e3245671c460988715d3a56682cc00c08c150a5d607675e1e8cd00a6d14443d586285152011e08d61fbcae716cf4d7414ec15094029ff944264e5bed58 |
memory/2744-4279-0x0000000010000000-0x0000000010114000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\ISRT.dll
| MD5 | ac59556efcf722e2c6d494574e90cf1c |
| SHA1 | a1fc28ce3078697b7a48d064bc20b26c8e54c9e6 |
| SHA256 | 05e4939fabed71a2fd49d183046fb50506b9f585ff19375032a4dfe1cc29a243 |
| SHA512 | 7b195208780dcbecaf085efc4c5c5ce351e69de448a3c6b4473a7ae70600c9ed59806d3deca787cf75cff6d2277a3b5a4e7f0a170249f2986b6babf1a9076252 |
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\_isres_0x0409.dll
| MD5 | 503e4b3faf3f7cd6f3401c4c63b3d12a |
| SHA1 | 4bb249f9178b0c7c22824822a9c8635b57ae2e2f |
| SHA256 | 0296fab05dacd37ec7b5214130063a80efcbe4611e034354f18e44baba91d295 |
| SHA512 | e953d4486a28e398178abfdef8544024841bada2969b54c82a05c6e3a2f9e2ffe00c6892d940ae7df8aa3489d556733d8aa6ed779f62bb26eb51096338296f1c |
memory/2744-4283-0x0000000003B60000-0x0000000003D27000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{F131C5D9-D2A7-40CC-AF31-D7FDAE438D9D}\{4F1AE5B0-A88B-4B30-8413-E232DE366341}\String1033.txt
| MD5 | 05ab8f657b3ae396bb3902246772863e |
| SHA1 | 1a1a9f07d45070901cd3f9d81ef4cc774fb554c3 |
| SHA256 | 22bbcf26f39361d5d42e1b5da3af565abbcc450d2db3179d94e35f6a31dcc203 |
| SHA512 | c27a6632efe56b9f4dcd5b43a3d539361084156f85eb1e90921bcfe0aa1aae46ab2d8df1ab88ceeecd88fbcc9ebd9ea87fb8f16d4be8fdb486e3d315104c9726 |
C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\0x0411.ini
| MD5 | b807ce7552e96dc1928775956b9f422c |
| SHA1 | d25122157365130bebae6497617d28cd86e8c638 |
| SHA256 | 3f0778538202a35483c084fb0b109f693a9853f64d6452daa5c92ac75620aadc |
| SHA512 | bb06ca5784e77ceb15331c5c6a9abad27364b1c5b800f229cd7b6d955fb120cbd7879c299508b606760f714b17a4a50aba333ccf6da7fb9bcd88b50772f64f6d |
C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\_ISMSIDEL.INI
| MD5 | 884fc70d400754ba538460c6b211e553 |
| SHA1 | ae0db46703dc9645bcdf8d49d5589ce5386c766e |
| SHA256 | 9cbf8592961d0fa841551b30485cd9549d8d03aeb648a6ee4f533381947ca344 |
| SHA512 | 5082acfc398d3d610af40a587e2c1855da146163b7684a9dc0d354a66db899ff5bb5f95263259744aa15d1eaf9c1f3fb1fde7c97a7bc1c13d914660a4c3b9695 |
C:\Users\Admin\AppData\Local\Temp\{B9565075-55F3-4930-8DB8-2CB2F9A81DE8}\_ISMSIDEL.INI
| MD5 | fb01245159e726799b389b9e22b35db5 |
| SHA1 | 032f5c0485f5647e8670e30afa4abff42618a4cc |
| SHA256 | cce0bef91c50e3577e849f2d8aa925294adb6c2627a433f4421a4cf64e5b09b6 |
| SHA512 | 11fd32ce26e69c657847c007f75f6bd1bd54f3477cd74713ec081f79424d4566f6802bba9f2fc738f914398ccbaefc4ded61810ae95dc71530ef634d721d057e |